What does generative AI mean in the context of cybersecurity?

I have already written about the adversarial impact of generative AI, so what about the impact on defenders? How can generative AI underline the security in cybersecurity? In this post, I will go over how this technology can have a real-world impact on CISOs and their teams today. 

Threat Detection and Response

The first area that comes to most people’s minds in the industry is one where ‘traditional’ AI has been having an impact for many years already. Generative AI brings new possibilities to the Threat Detection and Response (TDR) space. 

Some of these new models like Variational Autoencoders (VAEs) are effective at describing normal system behavior. Once trained, these models can flag data that deviates from the expected, highlighting malicious activity.

These methods can then also be used to create highly tailored and specific security rules for intrusion detection and prevention systems. 

Additionally, generative AI vastly boosts the efficacy of automated penetration testing methods, further strengthening defenses by highlighting vulnerabilities that might otherwise have been missed.  

Data and Network Management

Managing and interpreting large sets of structured and unstructured data sounds like a perfect task for AI, and it is. We expect to see generative AI helping to design or rejig network topologies at a level of complexity beyond that of human analysts. 

The technology is also perfect for labeling and categorizing data with minimal human input, we are already using generative AI models to help manage and maintain asset inventories in a near-automated fashion. 

On the cryptography front, prompts can be employed to verify that robust password practices are in place that are superior to using rules-based systems like “must include at least one number or special character”, while still upholding privacy principles. 

Even with the best practices, one must be prepared for the worst, a breach. Operators can use generative AI to produce very real looking fake datasets, to be used either as decoys or canary-in-a-coal-mine type devices. 

Automation and Operator Assistance

Generative AI can speed up and improve a wide range of cyber operator tasks, up and down the seniority chain. In an area where teams struggle to find the right expertise, gaining operational leverage is key. 

Here, chatbots can power initial incident response processes, since they are instant and available 24/7. They can take the lead in writing up incident reports allowing teams to focus on, let’s face it, more interesting tasks. 

Going further, models using generative techniques can predict the evolution of ongoing attacks and generate recommendations for appropriate countermeasures in real time. 

Back to the mundane, for organizations that may not have established robust cybersecurity policies, or kept existing policies up to date, generative AI can aid in creating initial drafts or suggestions based on industry best practices and the specific needs and risk profile of the company.

Another area where content constantly needs to be created and updated is Security Awareness Training. Here, GenAI can learn from end-user communications to create more realistic training scenarios in a continuous and timely manner, tailored to the organization’s threat landscape as well as the user’s specific day-to-day. This boosts both the quality and the resonance of training materials. 

As a booster to training efforts, AI-assisted content verification is also having an impact on both operators and end-users by analyzing emails and content before humans, models can help spot phishing attempts and deepfakes, warning or shielding the user. Generative Adversarial Network (GAN) models are particularly effective at ‘understanding’ content designated for human consumption. 

Training, Research and Innovation

We touched upon the cyber labor shortage already, one way to alleviate it is through better, faster training programs both to speed up the candidate pipeline but also to upskill the existing pool. Generative AI has a huge role to play in this arena. 

By creating enhanced simulations, Generative AI can assist both red and blue teams in devising new and unique attack scenarios, adding dynamism (and realism) to training sessions. 

Models can also be used in a defensive manner where one AI is trained to attack, and another is trained to defend, iteratively improving both models, leading to more robust defense mechanisms and potentially innovative methods for human operators. This will speed up hypothesizing new types of attacks or the studying of emergent cyber threats, allowing professionals to anticipate and prepare for novel challenges or even predict future ones. 

Pressing the Advantage 

As an AI-native company, that is a company born in the era where generative AI really came into its own, we are constantly thinking about how GenAI can help stack the odds in favor of cyber defenders. Although this list is not exhaustive, it does serve to show that the possibilities are vast, and the opportunities plenty. 

Fast, cheap and performant AI, of the type made possible by part generative pre-trained transformers (GPTs), is a game changer for builders everywhere. In cyberdefense it comes at a time of urgency, where defenders cannot help but feel overwhelmed by the magnitude of their challenge – this technological revolution but the initiative back on our side, let’s press the advantage.


Nadim Lahoud

7 Aug. 2023




Recent Posts


The best tools to protect yourself from SubdoMailing

Francesca Rünger-Field

In late February 2024, ‘SubdoMailing’ became a trending search term overnight. Research by Guardio Labs uncovered a massive-scale phishing campaign that had been going on since at least 2022. At the time of reporting, the campaign had sent 5 million emails a day from more than 8,000 compromised domains and 13,000 subdomains with several…

Read more
Product Release

Red Sift’s Spring 2024 Quarterly Product Release

Francesca Rünger-Field

This early into 2024, the cybersecurity space is already buzzing with activity. Emerging standards, such as Google and Yahoo’s bulk sender requirements, mark a new era of compliance for businesses reliant on email communication. At the same time, the prevalence of sophisticated cyber threats, such as the SubdoMailing campaign, emphasizes the continual hurdles posed…

Read more

Navigating the “SubdoMailing” attack: How Red Sift proactively identified and remediated a…

Rebecca Warren

In the world of cybersecurity, a new threat has emerged. Known as “SubdoMailing,” this new attack cunningly bypasses some of the safeguards that DMARC sets up to protect email integrity.  In this blog we will focus on how the strategic investments we have made at Red Sift allowed us to discover and protect against…

Read more

Where are we now? One month of Google and Yahoo’s new requirements…

Rebecca Warren

As of March 1, 2024, we are one month into Google and Yahoo’s new requirements for bulk senders. Before these requirements went live, we used Red Sift’s BIMI Radar to understand global readiness, and the picture wasn’t pretty.  At the end of January 2024, one-third of global enterprises were bound to fail the new…

Read more