Since ChatGPT first appeared in the headlines late last year, there has been a considerable amount of concern about its ability to make exploits even easier for criminals.
“I think the risk is it could help criminals more at scale,” said Chester Wisniewski, field chief technology officer at Sophos. “The technology could help with better quality phishing messages, for example.”
But while the technology may help hackers in some ways, research from Sophos finds that AI may also be a great thing for defenders. In fact, generative AI may be able to help security teams more than hinder them.
Using AI as a security assistant
Sophos researchers have proven that, with technology like GPT-3, certain labor-intensive processes can be simplified and give back valuable time to defenders. In their research, they used a natural language query interface that allows a security analyst to filter data collected by security tools for malicious activity by entering queries in plain text English.
This could be a game changer for security teams dealing with massive amounts of noise in the form of alerts and notifications daily. Add to that an ongoing talent gap, and a lack of human resources to deal with this constant influx of alerts, and trying to stay on top of the threat landscape.
“In our lab we get probably half a million malicious files a day that come in,” said Wisniewski. “But obviously we don’t have half a million analysts to look at all of them. So which ones do we need to look at? And that was a pretty hard problem in the past; figuring out which files are worthy of human attention. If tools like artificial intelligence are available to our analysts to discern which alerts are actually worth further investigation, it can cut down on countless hours of human labor dedicated to this task.”
Another example Wisniewski points to is when software makers release fixes for vulnerabilities. AI can expediate the process of figuring out what needs to be addressed in the Security Operations Center (SOC).
“If you’re in a SOC and hear about a new vulnerability, you can use the technology to know which of your devices require fixes,” he said. “These kinds of capabilities could really accelerate the ability for already overstressed humans in SOCs and research labs to be more effective.”
Sophos is already working on incorporating some of the prototypes into their products and have made the results of recent efforts available on GitHub. To learn more about how GPT-3 can be used to assist defenders, read “GPT for You and Me: Applying AI Language Processing to Cyber Defenses.”
