The popularity of ChatGPT as a language model (LLM) in recent months has sparked an interest in generative artificial intelligence (AI), including in the cybersecurity space. Developed and published by research firm OpenAI, ChatGPT utilizes massive amounts of training data to generate text content. The product’s integration with Microsoft’s Bing search engine, following the tech giant’s investment into OpenAI, has further boosted its popularity.
Generative AI broadly refers to a branch of AI that uses models to create content such as audio, images, or text. The proliferation of AI-powered products in recent months appears to emphasize the growing importance of generative AI. At RSA Conference 2023 in April, generative AI was the unofficial theme, as many vendors presented AI-powered offerings. However, experts are divided on whether the current moment in cybersecurity is due to marketing hype or genuine technological advancements.
The potential applications for generative AI in cybersecurity are numerous, as ChatGPT itself has demonstrated. For instance, it can assist with security policy and awareness training, vulnerability assessments, threat hunting, and intelligence analysis. However, experts warn that while generative AI can provide valuable assistance to cybersecurity professionals, they should verify its accuracy using reliable sources and their expertise.
While generative AI appears to be finding its place in the automation of processes, it’s not intended to replace humans. Some experts view generative AI as iterative advancements towards enhancing human capabilities. As such, it is important that security leaders come out to express their confidence in AI to help organizations use these emerging tools with more confidence.
The momentum behind generative AI appears to reflect an acceptance of AI’s place within the enterprise. However, some warn that vendors should be working towards AI security now, rather than wait and see, as it’s only a matter of time until the technology takes hold of the industry. While the potential applications for generative AI appear promising, CISOs must put in place relevant guardrails to ensure AI governance, policy enforcement, and monitoring.
Overall, generative AI is still in an experimental phase, and while several solutions involving the technology have launched in recent months, it’s unclear how effective it will be. Nevertheless, as cybersecurity threats evolve, the potential of AI in the field remains a powerful tool for detecting and mitigating those threats.