Opinion: Harnessing LLMs for cybersecurity professionals

Opinion: Harnessing LLMs for cybersecurity professionals

By Julien Provenzano, CEO and co-founder of RALFKAIROS
Apr. 19, 2023 9:06PM GMT+9

The emergence of large language models (LLMs) has piqued the curiosity of cybersecurity experts, who are delving into how these potent tools can fortify their security strategies. As the CEO of RALFKAIROS, I have been keeping a watchful eye on the digital landscape and the escalating importance of cybersecurity. The advent of large language models and their potential applications have motivated cybersecurity experts to investigate how they can incorporate LLMs into their arsenal.

The debut of ChatGPT in late 2022 has put LLMs and artificial intelligence (AI) chatbots in the spotlight, sparking a swift surge in consumer usage and spurring competitors to launch or expedite their own services. ChatGPT is an AI text chatbot developed by OpenAI, built upon the GPT-3 language model launched in 2020 and now advancing to GPT-4.

The underlying LLM technology, which employs deep learning to produce text that mimics human language, has been under development for a significant period of time. It utilizes gigabytes of text to analyze the connections between different words and establish a probability model. ChatGPT empowers users to communicate with LLMs by providing a prompt, similar to how users interact with chatbots, resulting in an answer created using the relationships between the words in its model. Other noteworthy LLMs include Google’s Bard and Meta’s LLaMa.

The advanced natural language processing capabilities of LLMs have the potential to impact various areas of expertise, including blue team, offensive security, GRC, malware, and more. Over 400 professionals have joined me in a WhatsApp group to discuss the impact of ChatGPT on cybersecurity. Discussions among our group members have prompted me to consider the benefits and limitations of using LLMs in the cybersecurity field, offering a thorough analysis to aid professionals in making informed decisions.

◇ Enhanced threat detection and analysis: LLMs possess the ability to rapidly and efficiently process large datasets, enabling cybersecurity professionals to pinpoint potential threats and vulnerabilities with greater precision. By deciphering intricate patterns and connections, LLMs can assist experts in staying ahead of emerging cyber risks. For instance, Patrick Ventuzelo of Fuzzing Labs discovered 0-day vulnerabilities in snippets of code using LLMs.

◇ Efficient incident management: When it comes to addressing cybersecurity breaches, prompt and effective responses are critical. LLMs can expedite this process by automating incident management tasks, such as alert prioritization and action recommendations. This frees up professionals to concentrate on more pressing aspects of the situation, allowing for faster response times.

◇ Advanced phishing detection and countermeasures: Phishing attacks continue to be a significant threat in the cybersecurity landscape. However, LLMs can help mitigate this issue by precisely identifying and analyzing phishing emails, detecting subtle indicators of malicious intent, and assisting professionals in implementing more robust prevention strategies.

While using LLMs in cybersecurity can provide significant benefits, there are also limitations and drawbacks to consider.

◇ Bias or misinformation: One of the potential drawbacks of using an AI language model like GPT is the risk of amplifying biases if the model has been trained on biased data. This could lead to discrimination or other harmful consequences in its outputs.

◇ Manipulation and criminality: Language models like ChatGPT also present a risk for generating misleading or false information, which could be exploited for malicious purposes, such as scams or misinformation campaigns. Additionally, without proper safeguards and regulations, LLMs could even be used to create malware code and perpetrate phishing attacks.

◇ Ethical and privacy issues: As LLMs continue to improve their ability to analyze and interpret data, cybersecurity professionals are grappling with ethical and privacy concerns. Misuse of sensitive information and unauthorized communication monitoring are becoming significant issues that require immediate attention when deploying LLMs. Recently, a Samsung Semiconductor employee submitted proprietary program source code to ChatGPT for error-fixing purposes, inadvertently disclosing the code of a top-secret application to an external artificial intelligence run by another company.

◇ Overdependence on LLMs: Although AI language models can be a significant asset in various aspects of cybersecurity, professionals must be cautious about over-relying on them. If cybersecurity professionals become too dependent on LLMs, it may diminish their critical thinking and problem-solving skills, which are essential to effectively addressing emerging cyber threats. Balancing the use of LLMs with human expertise is crucial to ensure long-term success in cybersecurity strategies.

In the cybersecurity training sector, the role of cyber training professors can be significantly transformed by leveraging ChatGPT and other LLMs. By adopting these AI-driven models, interactive learning experiences can be enriched and tailored to individual students’ needs, enabling faster progress with consistent support.

As AI-based professors become more prevalent in the field of cybersecurity training, they offer several advantages over their human counterparts. These AI-driven models can analyze students’ strengths and weaknesses, providing customized content and exercises for targeted improvement through personalized learning. Additionally, AI-driven educators can offer round-the-clock guidance and support to students, providing immediate feedback and real-time evaluation, allowing students to efficiently learn from their mistakes. With the ability to accommodate an unlimited number of students, AI-based professors can ensure adequate attention and support for all learners.

When students engage with AI-based professors, they benefit from individualized learning experiences with immediate answers to their inquiries. AI-driven educators can tailor their teaching methods to overcome misconceptions and ensure that students comprehend complex concepts effectively. In contrast, human professors may face issues such as limited availability, delayed feedback, and a standard teaching approach. While human educators provide valuable experience and empathy, incorporating AI-driven models such as ChatGPT can boost and supplement their efforts, leading to a more productive and efficient learning environment for cybersecurity professionals.

The integration of LLMs like ChatGPT in the cybersecurity field offers numerous advantages, including improved threat detection, streamlined incident response, and comprehensive security training. However, like any new technology, concerns surrounding security implications inevitably arise, such as generating inaccurate information, exhibiting bias, consuming extensive computational resources, and being susceptible to toxic content creation and injection attacks. However, I believe that with proper implementation and continuous research, LLMs can revolutionize the way cybersecurity professionals operate and learn.

julien@ralfkairos.comFollow the author

This article was copyedited by Nate Galletta.

About the author

Julien Provenzano is a certified professional with 18 years of experience in the field of information technology. He has worked in various roles such as system administrator, Microsoft Certified Trainer, IT architect, and information security manager for several companies, including Airbus Defense and Space. Julien has been serving as a “Best of the Best” mentor for the First Winner team of the Grand Prix at KITRI since 2022. He is a seasoned lecturer, having taught at the French Chamber of Commerce, European Chamber of Commerce, and various other organizations. He also manages a community of 26,000 cybersecurity professionals on LinkedIn. As the founder of the Finance & Industry Cybersecurity Congress Asia (FICCA), Julien annually hosts a 1-day hybrid security event to share the best security strategies with professionals in Asia. The event is conducted in both Korean and English. The 2022 edition of the event was a resounding success, featuring 11 speakers, attracting 300 participants from across Asia, and hosting a cybersecurity startup pitch contest.