Editor’s note: This is part one of a series on generative AI in cybersecurity. Dylan Hancock contributed to this blog.
- Part two: The Intersection of Generative AI and Cybersecurity
- Part three: Building a Generative AI Strategy for SecOps
- Part four: CISO’s Guide: Six Steps to Start Adopting AI
The release of GPT-3 by OpenAI in late 2022 created a significant amount of interest about the potential of generative AI. Regardless of industry or vertical, there came predictions of how this will transform the ways we all live and work. With the subsequent release of ChatGPT, we began to see mainstream adoption of the technology, and since then interest has only continued to grow.
Here at ReliaQuest, we’ve been leveraging AI models for quite some time to help deliver world-class security outcomes to our customers. While the true potential of generative AI for security operations is still being discovered, we’ve already started leveraging generative AI for specific use cases as a part of our security operations platform. Our goal through this blog series is to introduce generative AI, discuss its benefits as it relates to security operations, and consider some of its limitations as well.
Generative AI: Creating Something New in the World of Machine Learning
Introduction to Generative AI
At its most basic level, generative AI is a sub-category of machine learning that focuses on producing new content based on the data and algorithms it has been previously trained on. It learns patterns, structures, and underlying distributions of data to generate its outputs. It performs exceptionally well with large, unlabeled data sets—limiting the need for human input via supervised learning. Unlike other forms of AI, which might be trained to predict or classify, generative AI aims to create something entirely new—images, text, and more. This flexibility means that it can be easily applied across a wide range of applications. Its limitations, however, arise primarily due to the significant computing resources required for developing new models, as well as a lack of high quality, unbiased data that is publicly available. As generative AI continues to scale, the value of this data will rise as well.
Improvements in GPT Models
With the releases of GPT3.5 and GPT-4, we saw significant improvements in their ability to reason and solve more complex problems. As adoption continued to grow, frameworks such as Langchain began appearing to further extend the model’s capabilities. This has led to an explosion in the number of projects using generative models as their foundation.
Market for Direct Access to Language AI Models
With these new developments came a market for direct access to these language AI models as a service, such as Microsoft Azure’s OpenAI service, allowing enterprises to more easily integrate these capabilities into their existing ecosystem. This has opened the floodgates for companies to build and market their own offerings. Ultimately, the value in these solutions will be dependent on the use case, workflows built, as well as the quantity and quality of proprietary data used to refine the models.
Why Generative AI ≠ ChatGPT
Different Applications of Generative AI
The release of ChatGPT made generative AI models infinitely more accessible to the public. It provided a simple, easy-to-use interface and a helpful chat agent ready to answer any question you throw its way. ChatGPT and generative AI can oftentimes be confused as they appear to be synonymous, however, ChatGPT is only one application of generative AI. There are many other models available, including LLaMA from Meta and LaMDA from Google. Each model has its own unique list of pros and cons. For example, LLaMA is relatively lightweight and can be run on an average household computer.
Development of Application-Specific Workflows
One of the primary limitations of ChatGPT is that it requires a significant amount of manual effort to build the prompts, provide the necessary context, and act on the outputs. It simply isn’t scalable. To address this hurdle, application-specific workflows can be designed to automatically pull in the right data, build the ideal prompt, and pass along the output programmatically.
Decision Trees and Institutional Knowledge in Learning Models
Through careful prompt engineering and the chaining of multiple queries together, you can design decision trees to handle a variety of complex use cases. Along the way, you can infuse institutional knowledge from within the organization. Here at ReliaQuest, we’re using these techniques—along with many others—to increase the accuracy and consistency of the outputs from our generative AI models.
The Promise of Generative AI for Cybersecurity
Generative AI’s Ability to Transform Data
Organizations have historically struggled with the immense amount of security telemetry available to them. These billions of events combine to tell many different narratives, all of which need to be extracted from the noise. Trying to unpack this data and uncover the hidden narratives can be daunting. Luckily, one of generative AI’s greatest strengths is its ability to ingest, analyze, and synthesize large amounts of data very quickly. It transforms seemingly chaotic data into actionable insights, enabling more informed decision-making. Additionally, by identifying subtle patterns and correlations that may otherwise be overlooked, generative AI can aid in the detection of advanced threats.
Assisting Newer Members of Security Teams
Another benefit of generative AI to security is its ability to assist newer members of the security team. The models & workflows can be trained with best practices specific to the organization and this in turn can help newer employees learn processes faster. As a result, the insights derived and recommendations made are particularly relevant. Additionally, the interactive nature of generative AI allows for a dialogue to take place, allowing analysts to validate the output and make refinements as needed.
What’s Next
Generative AI holds immense potential for the future of cybersecurity. By harnessing its ability to process and analyze vast amounts of data, it’s capable of transforming how we detect, investigate, and respond to cyber threats. Stay tuned for the next installment in our blog series, where we delve deeper into specific use cases and applications for generative AI within cybersecurity.