The threat landscape is expanding, and regulatory requirements are multiplying. For the enterprise, the challenges just to keep up are only mounting.

In addition, there’s the cybersecurity skills gap. According to the (ISC)2 2022 Cybersecurity Workforce Study, the global cybersecurity workforce gap has increased by 26.2%, which means 3.4 million more workers are needed to help protect data and prevent threats.

Leveraging AI-based tools is unquestionably necessary for modern organizations. But how far can tools like ChatGPT take us with regard to boosting cybersecurity and addressing the skills gap?

ChatGPT is dominating the tech news cycle. Some can’t get enough, but others are sick of hearing about it. But what about AI in cybersecurity? Is it any different?

While ChatGPT certainly has numerous use cases, there are some notable shortcomings that enterprises must understand before they dive head-first.

Transformers: More than the toys and movies

First, a bit of background on large language models, which have undergone a remarkable transformation over the last few years.

Early models relied on basic statistical methods to generate text based on the probability of word sequences. As machine learning improved, more advanced models like recurrent neural networks (RNNs) and long short-term memory (LSTM) networks emerged — offering better contextual understanding and text-generation functions.

But the turning point of natural language processing (NLP) was the introduction of transformer architectures in 2017. That’s where OpenAI’s popular GPT comes in. The T in GPT stands for Transformer, and GPT means Generative Pre-trained Transformer. These models are trained on massive amounts of data that enable what we get when we use GPT: highly coherent and contextually relevant text.

Models like ChatGPT work because they benefit from large training datasets, more robust architectures and improved training techniques.

Larger datasets, better models, better results?

Madhu Shashanka, co-founder and scientist for Concentric AI and former managing director for Charles Schwab’s Data Science and Machine Learning team, pointed out that the general rule of thumb is that the larger these models, the better they’re going to be. “But ‘better for what?’ is the question we need to ask,” he said.

For the organization that wants to work with and train ChatGPT as an effective cybersecurity tool, Shashanka suggests you think twice. “That’s not going to work, and nobody’s going to stand behind it,” he said. “It’s up to you to do whatever you want with it. People are finding all kinds of things, and your mileage will vary, and you’ll have to train on your own data. People are doing all kinds of crazy stuff. The point is, it’s not a product, and it just becomes another project.”

Shashanka is not saying that ChatGPT use should be discouraged. In fact, he is optimistic about how it can automate processes and procedures, especially for the SOC team. However, as for cybersecurity in a broader sense, there are limitations. “It depends on what you mean by security,” he said. “There are several layers to security. Cybersecurity is much more than visibility. So at the visibility level, you need to understand the data layer for data visibility and then visibility around access. You need to apply classification labels. And on top of that, you need remediation so you can fix permissions and adjust your risk posture management.”

That risk posture must be kept up to date, he added, since the risk and permission environment is changing dynamically.

AI in cybersecurity: Can it really work?

AI and cybersecurity should make a natural fit, but the unfortunate reality is that most AI initiatives in cybersecurity fail. According to Shashanka, most AI-focused cybersecurity companies fail as well.

What is the root cause of these failures? Is it as simple as a fundamental lack of understanding about the power of AI and how to leverage it?

“That’s part of it,” said Shashanka. “I think in large companies, the reason these efforts fail is a disconnect between the business need and what value AI actually brings to the table.”

In Shashanka’s experience, the two sides typically don’t interact well. People with deep knowledge of the business needs cannot speak the same language as those with AI expertise.

“So that gulf is why most of these projects fall apart,” he said. “More than understanding AI, I think understanding the business needs is harder for the AI people than the other way around.”

These fundamental issues aren’t the only challenges companies should consider before leveraging ChatGPT. Addressing biases and ethical concerns, ensuring data privacy and security (remember OpenAI’s data leak?) and balancing automation with human expertise are critical concerns.

What’s most interesting for experts like Shashanka is that when it comes to leveraging ChatGPT for cybersecurity, it’s become a great way for non-experts to interact with large language models. “It’s revolutionary because the people who truly understand the business needs, to some extent, can bypass the AI geeks and just go right to ChatGPT.”

Discussions about leveraging AI in cybersecurity are happening, frequently at a very high level. But these boardroom discussions are nothing new, Shashanka said.

“It’s the classic case of build it or buy it. If these things are not in your company’s core business expertise, you probably shouldn’t be doing it. It’s as simple as that.”

The final word

There’s no debate about whether ChatGPT will play a role in cybersecurity. That genie is not going back in the bottle. But circling back to the beginning, we know that if there’s one sector that’s understaffed and under-resourced, cybersecurity is probably on the top of that list.

“It’s not like cybersecurity teams have all the time and bandwidth to play around with GPT and start building their own models,” he said.

Bottom line: Know what ChatGPT can do and what its limitations are, and leverage it within those guardrails. Everything else should be left to the experts who can stand behind their product.

More from Artificial Intelligence

How AI can be hacked with prompt injection: NIST report

3 min read - The National Institute of Standards and Technology (NIST) closely observes the AI lifecycle, and for good reason. As AI proliferates, so does the discovery and exploitation of AI cybersecurity vulnerabilities. Prompt injection is one such vulnerability that specifically attacks generative AI. In Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations, NIST defines various adversarial machine learning (AML) tactics and cyberattacks, like prompt injection, and advises users on how to mitigate and manage them. AML tactics extract information…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

How I got started: Cyber AI/ML engineer

3 min read - As generative AI goes mainstream, it highlights the increasing demand for AI cybersecurity professionals like Maria Pospelova. Pospelova is currently a senior data scientist, and data science team lead at OpenText Cybersecurity. She also worked at Interset, an AI cybersecurity company acquired by MicroFocus and then by OpenText. She continues as part of that team today. Did you go to college? What did you go to school for? Pospelova: I graduated with a bachelor’s degree in computer science and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today