Google will be showcasing how organizations can effectively leverage large language models (LLMs) in their threat intelligence programs at the upcoming Black Hat USA 2023 conference. The session, titled “What Does an LLM-Powered Threat Intelligence Program Look Like?,” will be co-hosted by Google Cloud data scientist Ron Graf and head of Mandiant intelligence analysis John Miller. The increasing importance of artificial intelligence technologies and LLMs, such as Google PaLM and OpenAI’s ChatGPT, will be a prominent focus at this year’s Black Hat conference.

The session aims to evaluate how the integration of LLMs aligns with a framework for cyber threat intelligence (CTI) program capabilities. Additionally, it will explore how security leadership can incorporate the emergence of LLMs into their organizations’ CTI functions to meet their specific needs. This presentation underscores the growing significance of AI and generative AI-powered products in the cybersecurity industry.

LLMs and generative AI were major themes at the RSA Conference 2023, held in April. Various vendors unveiled AI-driven products and features during the conference. IBM, for instance, introduced QRadar Suite, a subscription service that utilizes AI for detecting threats. Google also launched its Google Cloud Security AI Workbench, which leverages generative AI to offer services such as breach alerts and automated threat hunting.

In a pre-briefing, Graf emphasized the importance of carefully implementing LLM-based technologies in order to achieve a return on investment. He emphasized that effectively utilizing LLMs can help organizations exploit data sources that are often overlooked. For example, LLMs can translate log and packet data into human-readable formats, simplifying the analysis process. Graf noted that LLMs are best suited for labor-intensive, text-based tasks that require less critical thinking, like basic reverse engineering reports for malware.

Due to the interpretative nature of LLMs and occasional hallucinations, organizations must exercise critical thinking and employ a framework when leveraging this technology. Graf warned against blindly trusting LLMs without human oversight, especially in critical situations where erroneous outputs could have severe consequences. He emphasized that LLMs should be considered as companions to existing workflows, where the stakes are lower. Utilizing LLMs for tasks such as reviewing log data and providing accessible answers to stakeholder queries can streamline an organization’s processing ability.

Miller stressed that the goal of their session is to demystify LLM implementation. He highlighted the importance of senior leadership understanding the potential benefits of LLMs and being able to confidently communicate their impact. Miller believes that organizations can leverage existing security resources to deliver improved security outcomes. While LLMs can enhance existing CTIs, they do not eliminate the need for human experts. Instead, LLMs can help information security professionals demonstrate a higher return on investment for their security resources.

While the cybersecurity industry has rapidly embraced LLMs and generative AI following the launch of ChatGPT, there is limited insight into the technology’s effectiveness in enhancing security functions within enterprises. In June, security experts expressed their thoughts on the rise of generative AI and LLMs, debating whether emerging products are driven by technological innovation or marketing messaging.

The presentation by Google at Black Hat USA 2023 aims to shed light on these questions and demonstrate the practical applications of LLMs in threat intelligence programs. attendees can expect to gain a deeper understanding of how LLMs can enhance cybersecurity efforts and maximize the value of existing security resources. By embracing LLMs and related technologies, organizations can stay ahead of evolving threats and bolster their overall security posture.

Source link