Generative AI is still a fairly new concept and business leaders are understandably still grappling with how to use it . Andrew Hollister , CISO , LogRhythm , offers his thoughts on unpacking the latest fixation in the cybersecurity realm .

hough Artificial

Intelligence ( AI ) has been a topic of discussion in the enterprise landscape for many years , Microsoft ’ s US $ 10 billion commitment to OpenAI back in January 2023 officially cemented Generative AI ’ s rise to prominence .

A technology with the power to create , as opposed to just automate , captivated business users from the start .

Promising to build efficiencies , enhance productivity and offer other lucrative gains , the use of Generative AI has successfully spread to every corner of the business world over the first half of the year .

On its meteoric rise , however , Generative AI has brought along with it a

Andrew Hollister , CISO , LogRhythm whole new series of considerations and challenges for security practitioners . As businesses have sought to harness its potential , so have cybercriminals with less savory intentions .

Although the future of Generative AI is still being written , there are a handful of key takeaways that the cybersecurity industry must understand about the technology as it currently stands .

AI as a weapon

Threat actors have begun to capitalise off the use of Generative AI tools in several ways , allowing them to refine existing tactics . For example , Large Language Models ( LLMs ) like ChatGPT are helping cybercriminals improve on phishing techniques and other forms of Business Email Compromise ( BEC ). With Generative AI help , cybercriminals can develop better , more convincing phishing emails that have a higher potential to fool business users and potentially leave organisations vulnerable to outside exploits .

Generative AI tools are also helping threat actors develop and refine code to assist with ransomware , malware and other related attacks . While most Generative AI models are designed to keep users from generating malicious code , the tools are not yet sophisticated enough to block all the prompts that may be used by cybercriminals .

Because Generative AI tools are constantly learning from the information they are fed , there is a risk that cybercriminals may also begin to corrupt AI models . By manipulating data fed into Generative AI models , threat actors could tamper with it to the point where it begins to produce incorrect outputs , biased results and other undesirable or unreliable outcomes .

The new cyber craze

There is a considerable opportunity for Generative AI as an assistive form of technology , augmenting and assisting in

the complex role of the security analyst rather than eliminating it and helping analysts build efficiencies in many key areas of their work .

Generative AI also offers exciting possibilities to help communicate complex security concepts to influential stakeholders , like company executives and board members , that may not speak the language of cybersecurity in the same way that analysts do .

76 www . intelligentciso . com