An increasing number of cybersecurity vendors are integrating large-scale language model-based (LLM) tools into their products. Many people choose to use his GPT model of his OpenAI.
In March, Microsoft announced Security Copilot, powered by GPT-4, and in April, Recorded Future added new investigation capabilities using OpenAI models trained on 40,000 threat intelligence data points.
Software supply chain security provider OX Security followed in May, while security services edge (SSE) platform provider Netskope and email security developer Ironscales announced GPT-based capabilities at Infosecurity Europe in June.
Many other vendors are looking to leverage LLM as well. During Infosecurity Europe, Mayur Upadhyaya, CEO of API security provider Contxt, said: Information security His firm said it “secured an innovation grant to build a machine learning model for personal data detection using its own dataset in 2021, before the foundational model is available.” We are currently looking at how we can leverage the underlying model using this dataset. ”
Non-deterministic AI algorithms
LLM is not the first type of AI to be integrated into cybersecurity products, as many exhibitors at Infosecurity Europe are leveraging AI in their products, including Cylance AI for BlackBerry Cyber Security, Darktrace, Ironscales and Egress.
However, it is difficult to say what AI algorithms cybersecurity vendors use, and they are very likely to be deterministic.
Jack Chapman, vice president of threat intelligence at Egress, said: Information security His company used “genetic programming, behavioral analysis-based algorithms and social graphs,” he said.
Ronnen Brunner, senior vice president of international sales at Ironscales, said during a presentation at Infosecurity Europe that the company uses “a wide range of algorithms, including those powered by natural language processing (NLP).” but I haven’t used LLM yet.
According to Nicolas Ruff, Senior Software Engineer at Google, most AI algorithms used in cybersecurity are classifiers, a type of machine learning algorithm used to assign class labels to data inputs.
These and all previous machine learning models differ from LLM and other generative AI models because they operate in a closed loop and have built-in constraints.
LLM is built on a large training set. It is also designed to guess the most probable word following given prompts. These two features make them probabilistic rather than deterministic. That is, they provide the most likely answers, but not necessarily the correct ones.
Another tool in the toolbox
Current general-purpose LLMs are hallucinogenic-prone and give convincing but completely wrong answers.
talk to Information security During Infosecurity Europe, Jon France, CISO of Not-for-Profit (ISC)2, admitted that this makes current LLMs a dangerous tool for cybersecurity practices where accuracy and precision are critical.
“LLM is still useful for various security purposes, such as creating security policies that everyone can understand,” he added.
Ganesh Cherappa, Head of Support Services at ManageEngine, agrees: . Now with LLM, it’s not even a question. In order to make use of this data, we must strive to make use of them. ”
Meanwhile, Chapman argued, “it could also be useful for cybersecurity professionals as a data preprocessing tool in areas such as anomaly detection (email security, endpoint protection, etc.) and threat intelligence.”
At this stage of development, France and Chapman noted that the key thing to remember when using LLM in cybersecurity is to “think of LLM as just another tool in your toolbox, and never take on administrative tasks. What you shouldn’t do,” he claimed.
Open source LLMs
According to Chellappa, if cybersecurity companies developed their own models from open-source frameworks such as Meta’s LLaMA and Stanford University’s Alpaca and used them to train on their own datasets, hallucinogenic concerns would be largely resolved. It is said that
However, Dr. Niklas Hellemann, CEO of SoSafe, warned that the open source model cannot solve another serious problem facing LLM-based tools: model poisoning.
Model poisoning refers to a hacking technique in which an attacker injects bad data into a model’s training pool to make the model learn something it shouldn’t have learned.
“Open source models like LLaMA are already being targeted by such attacks,” Hellemann said. Information security.
