Our previous blogs have been focussed on looking forward, what will be possible with Artificial Intelligence (AI) in the near future. In this blog, we look at an area where Large Language Models (LLMs) and AI are already adding high value, which is in training, education and knowledge retrieval.
The role of an analyst is becoming increasingly challenging in the rapidly changing world of cyber security. To stay ahead of cyber criminals and continue to protect an organisation’s sensitive data, analysts must continually update their skills and knowledge. This presents a unique opportunity for AI, particularly LLMs, to step in and provide valuable assistance in improving cyber security analyst training.
AI for Knowledge Management
For cyber security teams, knowledge management is essential. Having clearly defined processes and documentation helps in the smooth onboarding of new analysts and ensures a consistent approach to handling security incidents. This is where AI, especially LLMs, is playing a crucial role. Instead of relying solely on human experts to guide new analysts, AI can step in as a virtual mentor. By feeding the AI with well-documented processes and workflows, new analysts can ask questions and receive real-time guidance. While this information is available to the analyst stored within knowledge bases, the use of LLM’s can speed up the retrieval of the information when it is required. When searching through a large amount of data, unless structured in some specific way, keywords would need to be searched in order to find the required information. With LLM’s instead of the correct keyword needing to be used, natural language can be used to ask the question.
AI as a Research Assistant
New threats, exploits, vulnerabilities, and techniques are constantly being released in the world of cyber security and this presents a requirement for analysts to constantly be researching in order to be able to effectively identify and mitigate them. While this information is available online, and while LLM’s currently cannot contain information that is not already available in the public domain, they can act as a powerful start to the workflow. Instead of an analyst using a search engine, wading through adverts and pre-ambles within blog posts, the analyst can instead start the search using the LLM and then pivot to verifying this information using traditional techniques.
AI as a Tutor
The AI-driven tutoring capabilities of LLMs are also of immense value. As cyber security professionals, there’s a constant need to stay updated on the latest threats, techniques, and tools. Learning and mastering new concepts can be challenging, and we often reach points of frustration or confusion. Here’s where AI shines as a private tutor. If you’re struggling to understand a particular concept, you can turn to the LLM and ask it to explain it to you. And it doesn’t stop at one explanation; you can ask it to simplify or provide alternative explanations until you fully grasp the concept. It’s like having a personal tutor on standby, available to guide you through complex topics and making learning cyber security more accessible. One powerful technique is to attempt to explain a concept back to the LLM and ask it to criticise your explanation, not only does this require you to be able to explain a concept in your own words, but it helps identify areas you may have misunderstood. The ability to have a conversation about a subject, or a concept within a subject is a very powerful learning tool which would have been limited previously to those with a private tutor.
All the benefits listed in this blog, as with any resource, require analysts to have a core level of knowledge. Without some foundation in a subject, it is difficult to even know which questions should be asked of an LLM to gain the knowledge you need. Perhaps in the future LLM’s will be fine-tuned to act as tutors within specific domains, and these tutors would suggest questions that you don’t know you should ask in the first place, but currently the learning is user driven.
In conclusion, AI, especially LLMs, is revolutionising cyber security analyst training. It closes the knowledge gap, making cyber security research more accessible and helps retrieve information from large amounts of data quickly. AI serves as a personal tutor, helping cyber security professionals understand complex concepts and continuously improving their skills. As the cyber security landscape evolves, AI will play an increasingly crucial role in preparing analysts for the challenges that lie ahead.
Summary
To summarise this series of blog posts, AI will undoubtedly continue to improve rapidly and as it does so, people within the cyber security industry will find new ways to leverage it, both defensively and offensively. It is very hard to predict what capabilities will emerge and when, and so often it will be a case that cyber security practitioners will need to quickly adapt and implement these capabilities rather than planning for them. One thing that is clear though is that there is a long road ahead from where we are now, to AI systems being able to act as an autonomous security analyst. In the meantime, AI systems should be used to bolster the capabilities of analysts, and where possible automate sub-tasks that could save these analysts valuable time. As AI systems improve, I imagine we will see an increase in the tasks that can be reliably automated with less and less oversight. From 10-20 second tasks that can be automated currently, to multi-task workflows in the future.