I have already written about the adversarial impact of generative AI, so what about the impact on defenders? How can generative AI underline the security in cybersecurity? In this post, I will go over how this technology can have a real-world impact on CISOs and their teams today.
Threat Detection and Response
The first area that comes to most people’s minds in the industry is one where ‘traditional’ AI has been having an impact for many years already. Generative AI brings new possibilities to the Threat Detection and Response (TDR) space.
Some of these new models like Variational Autoencoders (VAEs) are effective at describing normal system behavior. Once trained, these models can flag data that deviates from the expected, highlighting malicious activity.
These methods can then also be used to create highly tailored and specific security rules for intrusion detection and prevention systems.
Additionally, generative AI vastly boosts the efficacy of automated penetration testing methods, further strengthening defenses by highlighting vulnerabilities that might otherwise have been missed.
Data and Network Management
Managing and interpreting large sets of structured and unstructured data sounds like a perfect task for AI, and it is. We expect to see generative AI helping to design or rejig network topologies at a level of complexity beyond that of human analysts.
The technology is also perfect for labeling and categorizing data with minimal human input, we are already using generative AI models to help manage and maintain asset inventories in a near-automated fashion.
On the cryptography front, prompts can be employed to verify that robust password practices are in place that are superior to using rules-based systems like “must include at least one number or special character”, while still upholding privacy principles.
Even with the best practices, one must be prepared for the worst, a breach. Operators can use generative AI to produce very real looking fake datasets, to be used either as decoys or canary-in-a-coal-mine type devices.
Automation and Operator Assistance
Generative AI can speed up and improve a wide range of cyber operator tasks, up and down the seniority chain. In an area where teams struggle to find the right expertise, gaining operational leverage is key.
Here, chatbots can power initial incident response processes, since they are instant and available 24/7. They can take the lead in writing up incident reports allowing teams to focus on, let’s face it, more interesting tasks.
Going further, models using generative techniques can predict the evolution of ongoing attacks and generate recommendations for appropriate countermeasures in real time.
Back to the mundane, for organizations that may not have established robust cybersecurity policies, or kept existing policies up to date, generative AI can aid in creating initial drafts or suggestions based on industry best practices and the specific needs and risk profile of the company.
Another area where content constantly needs to be created and updated is Security Awareness Training. Here, GenAI can learn from end-user communications to create more realistic training scenarios in a continuous and timely manner, tailored to the organization’s threat landscape as well as the user’s specific day-to-day. This boosts both the quality and the resonance of training materials.
As a booster to training efforts, AI-assisted content verification is also having an impact on both operators and end-users by analyzing emails and content before humans, models can help spot phishing attempts and deepfakes, warning or shielding the user. Generative Adversarial Network (GAN) models are particularly effective at ‘understanding’ content designated for human consumption.
Training, Research and Innovation
We touched upon the cyber labor shortage already, one way to alleviate it is through better, faster training programs both to speed up the candidate pipeline but also to upskill the existing pool. Generative AI has a huge role to play in this arena.
By creating enhanced simulations, Generative AI can assist both red and blue teams in devising new and unique attack scenarios, adding dynamism (and realism) to training sessions.
Models can also be used in a defensive manner where one AI is trained to attack, and another is trained to defend, iteratively improving both models, leading to more robust defense mechanisms and potentially innovative methods for human operators. This will speed up hypothesizing new types of attacks or the studying of emergent cyber threats, allowing professionals to anticipate and prepare for novel challenges or even predict future ones.
Pressing the Advantage
As an AI-native company, that is a company born in the era where generative AI really came into its own, we are constantly thinking about how GenAI can help stack the odds in favor of cyber defenders. Although this list is not exhaustive, it does serve to show that the possibilities are vast, and the opportunities plenty.
Fast, cheap and performant AI, of the type made possible by part generative pre-trained transformers (GPTs), is a game changer for builders everywhere. In cyberdefense it comes at a time of urgency, where defenders cannot help but feel overwhelmed by the magnitude of their challenge – this technological revolution but the initiative back on our side, let’s press the advantage.
