As cybersecurity professionals grapple with evolving threats, machine learning/artificial intelligence (ML/AI) is upending the industry. One of the most remarkable AI models is ChatGPT, which is open to the public for testing. This article outlines some of the fascinating ways ChatGPT is transforming cybersecurity by automating repetitive tasks such as endpoint detection and response (EDR). We also examine how the AI model simplifies complex queries, and how it can force multiple red and blue teams. While the benefits of AI in cybersecurity are vast, limitations still exist. We explore these limitations and analyze whether AI can truly replace humans in decision-making.

ChatGPT Simplifies Complex Queries

ChatGPT is the new kid on the AI block, and it’s already learning how to simplify complex queries for cybersecurity practitioners. For instance, Splunk users can quickly create an alert for a brute force attack against an Active Directory with ChatGPT’s help. The AI model can turn a junior analyst’s prompt into a query in just seconds, and provide an explanation for the logic behind the inquiry. ChatGPT’s ability to simplify complex queries makes it ideal for use by rookie SOC analysts.

Automating Daily Tasks with ChatGPT

IT teams are usually stretched thin, and the number of stale Active Directory accounts in most environments can range from dozens to hundreds. These accounts often have privileged permissions, which can significantly weaken a company’s cybersecurity posture. Fortunately, ChatGPT can be used to automate daily tasks such as identifying and disabling accounts that have not been active within 90 days. This automation has the potential to free up IT teams to focus on more advanced work.

Force Multiplying with Red and Blue Teams Using ChatGPT

Purple teaming, the collaboration of red and blue teams to improve an organization’s security posture, is an excellent way to use ChatGPT. The AI model can build simple examples of scripts or debug those that may not be working as expected as red teamers use them for penetration tests. In such cases, the blue team can use ChatGPT’s output as a reference to create better alerting mechanisms. ChatGPT’s force-multiplying capabilities can prove useful for organizations seeking to test and improve their security posture.

Limitations of AI in Cybersecurity

Although AI’s potential in cybersecurity is vast, it’s crucial to note that its usefulness has limitations. AI is high-powered and precise, but complex human cognition coupled with real-world experiences remains crucial in decision-making. The human ability to use universally subjective thinking is central to the decision process, and AI lacks the capability to emulate these skills. While AI can automate repetitive and mundane tasks in cybersecurity to reinforce sound cybersecurity postures, it’s still very early days to rely on AI to arrive at the final decisions in practical, everyday situations.