eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Generative AI is an emerging form of artificial intelligence that allows users to leverage trained models to generate new content in various forms, including text, imagery, audio, and video. Nearly all businesses have used or at least considered using generative AI to support their daily operations and business workflows.
However, generative AI’s quick growth has raised cybersecurity and regulatory compliance concerns. These concerns are certainly warranted and need to be examined from all angles as companies manage their cybersecurity postures. But what many people don’t yet realize is this same technology can also supplement security management tools and teams if used strategically.
In this guide, you’ll learn about generative AI’s pros and cons for cybersecurity, how major companies are currently using this technology to bolster their cybersecurity tools, and how you can use generative AI that balances efficacy with cybersecurity and ethical best practices.
Also see: Top Generative AI Apps and Tools
Table of Contents: Generative AI Cybersecurity
- Generative AI’s Top Cybersecurity Risks
- Cybersecurity Tips and Best Practices for Using Generative AI
- How Generative AI Can Support Cybersecurity
- Top Generative AI Cybersecurity Solutions
- Bottom Line: Generative AI and Cybersecurity
Generative AI’s Top Cybersecurity Risks
Generative AI poses several potential security risks to businesses and consumers, particularly at the data level. Here are a few of the top security risks that arise when using generative AI:
Vulnerabilities During and After Model Training
Because generative AI models are trained on data that is collected from all kinds of sources — and not always in a transparent fashion — it is unknown exactly what data gets exposed to this additional attack surface.
Combined with the fact that these generative AI tools sometimes store data for extended periods of time and don’t always have the best security rules and safeguards in place, it is very possible for threat actors to access and manipulate training data at any stage of the training process.
Violation of Personal Data Privacy
There’s little to no structure in place to regulate what kinds of data users input into generative models. This means corporate users — and really anyone else — can use sensitive or personal data without adhering to regulations or getting permission from the source.
Again, with how these models are trained and how data is stored, personally identifiable information (PII) can easily get into the wrong hands and lead to anything from account takeover to credit card theft.
Also see: Best Artificial Intelligence Software 2023
Exposure of Intellectual Property
Companies, such as Samsung, have already unintentionally exposed proprietary company data to generative models in harmful ways. This exposure most often occurs when employees upload company code to the system, exposing intellectual property, API keys, and other confidential information.
Cybersecurity Jailbreaks and Workarounds
Many online forums offer “jailbreaks,” or secret ways for users to teach generative models to work against their established rules. With these jailbreaks and other workarounds, security issues have arisen.
For example, ChatGPT was recently able to trick a human into solving a CAPTCHA puzzle on its behalf. The ability to use generative AI tools to generate content in so many different, human-like ways has enabled sophisticated phishing and malware schemes that are more difficult to detect than traditional hacking attempts.
Also see: 100+ Top AI Companies 2023
Cybersecurity Tips and Best Practices for Using Generative AI
Although the risks are high when using generative AI, many of those risks can be mitigated or entirely avoided if you follow cybersecurity best practices like the following:
Closely Read Security Policies From Generative AI Vendors
After so much initial outcry about generative AI vendors’ lack of transparency in their model training and other processes, many major vendors have begun to offer extensive documentation that explains how their tools work and how user agreements work.
To best know what’s happening to your data inputs, look at your vendors’ policies on data deletion and timeframes and what information they use to train their models. It’s also a good idea to scour their documentation for mentions of traceability, log history, anonymization, and other features you may need for your specific regulatory compliance requirements.
Most important: look for any mention of opt-ins and opt-outs and how you can choose to opt in or out of your data being used or stored.
Don’t Input Sensitive Data When Using Generative Models
The best way to protect your most sensitive data is to keep it out of generative models, especially ones with which you’re less familiar.
It’s often difficult to say how much of your data can or will be used to train future iterations of a generative model, not to mention how much of and how long your data will be stored in the vendor’s data logs.
Instead of blindly trusting whatever security protocols these vendors may or may not have in place, it’s a better idea to create synthetic data copies or avoid using these tools entirely when working with classified data. Instead, use generative AI to supplement your work when working with less sensitive information.
Keep Your Generative AI Models Updated
Generative models receive regular updates, and sometimes, those updates include bug fixes and other security optimizations. Keep an eye out for opportunities to upgrade your tools so they stay at peak performance.
On a related topic: The AI Market: An Overview
Train Employees on Appropriate Use
Generative AI tools are simple to use and misuse. It’s important your employees know what kinds of data they are allowed to use as inputs, what parts of their workflow can benefit from generative AI tools, regulatory compliance expectations. Additionally, any other best practices and procedures that they are expected to follow as members of the organization are essential.
It’s also helpful to train employees on basic cybersecurity awareness so they can help to identify phishing attempts and other attack vectors before they go too far.
Use Data Governance and Security Tools
A number of data governance and security tools can protect your entire attack surface, including any third-party generative AI tools you may be using.
Consider investing in data loss prevention, threat intelligence, cloud-native application protection platform (CNAPP), and/or extended detection and response (XDR) tools to stay ahead of the curve.
Also see: What is Artificial Intelligence?
How Generative AI Can Support Cybersecurity Efforts
Generative AI can expose organizations to new attack vectors and security risks, but when these tools are used strategically, they can actually support cybersecurity goals as well. Here are just a few ways generative AI tools can be used in cybersecurity:
- Scenario-driven cybersecurity training: uses synthetic data and other features to generate simulated attacks, scenarios, and environments for cybersecurity training.
- Synthetic data generation: can be used to more securely generate anonymized data copies for AI and software app development.
- Contextualized security monitoring, reporting, and recommendations: helps security teams search existing code and networks for vulnerabilities and offers contextualized recommendations for remediation.
- Supply chain and third-party risk management: supports risk management, predictive maintenance, fraud detection, relationship management, and other components of supply chain and partner cybersecurity management.
- Threat intelligence and hunting: can assess massive amounts of data all at once, looking for security vulnerabilities and bigger issues. Some tools can also make recommendations about what tools you should use and infrastructure changes you should make for better security outcomes.
Top Generative AI Security Solutions to Watch
Google Cloud Security AI Workbench
This new development from Google is built on Google Cloud’s Vertex AI and powered by Sec-PaLM. Google Cloud Security AI Workbench is designed to support advanced threat and security intelligence, malware detection, behavioral analysis, and vulnerability management.
Microsoft Security Copilot
Microsoft Security Copilot is one of the most focused security solutions in Microsoft’s arsenal of generative AI products. It works to optimize incident response, threat hunting, and security reporting for users, and it integrates insights and information from tools like Microsoft Sentinel, Microsoft Defender, and Microsoft Intune.
CrowdStrike Charlotte AI
This tool from CrowdStrike lets users manage cybersecurity through natural language in the Falcon platform. Like many of these emerging cybersecurity AI tools, Charlotte AI is designed to supplement existing security teams and lessen the impact of skill gaps. Charlotte AI is generally used to support threat hunting and detection and remediation efforts.
Cisco Security Cloud
Cisco is adding generative AI capabilities to the Security Cloud and its Collaboration and Security portfolios. The new features are designed to make it easier — even conversational — to handle threat response and policy management.
Airgap Networks ThreatGPT
Built on GPT-3 and graph databases, ThreatGPT is a release from Airgap Networks that helps enterprises more effectively and holistically analyze security threats in operational technology (OT) environments and legacy systems.
SentinelOne
The cybersecurity leader recently updated its threat-hunting platform and released generative AI features in a limited preview. It is designed to scale security and threat detection operations, relying on embedded neural networks and a large language model that provide better, closer-to-real-time information about possible threats and solutions.
Synthesis Humans
Synthesis Humans is one of many generative tools offered by Synthesis AI. This solution is designed to train biometric access control systems in a more streamlined fashion. In combination with Synthesis Scenarios, this tool can be used to support facility security as well as cybersecurity.
SecurityScorecard
SecurityScorecard released a security ratings platform that’s partially powered by OpenAI’s GPT-4. With the solution, security teams can ask open-ended, plain-language questions about the security of their network and third-party vendors, receiving proactive responses and guidance for risk management.
MOSTLY AI
MOSTLY AI is a synthetic data generation tool that is specifically designed to generate anonymized data that meets various security and compliance requirements. Because of its strong security and compliance focus, it is frequently used in regulated industries like banking and insurance.
For more information, also see: Best Machine Learning Platforms
Bottom Line: Generative AI and Cybersecurity
Generative AI could be looked at as either a blessing or a curse for cybersecurity, depending on how businesses (and threat actors) choose to take advantage of the technology.
The most important thing every business can do is accept generative AI’s growing presence, learn how the technology works, and establish rules and best practices for how to use generative AI technology in the workplace. From there, more adventurous companies should consider investing in one of the many emerging generative AI technology tools that actually leverage AI models to streamline and simplify cybersecurity efforts.
Read next: Top 9 Generative AI Applications and Tools
