Generative AI and Cybersecurity: Strengthening Both Defenses and Threats

Generative artificial intelligence has emerged as a powerful tool in cybersecurity. Rooted in large language models, the groundbreaking technology is poised to revolutionize the industry. While it faces challenges, such as the sensitive and isolated nature of security data, it also holds significant promise, particularly in defenses and threat identification.

Among cybersecurity companies using generative AI, all employ it in the initial phase of the SANS Institute’s incident response framework, known as identification. This marks the most substantial adoption in any framework’s stages, underscoring the potential of generative AI and cybersecurity. It aids analysts in swiftly identifying and assessing potential threats, facilitating the efficient filtering of incident alerts, and reducing false positives. The capabilities of generative AI in detecting and hunting threats are only expected to become more dynamic and automated over time.

Moving beyond the identification stage to containment, eradication, and recovery, generative AI adoption rates vary. Containment, the most advanced of these stages, already harnesses generative AI to provide analysts with remedy and recovery instructions based on proven tactics from past incidents. Generative AI has found its place in the lessons learned stage, automating the creation of incident response reports, which can enhance internal communication. These reports can be integrated back into the model to improve defenses. The quality of generative AI-powered incident response reports is set to improve, but human involvement is expected to remain necessary.

While generative AI holds immense promise for defenders, it also presents a double-edged sword, providing cyber attackers with similar capabilities. Less experienced malicious actors can leverage generative AI to create enticing emails and realistic deep-fake content for phishing attacks. It enables them to modify known attack codes to evade detection effectively. Hackers have started boasting about their use of generative AI, with some claiming the recreation of malware strains from research publications. These malware strains can self-evolve, producing variations virtually undetectable by existing security measures.

To effectively navigate the expanding landscape of generative AI and cybersecurity, various stakeholders must take proactive measures. Corporate leaders should acknowledge that generative AI won’t eliminate the complexities of cybersecurity. They must ensure that generative AI and cybersecurity are recurring agenda items in board and C-suite meetings. It is essential to adopt a holistic approach to cybersecurity, addressing controls and various risks comprehensively.

Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) should validate generative AI output, particularly threat-detection algorithms, with SecOps leaders. They need to train new and junior SecOps employees to work with and without generative AI to avoid dependence on it. Additionally, they should avoid reliance on a single vendor or generative AI model across the cybersecurity stack. Cybersecurity companies must recruit a diverse talent pool to integrate generative AI capabilities into products effectively. They should also safeguard against generative AI-created false information and external tampering with generative AI algorithms and models that could create vulnerabilities.

Generative AI is expected to continue rapidly advancing. It remains imperative for all stakeholders, from cybersecurity providers to enterprises, to continually update their knowledge and strategies to harness its potential and stay protected in this ever-evolving landscape.

Learn more about cybersecurity solutions from CrowdStrike here.