Sophos explores using ChatGPT to tackle cyberthreats
Cybersecurity company Sophos has released new research demonstrating how the generative AI technology behind ChatGPT can be used to fight cybercrime.
The research details pilot projects developed using the GPT-3 large language models to simplify the search for malicious activity in data from security software, more accurately filter spam and speed up analysis of “living off the land” attacks.
For example, the GPT-3 AI model can be developed to filter malicious activity in XDR Telemetry datasets, Sophos found. The company tested the model against its endpoint detection and response product to allow defenders to filter the data with basic English commands.
Sophos researchers were also able to adapt the technology to simplify the process for reverse-engineering the command lines of living off the land technologies known aS LOLBins, a process notoriously difficult to pull off.
Sophos Principal Threat Researcher Sean Gallagher said the research demonstrates that generative AI can be used by both sides of the security fence.
“Since OpenAI unveiled ChatGPT back in November, the security community has largely focused on the potential risks this new technology could bring,” he said.
“Can the AI help wannabee attackers write malware or help cybercriminals write much more convincing phishing emails? Perhaps, but, at Sophos, we’ve long seen AI as an ally rather than an enemy for defenders, making it a cornerstone technology for Sophos, and GPT-3 is no different.”
He said the findings demonstrate that the security community should be paying attention not just to the potential risks, but the potential opportunities GPT-3 brings.
“We are already working on incorporating some of the prototypes above into our products, and we’ve made the results of our efforts available on our GitHub for those interested in testing GPT-3 in their own analysis environments,” Gallagher said.
“In the future, we believe that GPT-3 may very well become a standard co-pilot for security experts.”
CrowdStrike to buy Adaptive Shield
CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...
LockBit named nastiest malware of 2024
LockBit, a ransomware malware known to have been used to attack Australian targets, has been...
Extreme Networks launches ZTNA solution
Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...
