Could Generative AI Aid in Reinforcing Cybersecurity?
Published on 29 Aug, 2023
Generative AI has emerged as a valuable tool for bolstering defenses against ever-advancing threats. Prominent companies have embraced this technology to enhance their security measures. Leveraging the power of artificial intelligence and machine learning, generative AI systems are capable of analyzing vast amounts of data, identifying patterns, and predicting potential cyberattacks. By adopting this technology, organizations are empowered to stay one step ahead of cybercriminals, minimizing risks and protecting sensitive data.
Recently, generative AI has garnered significant interest across industries due to its extensive capabilities and scale. Although still in its early stages, this technology has immense potential to contribute to society. As technology advances and becomes more intelligent, its potential applications in Cybersecurity can be explored.
Can Generative AI be implemented to enhance cybersecurity? Indeed, it can. Several use cases can be examined to further strengthen cybersecurity efforts:
- Scanner - Generative AI can be employed to greatly enhance the scanning and filtering of security vulnerabilities. A report by the Cloud Security Alliance (CSA) demonstrated this using OpenAI's Codex API, which proved to be a powerful vulnerability scanner for programming languages like C, C#, Java, and JavaScript.
- Security framework - This technology could also assist in building rules and reversing popular add-ons based on reverse engineering frameworks such as IDA and Ghidra. By being specific in their queries about their needs and comparing them against MITRE ATT&CK tactics, users can refine the results offline and utilize them for defense, as highlighted by Matt Fulmer, Cyber Intelligence Engineering manager at Deep Instinct.
- Response time - Cybersecurity firms could enhance efficiency and expedite response times by leveraging ChatGPT and other LLMs to create threat-hunting queries, according to the Cloud Security Alliance (CSA). By generating queries for malware research and detection tools like YARA, ChatGPT helps swiftly identify and mitigate potential threats, allowing defenders to focus on critical aspects of their cybersecurity efforts.
- Phishing detection - AI models could also play a significant role in phishing detection and prevention. LLMs can analyze emails and detect phishing attempts based on the patterns they have learned, thereby preventing potential breaches.
- Cybersecurity Training - From an incident response standpoint, generative AI can be pivotal in cybersecurity training. By generating practical cybersecurity scenarios for IT teams, generative AI applications can educate employees on managing and responding to various cyber threats and stress-test their documented incident response plans and policies.
Several firms have already begun exploring AI models that can be leveraged in the cybersecurity domain. Some notable examples include:
- CrowdStrike, a leader in cloud-delivered protection of endpoints, cloud workloads, identity, and data, recently introduced 'Charlotte AI,' a new cloud-based generative AI platform focused on cybersecurity. The company trains Charlotte on massive datasets of text and code, enabling it to develop a deep understanding of real-world threats organizations face. Charlotte AI can perform various tasks, including threat identification and classification, generating new ideas and insights, and task automation.
- Thales, an internationally renowned technology and security company, has collaborated with Google Cloud to create advanced data security capabilities using generative AI technology. These capabilities greatly enhance companies' ability to identify, categorize, and safeguard their most confidential data. This joint venture is a key component of Thales' generative AI strategy, aiming to introduce innovative AI-driven functionalities and user experiences to CipherTrust, Thales' data security platform. Microsoft launched 'Security Copilot,' which integrates with its existing security product portfolio and utilizes generative AI models from OpenAI, specifically the recently launched text-generating GPT-4. The tool allows the generation of summaries and analysis of cyber-threat levels for businesses. While Microsoft did not specify how Security Copilot embodies GPT-4, they emphasized that the model was not trained on customer data, addressing a common criticism faced by language model-driven offerings.
Incorporating Generative AI in businesses
It can be opined that at the present stage of Generative AI technology, there is still ambiguity regarding the understanding and potential implications of the technology for businesses. The World Economic Forum expressed concern that businesses might be underestimating AI-related risks, with only four percent of industry leaders anticipating the risk to be categorized as 'Significant.' As previously mentioned by OpenAI, there is no guarantee of data privacy when employees provide data to ChatGPT from their companies' sensitive documents. This is precisely why Samsung recently banned the use of ChatGPT. As an external threat to businesses, Generative AI empowers cybercriminals to carry out novel forms of social engineering and phishing attacks. For example, generative AI could be utilized to influence employees by generating fake audio messages to share sensitive company information.
We believe that certain measures can be incorporated to ensure greater preparedness, if not absolute, for organizations to mitigate the potential risks posed by generative AI. To begin with, firms could appoint a Chief AI Officer responsible for creating awareness and ensuring best practices company-wide while making use of generative AI technology. Robust frameworks in collaboration with relevant organizational institutions could be implemented to maximize data security and integrity. Additionally, efforts could be made to identify and collaborate with companies already developing cutting-edge generative AI-based solutions to further enhance cybersecurity.
As technology evolves so do cyber threats and security attacks. The only solution is to try and stay a step ahead and create solutions using emerging technologies to our advantage.