Generative AI can be used in a variety of applications, including image and speech recognition, natural language processing, and cybersecurity.
In the context of cybersecurity, generative AI can be used to learn from existing data or simulation agents and then generate new artifacts. For example, generative cybersecurity AI can be used to develop secure application development assistants or security operations chatbots. These applications can help organizations improve their security and risk management, optimize resources, defend against emerging attack techniques, or even reduce costs.
However, there are also risks associated with the consumption of GenAI applications. Overoptimistic GenAI announcements in the security and risk management space could drive improvements, but also lead to waste and disappointments. CISOs and security teams need to prepare for impacts from generative AI in four different areas: defending with generative cybersecurity AI, working with organizational counterparts who have active interests in GenAI, applying the AI trust, risk and security management (AI TRiSM) framework, and reinforcing methods for assessing exposure to unpredictable threats.
Some of the risks associated with the consumption of GenAI applications:
There are several risks associated with the consumption of GenAI applications. One of the risks is that the proliferation of overoptimistic GenAI announcements in the security and risk management markets could lead to waste and disappointments. The adoption of GenAI apps like LLMs from business experiments and unmanaged employee use creates new attack surfaces, endangering privacy, sensitive data, and IP. Attackers exploit GenAI for authentic content, phishing, and human impersonation at scale. Uncertainty demands flexible cybersecurity roadmaps. GenAI’s popularity invites fraud – expect counterfeit apps, plug-ins, and websites luring victims.
How can CISOs ensure that their organizations are properly securing their use of generative AI:
CISOs and their teams can take several steps to ensure that their organizations are properly securing their use of generative AI. CISOs and security teams need to prepare for impacts from generative AI in four different areas:
- Defend with generative cybersecurity AI: CISOs can receive the mandate to exploit GenAI opportunities to improve security and risk management, optimize resources, defend against emerging attack techniques, or even reduce costs. They can initiate experiments of “generative cybersecurity AI,” starting with chat assistants for security operations center (SOCs) and application security.
- Work with organizational counterparts who have active interests in GenAI: CISOs can work with counterparts in legal and compliance, and lines of business to formulate user policies, training, and guidance. This will help minimize unsanctioned uses of GenAI and reduce privacy and copyright infringement risks.
- Apply the AI trust, risk, and security management (AI TRiSM) framework: CISOs can apply this framework when developing new first-party, or consuming new third-party, applications leveraging LLMs and GenAI.
- Reinforce methods for how they assess exposure to unpredictable threats: CISOs can reinforce methods for how they assess exposure to unpredictable threats and measure changes in the efficacy of their controls, as they cannot guess if and how malicious actors might use GenAI.
By following these steps, CISOs can help ensure that their organizations are properly securing their use of generative AI and mitigating the risks associated with its consumption.
Some of the potential benefits of using generative AI in cybersecurity:
There are several potential benefits of using generative AI in cybersecurity. CISOs and security teams can receive the mandate to exploit GenAI opportunities to improve security and risk management, optimize resources, defend against emerging attack techniques, or even reduce costs. They can initiate experiments of “generative cybersecurity AI,” starting with chat assistants for security operations centers (SOCs) and application security. Additionally, generative cybersecurity AI can be used to develop secure application development assistants and security operations chatbots. These applications can help organizations improve their security and risk management, optimize resources, defend against emerging attack techniques, or even reduce costs. Furthermore, generative AI can be used to learn from existing data or simulation agents and then generate new artifacts. This can help organizations identify and respond to new and emerging threats more quickly and effectively. Finally, generative AI can be used to automate certain cybersecurity tasks, freeing up security professionals to focus on more complex and strategic activities
About FireCompass:
FireCompass is a SaaS platform for Continuous Automated Pen Testing, Red Teaming and External Attack Surface Management (EASM). FireCompass continuously indexes and monitors the deep, dark and surface webs using nation-state grade reconnaissance techniques. The platform automatically discovers an organization’s digital attack surface and launches multi-stage safe attacks, mimicking a real attacker, to help identify breach and attack paths that are otherwise missed out by conventional tools.
Feel free to get in touch with us to get a better view of your attack surface.
