What does generative AI mean in the context of cybersecurity?

I have already written about the adversarial impact of generative AI, so what about the impact on defenders? How can generative AI underline the security in cybersecurity? In this post, I will go over how this technology can have a real-world impact on CISOs and their teams today. 

Threat Detection and Response

The first area that comes to most people’s minds in the industry is one where ‘traditional’ AI has been having an impact for many years already. Generative AI brings new possibilities to the Threat Detection and Response (TDR) space. 

Some of these new models like Variational Autoencoders (VAEs) are effective at describing normal system behavior. Once trained, these models can flag data that deviates from the expected, highlighting malicious activity.

These methods can then also be used to create highly tailored and specific security rules for intrusion detection and prevention systems. 

Additionally, generative AI vastly boosts the efficacy of automated penetration testing methods, further strengthening defenses by highlighting vulnerabilities that might otherwise have been missed.  

Data and Network Management

Managing and interpreting large sets of structured and unstructured data sounds like a perfect task for AI, and it is. We expect to see generative AI helping to design or rejig network topologies at a level of complexity beyond that of human analysts. 

The technology is also perfect for labeling and categorizing data with minimal human input, we are already using generative AI models to help manage and maintain asset inventories in a near-automated fashion. 

On the cryptography front, prompts can be employed to verify that robust password practices are in place that are superior to using rules-based systems like “must include at least one number or special character”, while still upholding privacy principles. 

Even with the best practices, one must be prepared for the worst, a breach. Operators can use generative AI to produce very real looking fake datasets, to be used either as decoys or canary-in-a-coal-mine type devices. 

Automation and Operator Assistance

Generative AI can speed up and improve a wide range of cyber operator tasks, up and down the seniority chain. In an area where teams struggle to find the right expertise, gaining operational leverage is key. 

Here, chatbots can power initial incident response processes, since they are instant and available 24/7. They can take the lead in writing up incident reports allowing teams to focus on, let’s face it, more interesting tasks. 

Going further, models using generative techniques can predict the evolution of ongoing attacks and generate recommendations for appropriate countermeasures in real time. 

Back to the mundane, for organizations that may not have established robust cybersecurity policies, or kept existing policies up to date, generative AI can aid in creating initial drafts or suggestions based on industry best practices and the specific needs and risk profile of the company.

Another area where content constantly needs to be created and updated is Security Awareness Training. Here, GenAI can learn from end-user communications to create more realistic training scenarios in a continuous and timely manner, tailored to the organization’s threat landscape as well as the user’s specific day-to-day. This boosts both the quality and the resonance of training materials. 

As a booster to training efforts, AI-assisted content verification is also having an impact on both operators and end-users by analyzing emails and content before humans, models can help spot phishing attempts and deepfakes, warning or shielding the user. Generative Adversarial Network (GAN) models are particularly effective at ‘understanding’ content designated for human consumption. 

Training, Research and Innovation

We touched upon the cyber labor shortage already, one way to alleviate it is through better, faster training programs both to speed up the candidate pipeline but also to upskill the existing pool. Generative AI has a huge role to play in this arena. 

By creating enhanced simulations, Generative AI can assist both red and blue teams in devising new and unique attack scenarios, adding dynamism (and realism) to training sessions. 

Models can also be used in a defensive manner where one AI is trained to attack, and another is trained to defend, iteratively improving both models, leading to more robust defense mechanisms and potentially innovative methods for human operators. This will speed up hypothesizing new types of attacks or the studying of emergent cyber threats, allowing professionals to anticipate and prepare for novel challenges or even predict future ones. 

Pressing the Advantage 

As an AI-native company, that is a company born in the era where generative AI really came into its own, we are constantly thinking about how GenAI can help stack the odds in favor of cyber defenders. Although this list is not exhaustive, it does serve to show that the possibilities are vast, and the opportunities plenty. 

Fast, cheap and performant AI, of the type made possible by part generative pre-trained transformers (GPTs), is a game changer for builders everywhere. In cyberdefense it comes at a time of urgency, where defenders cannot help but feel overwhelmed by the magnitude of their challenge – this technological revolution but the initiative back on our side, let’s press the advantage.


Nadim Lahoud

7 Aug. 2023




Recent Posts


Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more

Navigating the Information Security Landscape: ISO 27001 vs. SOC 2

Red Sift

As cyber threats evolve, so do the standards and frameworks designed to combat them. Two of the most recognized standards in information security are ISO 27001 and SOC 2. What sets them apart, and which one is right for your organization? Let’s delve into the key differences. Purpose and Scope: Global Framework vs. Client-Centric…

Read more

G2 Summer 2024 Report: Red Sift OnDMARC’s Winning Streak Continues

Francesca Rünger-Field

We’re delighted to announce that Red Sift OnDMARC has again been named a Leader in G2’s DMARC category for Summer 2024. This recognition is based on our high Customer Satisfaction scores and strong market presence. Red Sift appeared in 11 reports – 5 new ones since Spring 2024! – earning 5 badges: A few…

Read more

Google will no longer trust Entrust certificates from October 2024

Red Sift

Tl;dr: Google has announced that as of October 31, 2024, Chrome will no longer trust certificates signed by Entrust root certificates. While there is no immediate impact on existing certificates or those issued before 31st October 2024, organizations should start reviewing their estate now. On Thursday 27th June 2024, Google announced that it had…

Read more

Understanding the polyfill.io domain attack

Francesca Rünger-Field

tl;dr: The recent compromise of the polyfill.io domain has triggered a broad-reaching web supply chain attack, impacting over 100,000 websites across various sectors including finance, healthcare, non-profits, academia, and more. To ensure the security of your website, we strongly advise you immediately remove any reference to polyfill.io. Latest update: 27th June 2024 Sansec, a…

Read more