Generative AI is Not “The” Answer to All That Ails Us … Despite What Some May Argue For

In the cybersecurity industry, there is a tendency to showcase and focus on those things that look and seem ‘shiny.’ Through the years, we have seen an increasing gravitation toward this pattern of behavior — sometimes amusing, sometimes the root cause of ‘eye rolling’ responses, and sometimes resulting in tragic recognition that only serves to underscore any greater issues in our field and the issues that defenders face daily in the wake of adversarial action the world over. Often, the pursuit of the shiny — much the way a crow chases those things that catch their eyes, results in a significant egg on the face or worse, and many times at the cost of those who cannot afford to lose time or resources because of the pursuits of those in which they place their trust and budgets.

One such area that continues to crop up in our industry and world is that of Generative AI and LLMs. Now, it is no secret that artificial intelligence, machine learning, and data science in general are neither new nor fully understood. There are some excellent works written on this subject, so I will not bore the reader with a recap. However, suffice to say the mileage varies dramatically with these technologies in and outside of the cybersecurity industry. With that said, how much effort and energy ought to be placed into these capabilities versus those that truly advance decision-making, knowledge, and action within a defender’s environment? Mind you; I am not a luddite; I am familiar with these technologies — I worked with and continue to work with them, but in my view, they are tools, not digital messiahs — and still warrant much research and examination for a multitude of reasons some pragmatic, others fanciful, and still others extreme — but all deserving of exploration and understanding. So, what do you think? I would love to hear your thoughts and ideas on this topic. I am sure that together, we can learn quite a lot and tease out realistic usage and application versus the fanciful.