New Era of Access: Generative AI's Democratizing Influence

Generative AI (GenAI) is a transformational technology that both unlocks greater speed and value for security teams and expands their arsenal in the fight against modern adversaries.   

However, security teams aren’t the only ones using GenAI. We’ve already seen examples of how technology is also lowering the barrier for threat actors to conduct sophisticated and scalable attacks, from deep fakes to high-fidelity phishing emails. While GenAI holds great promise for enhancing defences, it also introduces risks that organizations should be aware of. 

Understanding GenAI 

GenAI is a branch of artificial intelligence that focuses on generating new output or actions by learning patterns from vast training datasets. At a high level, this involves a few key steps: a model is trained on a massively large dataset, the model learns and understands the underlying patterns and structures within that data, and the generative process enables the creation of new data (such as text, images, video and audio) that mimics these learned patterns and structures.  

This technology enables a variety of incredibly helpful use cases for security teams - such as data retrieval and analysis, workflow automation, content generation and summarization - across a growing number of applications. It can assist threat hunters with data retrieval for ongoing investigations, make recommendations, and provide real-time insights and assistance in workflows such as vulnerability management or incident triage and response.  

Accelerating Threat Detection and Response

GenAI is the ultimate force multiplier for overworked security teams, automating repetitive and tedious tasks like data collection, extraction and basic threat search and detection while making it easier to perform more advanced security actions. Organizations can use this technology to automate detection and response actions at scale, across the entire enterprise or a specific subset of endpoints. It can uplevel analysts of every skill level through conversational AI and empower analysts to use the power of every API at their disposal for detection, investigation or response workflows in simple natural language without needing to write a single line of code.  

Notably, GenAI holds the potential to revolutionize cybersecurity operations by significantly enhancing threat detection and response capabilities. Since these models can rapidly analyze huge volumes of data and generate explanations, they offer invaluable support to threat analysts. Generative systems can churn through alerts and historical incidents to uncover patterns and key points of interest, allowing analysts to focus on more complex investigations. 

Generative tools also streamline the synthesis of essential cybersecurity documentation, such as threat intelligence reports and incident summaries, enabling teams to conduct traditionally time-intensive, tedious data analysis with greater speed and precision. For example, security analysts can pose a challenge to the GenAI agent, and the system will resolve it based on the documentation available to it, eliminating the need for the analyst to dig through thousands of pages of manuals themselves. GenAI can also be used to create natural-language summaries of incidents and threat assessments, further accelerating and multiplying team output.   

Overall, the integration of AI-powered automation into cybersecurity operations enhances the efficiency and effectiveness of security teams, complementing human expertise and serving as a formidable defence mechanism against cyberattacks. 

The Risks of Malicious Use 

In the wrong hands, GenAI poses significant concerns, as cybercriminals can exploit these tools to amplify both the sophistication and scale of attacks. Because GenAI can grasp the subtleties of diverse languages, dialects and even colloquialisms from extensive datasets, it can create highly convincing written (or spoken) communication. Threat actors can use this to blur the lines between authentic and fraudulent messages more effectively than ever.  

Beyond text-based threats, the latest improvements in text-to-video and text-to-audio GenAI tools raise concerns around the proliferation of misinformation through deepfakes. These tools enable the creation of video and audio content with unprecedented ease, potentially fueling misinformation campaigns, particularly in regions where misinformation remains rampant. Recent incidents, such as the manipulation of video content during Taiwan's presidential election, underscore the potential misuse of GenAI to influence public opinion. 

Concerning organizations, this deepfake technology can be used to target employees with sophisticated attacks that impersonate trusted figures and trick victims into sharing large amounts of company funds or sensitive data. Many organizations have established protections against traditional business email compromise, where threat actors send phishing messages purporting to be a trusted individual, like an executive or supply chain vendor representative, in pursuit of money or data. Organizations now need to adjust their threat modeling and security awareness initiatives to protect against GenAI-enabled video and audio spoofing.  

India, like other nations, faces threats from cyber adversaries leveraging GenAI. The CrowdStrike 2024 Global Threat Report outlines instances of China-nexus information operations leveraging GenAI-produced images on prominent social media platforms. This underscores the emergence of a cyber arms race fueled by AI’s amplification of impact for both security professionals and adversaries.  

Throughout 2023, Chinese state-sponsored adversaries utilized stealth and scale to conduct cyberespionage at a variety of victim organizations. Sophisticated nation-state actors could potentially automate entire hacking campaigns using AI, automatically producing tailored malware variants, exploits, reconnaissance content and infrastructure. And while I haven’t observed this yet in the wild, I anticipate that it is, in fact, on the horizon. 

The Path Ahead  

GenAI brings incredible potential to the world. But it’s critical this technology is built responsibly with an adversarial mindset, knowing that threat actors will look to exploit it for their own use. Prioritizing accuracy, security and oversight during the development process of these tools is crucial to prevent misuse. Monitoring deployments for potentially harmful applications enables proactive policy interventions to prevent irreparable damage.   

As the cybersecurity landscape evolves, organizations must remain vigilant and proactive in addressing emerging threats. To protect against GenAI-generated attacks, organizations must prioritize cybersecurity best practices, including identity protection, cloud-native application protection and enhanced visibility across enterprise risks.  

GenAI assistants can be a hugely helpful force multiplier for security teams. Our own efforts in delivering generative AI technology to customers have shown it can turn hours of work into minutes or seconds and minimize investigation and response time, making security teams faster, better and smarter. 

By embracing informed governance and fostering responsible innovation, we can create generative tools that empower defenders and effectively thwart adversaries. With prudent navigation, the era of AI-driven security holds vast potential for advancement, promising a landscape of expanded possibilities.