Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Artificial Intelligence
    • Artificial Intelligence

    Generative AI and Cybersecurity

    To optimize generative AI cybersecurity, business should establish rules and best practices for how to use generative AI technology in a secure manner.

    By
    Shelby Hiter
    -
    June 16, 2023
    Share
    Facebook
    Twitter
    Linkedin
      Virtual microchip with brain logo in circuited background.

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Generative AI is an emerging form of artificial intelligence that allows users to leverage trained models to generate new content in various forms, including text, imagery, audio, and video. Nearly all businesses have used or at least considered using generative AI to support their daily operations and business workflows.

      However, generative AI’s quick growth has raised cybersecurity and regulatory compliance concerns. These concerns are certainly warranted and need to be examined from all angles as companies manage their cybersecurity postures. But what many people don’t yet realize is this same technology can also supplement security management tools and teams if used strategically.

      In this guide, you’ll learn about generative AI’s pros and cons for cybersecurity, how major companies are currently using this technology to bolster their cybersecurity tools, and how you can use generative AI that balances efficacy with cybersecurity and ethical best practices.

      Also see: Top Generative AI Apps and Tools

      Table of Contents: Generative AI Cybersecurity

      • Generative AI’s Top Cybersecurity Risks
      • Cybersecurity Tips and Best Practices for Using Generative AI
      • How Generative AI Can Support Cybersecurity
      • Top Generative AI Cybersecurity Solutions
      • Bottom Line: Generative AI and Cybersecurity

      Generative AI’s Top Cybersecurity Risks

      Generative AI poses several potential security risks to businesses and consumers, particularly at the data level. Here are a few of the top security risks that arise when using generative AI:

      Vulnerabilities During and After Model Training

      Because generative AI models are trained on data that is collected from all kinds of sources — and not always in a transparent fashion — it is unknown exactly what data gets exposed to this additional attack surface.

      Combined with the fact that these generative AI tools sometimes store data for extended periods of time and don’t always have the best security rules and safeguards in place, it is very possible for threat actors to access and manipulate training data at any stage of the training process.

      Violation of Personal Data Privacy

      There’s little to no structure in place to regulate what kinds of data users input into generative models. This means corporate users — and really anyone else — can use sensitive or personal data without adhering to regulations or getting permission from the source.

      Again, with how these models are trained and how data is stored, personally identifiable information (PII) can easily get into the wrong hands and lead to anything from account takeover to credit card theft.

      Also see: Best Artificial Intelligence Software 2023

      Exposure of Intellectual Property

      Companies, such as Samsung, have already unintentionally exposed proprietary company data to generative models in harmful ways. This exposure most often occurs when employees upload company code to the system, exposing intellectual property, API keys, and other confidential information.

      Cybersecurity Jailbreaks and Workarounds

      Many online forums offer “jailbreaks,” or secret ways for users to teach generative models to work against their established rules. With these jailbreaks and other workarounds, security issues have arisen.

      For example, ChatGPT was recently able to trick a human into solving a CAPTCHA puzzle on its behalf. The ability to use generative AI tools to generate content in so many different, human-like ways has enabled sophisticated phishing and malware schemes that are more difficult to detect than traditional hacking attempts.

      Also see: 100+ Top AI Companies 2023

      Cybersecurity Tips and Best Practices for Using Generative AI

      Although the risks are high when using generative AI, many of those risks can be mitigated or entirely avoided if you follow cybersecurity best practices like the following:

      Closely Read Security Policies From Generative AI Vendors

      After so much initial outcry about generative AI vendors’ lack of transparency in their model training and other processes, many major vendors have begun to offer extensive documentation that explains how their tools work and how user agreements work.

      To best know what’s happening to your data inputs, look at your vendors’ policies on data deletion and timeframes and what information they use to train their models. It’s also a good idea to scour their documentation for mentions of traceability, log history, anonymization, and other features you may need for your specific regulatory compliance requirements.

      Most important: look for any mention of opt-ins and opt-outs and how you can choose to opt in or out of your data being used or stored.

      Don’t Input Sensitive Data When Using Generative Models

      The best way to protect your most sensitive data is to keep it out of generative models, especially ones with which you’re less familiar.

      It’s often difficult to say how much of your data can or will be used to train future iterations of a generative model, not to mention how much of and how long your data will be stored in the vendor’s data logs.

      Instead of blindly trusting whatever security protocols these vendors may or may not have in place, it’s a better idea to create synthetic data copies or avoid using these tools entirely when working with classified data. Instead, use generative AI to supplement your work when working with less sensitive information.

      Keep Your Generative AI Models Updated

      Generative models receive regular updates, and sometimes, those updates include bug fixes and other security optimizations. Keep an eye out for opportunities to upgrade your tools so they stay at peak performance.

      On a related topic: The AI Market: An Overview

      Train Employees on Appropriate Use

      Generative AI tools are simple to use and misuse. It’s important your employees know what kinds of data they are allowed to use as inputs, what parts of their workflow can benefit from generative AI tools, regulatory compliance expectations. Additionally, any other best practices and procedures that they are expected to follow as members of the organization are essential.

      It’s also helpful to train employees on basic cybersecurity awareness so they can help to identify phishing attempts and other attack vectors before they go too far.

      Use Data Governance and Security Tools

      A number of data governance and security tools can protect your entire attack surface, including any third-party generative AI tools you may be using.

      Consider investing in data loss prevention, threat intelligence, cloud-native application protection platform (CNAPP), and/or extended detection and response (XDR) tools to stay ahead of the curve.

      Also see: What is Artificial Intelligence?

      How Generative AI Can Support Cybersecurity Efforts

      Generative AI can expose organizations to new attack vectors and security risks, but when these tools are used strategically, they can actually support cybersecurity goals as well. Here are just a few ways generative AI tools can be used in cybersecurity:

      • Scenario-driven cybersecurity training: uses synthetic data and other features to generate simulated attacks, scenarios, and environments for cybersecurity training.
      • Synthetic data generation: can be used to more securely generate anonymized data copies for AI and software app development.
      • Contextualized security monitoring, reporting, and recommendations: helps security teams search existing code and networks for vulnerabilities and offers contextualized recommendations for remediation.
      • Supply chain and third-party risk management: supports risk management, predictive maintenance, fraud detection, relationship management, and other components of supply chain and partner cybersecurity management.
      • Threat intelligence and hunting: can assess massive amounts of data all at once, looking for security vulnerabilities and bigger issues. Some tools can also make recommendations about what tools you should use and infrastructure changes you should make for better security outcomes.

      Top Generative AI Security Solutions to Watch

      Google Cloud icon

      Google Cloud Security AI Workbench

      This new development from Google is built on Google Cloud’s Vertex AI and powered by Sec-PaLM. Google Cloud Security AI Workbench is designed to support advanced threat and security intelligence, malware detection, behavioral analysis, and vulnerability management.

      Microsoft icon

      Microsoft Security Copilot

      Microsoft Security Copilot is one of the most focused security solutions in Microsoft’s arsenal of generative AI products. It works to optimize incident response, threat hunting, and security reporting for users, and it integrates insights and information from tools like Microsoft Sentinel, Microsoft Defender, and Microsoft Intune.

      CrowdStrike icon

      CrowdStrike Charlotte AI

      This tool from CrowdStrike lets users manage cybersecurity through natural language in the Falcon platform. Like many of these emerging cybersecurity AI tools, Charlotte AI is designed to supplement existing security teams and lessen the impact of skill gaps. Charlotte AI is generally used to support threat hunting and detection and remediation efforts.

      Cisco icon

      Cisco Security Cloud

      Cisco is adding generative AI capabilities to the Security Cloud and its Collaboration and Security portfolios. The new features are designed to make it easier — even conversational — to handle threat response and policy management.

      Airgap icon

      Airgap Networks ThreatGPT

      Built on GPT-3 and graph databases, ThreatGPT is a release from Airgap Networks that helps enterprises more effectively and holistically analyze security threats in operational technology (OT) environments and legacy systems.

      SentinelOne icon

      SentinelOne

      The cybersecurity leader recently updated its threat-hunting platform and released generative AI features in a limited preview. It is designed to scale security and threat detection operations, relying on embedded neural networks and a large language model that provide better, closer-to-real-time information about possible threats and solutions.

      Synthesis AI icon

      Synthesis Humans

      Synthesis Humans is one of many generative tools offered by Synthesis AI. This solution is designed to train biometric access control systems in a more streamlined fashion. In combination with Synthesis Scenarios, this tool can be used to support facility security as well as cybersecurity.

      SecurityScorecard icon

      SecurityScorecard

      SecurityScorecard released a security ratings platform that’s partially powered by OpenAI’s GPT-4. With the solution, security teams can ask open-ended, plain-language questions about the security of their network and third-party vendors, receiving proactive responses and guidance for risk management.

      Mostly.ai icon

      MOSTLY AI

      MOSTLY AI is a synthetic data generation tool that is specifically designed to generate anonymized data that meets various security and compliance requirements. Because of its strong security and compliance focus, it is frequently used in regulated industries like banking and insurance.

      For more information, also see: Best Machine Learning Platforms

      Bottom Line: Generative AI and Cybersecurity

      Generative AI could be looked at as either a blessing or a curse for cybersecurity, depending on how businesses (and threat actors) choose to take advantage of the technology.

      The most important thing every business can do is accept generative AI’s growing presence, learn how the technology works, and establish rules and best practices for how to use generative AI technology in the workplace. From there, more adventurous companies should consider investing in one of the many emerging generative AI technology tools that actually leverage AI models to streamline and simplify cybersecurity efforts.

      Read next: Top 9 Generative AI Applications and Tools

      Shelby Hiter
      Shelby Hiter is a contributing writer for eWeek and several other B2B technology websites. Previously, she managed editorial strategy on TechRepublic, Webopedia, LinuxToday, and SoftwarePundit. Her work has appeared in online publications such as TechRepublic, project-management.com, Datamation, eSecurity Planet, Enterprise Networking Planet, CIO Insight, AllBusiness.com, and SiteProNews. Her current B2B tech passions include artificial intelligence, managed services, open-source software, and big data.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×