Given the hallucinations and other unexpected behavior, can GenAI be used safely for cybersecurity? Here are some factors to consider.
The arrival of generative (GenAI) and its seemingly endless possibilities also came with a myriad of sophisticated threats.
Given the potential risks, many organizations are stuck on the question: to implement or not to implement GenAI?
To answer that question, we need to look at multiple factors.
GenAI risks in cybersecurity applications
One of the challenges of using GenAI for cybersecurity is the possibility of hallucinations. How can practitioners trust that the outputs generated by the AI are factual and relevant? Retrieval-augmented Generation (RAG) is one solution. Added context can lead to fewer errors. However, even this is not a perfect solution.
A human still needs to ask the right questions. Though GenAI promises to help alleviate IT skills gaps and personnel shortages, people cannot be removed from the loop. A fully functioning threat detection, investigation, and response process must already exist for GenAI to supplement it. AI is not a stand-in for a security operations center — it is an assistant and an accelerant.
The skill shortage cyber vulnerability
The number of cybersecurity professionals just cannot keep up with the increasing demand for their skills, and the reasons for the shortage are layered. Cybersecurity professionals are seeing more complex workloads, smaller teams, and lower budgets, combined with an increasingly dangerous threat landscape and complicated regulatory and compliance protocols.
Smaller budgets can significantly impact the ability of teams to bring on new entrants to cybersecurity and build their organizational pipeline. Additionally, to get into cybersecurity, there is a misperception that practitioners need to have a technical background, when that is not always the case. This discourages people who come from diverse and non-traditional backgrounds that may make top-notch security analysts.
This then begs the question of how organizations can bridge the labor gap alongside an ever-changing threat landscape. By empowering IT teams with access to technical knowledge and capabilities through GenAI, a wider range of professionals are suddenly able to take on cybersecurity roles.
GenAI in cybersecurity
With GenAI, organizations can help bridge the gap of the labor shortage while facing an evolving threat landscape. Combining its data processing capabilities with proprietary data served up by a powerful search engine through RAG, organizations no longer need specific domain knowledge to perform certain business-critical tasks. Also:
- In modern distributed environments, data volumes continue to expand. Therefore, the lack of cross-stream visibility is the biggest challenge facing security professionals. While a unified data platform is vital to address this challenge, GenAI combined with search technology changes the way that IT, cybersecurity, and business users interact with their data across channels.
- GenAI brings conversational search capabilities to organizations. In a security context, this capability can help improve visibility of data, analytics, and response speeds. Whether automated for background analytics or used as a searchable knowledge repository, GenAI enhanced with proprietary data is a powerful tool for a variety of security use cases.
- By making advanced analytics accessible to junior analysts through natural language processing, GenAI can serve as a force multiplier for existing cybersecurity teams. The burden of threat analysis on leaner cybersecurity teams is then reduced. Moreover, GenAI can significantly improve the detection of anomalous behavior within processes, going beyond single-user or device analysis. Its predictive capabilities can proactively identify potential security vulnerabilities before human experts are even aware of the threats, and automated reporting ensures that such valuable insights can be leveraged for future learning and improvement.
- Security professionals assisted by GenAI can pull up relevant information, best practices, and recommended actions for any incident, reducing their time-to-response and resolution capabilities.
So, whether an organization decides to implement GenAI in its cybersecurity teams, the factors listed above can be a guide for consideration.
If properly implemented and used by cybersecurity professionals responsibly, GenAI has the power to counter the attack advantage of malicious actors.
