‘Teenage’ AI not sufficient for cyberthreat intelligence

Digital Safety, Ransomware, Cybercrime

Present LLMs are simply not mature sufficient for high-level duties

Black Hat 2023: ‘Teenage’ AI not enough for cyberthreat intelligence

Point out the time period ‘cyberthreat intelligence’ (CTI) to cybersecurity groups of medium to giant corporations and the phrases ‘we are starting to investigate the opportunity’ is commonly the response. These are the identical corporations that could be affected by a scarcity of skilled, high quality cybersecurity professionals.

At Black Hat this week, two members of the Google Cloud crew offered on how the capabilities of Massive Language Fashions (LLM), like GPT-4 and PalM might play a job in cybersecurity, particularly inside the subject of CTI, doubtlessly resolving a number of the resourcing points. This may increasingly appear to be addressing a future idea for a lot of cybersecurity groups as they’re nonetheless within the exploration part of implementing a risk intelligence program; on the identical time, it could additionally resolve a part of the useful resource difficulty.

Associated: A first look at threat intelligence and threat hunting tools

The core components of risk intelligence

There are three core components {that a} risk intelligence program wants to be able to succeed: risk visibility, processing functionality, and interpretation functionality. The potential influence of utilizing an LLM is that it may well considerably help within the processing and interpretation, for instance, it might enable further information, comparable to log information, to be analyzed the place on account of quantity it could in any other case should be missed. The power to then automate output to reply questions from the enterprise removes a major process from the cybersecurity crew.

The presentation solicited the concept that LLM know-how will not be appropriate in each case and prompt it ought to be centered on duties that require much less essential considering and the place there are giant volumes of information concerned, leaving the duties that require extra essential considering firmly within the fingers of human specialists. An instance used was within the case the place paperwork might must be translated for the needs of attribution, an vital level as inaccuracy in attribution might trigger important issues for the enterprise.

As with different duties that cybersecurity groups are chargeable for, automation ought to be used, at current, for the decrease precedence and least essential duties. This isn’t a mirrored image of the underlying know-how however extra a press release of the place LLM know-how is in its evolution. It was clear from the presentation that the know-how has a spot within the CTI workflow however at this time limit can’t be totally trusted to return right outcomes, and in additional essential circumstances a false or inaccurate response might trigger a major difficulty. This appears to be a consensus in the usage of LLM usually; there are quite a few examples the place the generated output is somewhat questionable. A keynote presenter at Black Hat termed it completely, describing AI, in its current kind, as “like a teenager, it makes things up, it lies, and makes mistakes”.

Associated: Will ChatGPT start writing killer malware?

The longer term?

I’m sure that in just some years’ time, we might be handing off duties to AI that can automate a number of the decision-making, for instance, altering firewall guidelines, prioritizing and patching vulnerabilities, automating the disabling of techniques on account of a risk, and such like. For now, although we have to depend on the experience of people to make these choices, and it is crucial that groups don’t rush forward and implement know-how that’s in its infancy into such essential roles as cybersecurity decision-making.

Date: 2023-08-12 11:12:16

Source link



Related articles

Alina A, Toronto
Alina A, Torontohttp://alinaa-cybersecurity.com
Alina A, an UofT graduate & Google Certified Cyber Security analyst, currently based in Toronto, Canada. She is passionate for Research and to write about Cyber-security related issues, trends and concerns in an emerging digital world.


Please enter your comment!
Please enter your name here