Generative AI is a field within artificial intelligence. GenAI digests enormous amounts of data, and later creates new content, such as text, images, videos or music, based on what it learned from the data it digested. While the roots of generative AI go back to the 1950s and 1960s, it’s only in the last decade that GenAI leaped forward and gained wide adoption. The most famous leap, and public recognition, occurred in late 2022, when OpenAI launched its ChatGPT. This launch has shaken the business world in ways we don’t yet fully understand.

One result of the ChatGPT launch – it fundamentally affected how organizations look at and manage their digital security risks. Traditional AI “just” looks at data and predicts outcomes. It has been used in many aspects over the years, from medical research to weather predictions to fraud detection and prevention.

Generative AI is different. It creates new content that identifies repetitive patterns. This capability makes Gen AI useful for cybersecurity, as it helps identify threats, detect anomalies, and triage incident response.

On the plus side, gen-ai helps cybersecurity detect various threats, and it does so very fast. On the con side, this “game” is played by both sides, and bad actors also use Gen AI. Cybercriminals are using this technology to create complex attacks, with the goal of these attacks avoiding detection by both human and cyber systems. The FBI recently warned that cybercriminals leverage gen-AI to initiate unprecedented amounts of fraud, where Gen AI is used to create advanced phishing and social engineering attacks.

But external bad actors are only part of the picture. Gen AI also increases the risk of insider threats, whether these actions are intentional or unintentional. In short, Gen AI capabilities serve both cybercriminals and cybersecurity defenders, which means the defenders must utilize the technology and always be at least one step ahead of bad actors. Cybersecurity defense, that is not based on advanced gen-AI, is worthless today.

Gen AI Role in Cybersecurity

Generative AI enables cybersecurity vendors and customers to strengthen both resilience and incident response. It enables us to modernize the traditional Security Operations Center (SOC) and provide security teams with advanced tools for threat management and risk evaluation. The combination of human analysts with AI detection technologies offers capabilities that were not available until now. 

Security teams using gen-AI can find system vulnerabilities and react to threats in a matter of minutes. Using advanced algorithms, gen-AI can tap into previously disparate sets of data, to correlate analysis. By doing so, it can alert teams on out-of-the-norm activity in the environment, such as device and application threats, cloud data exfiltration, and identity compromises. These alerts can then trigger human investigations and initiate incident response. Gen AI simplifies previously manual tasks that typically increased risks and led to preventable breaches. 

There are four primary areas where gen-AI is making a significant impact in the SOC: threat detection and response, email filtering and phishing prevention, automated incident reporting, and security orchestration and workflow automation.

1. Threat Detection and Response:  Gen AI increases capabilities to detect abnormal variations in network traffic through advanced anomaly detection techniques. With rapid analysis of logs, internet traffic, and packet captures, gen-AI technology can flag deviations that may indicate potential breaches, thus enabling fast human investigation. Traditional systems are bogged down by false positives and delayed responses. With gen-AI, SOC teams enjoy significantly reduced alert fatigue and measurably improved response times to threats across on-premises, hybrid, and cloud environments.
   Gen AI enables security teams to concentrate on actual threats, rather than chase false positives. The result is faster vulnerability scanning and simpler patch management. Gen AI efficiently prevents critical risks like phishing, data exfiltration, insider threat, and SaaS vulnerabilities. It also supports advanced capabilities like malware simulation, digital forensics, and incident response.
2. Email Filtering and Phishing Prevention:  Phishing attacks have become more sophisticated and harder to detect. Gen AI significantly strengthens the organization’s ability to defend against that threat. It does so by analyzing email characteristics, to identify fraudulent communications. Gen-AI investigates linguistic patterns, context, and also sender behaviors, and can thus detect signs of phishing, that traditional methods may miss.

   Once organizations deploy AI-driven email filters, these will automatically block or flag any suspicious messages for further inspection. By that, gen-AI significantly reduces the risk of a successful phishing attack on the organization. This approach reduces the load from the SOC team. It also reduces the risk of employees falling victim to social engineering attacks that are used by cyber criminals.

3. Automated Incident Reporting: 

   security teams typically deal with excessive amounts of data, from multiple sources. This makes it difficult to create cohesive reports on security incidents. Gen-AI helps organizations to automate the creation of incident reports, based on real-time data analysis that is done by the gen-AI system.

   Unlike humans, or non-AI systems, gen-AI systems can combine data from various sources and provide useful insights to security professionals. This automation allows SOC teams to focus on critical prevention tasks and leave the administrative work to gen-AI. This approach improves the overall efficacy of the incident response process.

4. Security Orchestration and Workflow Automation: 

   Cybersecurity teams perform many daily, routine tasks, like monitoring network traffic, scanning for vulnerabilities, and performing malware assessments.

   Gen AI automates these repetitive, manual tasks. It also handles them more efficiently, compared to human employees. This enables the organization to free SOC employees, so they focus on challenges that require human intervention. Dividing the work between Gen AI and human employees enables organizations to prevent burnout of their SOC team and get better overall security results.

How Cyber Criminals Use Gen AI

Criminals increasingly use Gen AI to generate more sophisticated attacks and larger scope of financial fraud. Malicious actors use these advanced technologies to create better and more believable content that would manipulate individuals and bypass traditional security systems.

The following are samples for Techniques, Tactics, and Procedures (TTPs) that are used for cyberattacks:

• SMS and Phishing Campaigns: Criminals use AI to create convincing SMS messages and emails. By that, they make social engineering attacks like spear phishing and romance scams appear genuine to their designated targets, and hence more effective for scammers. AI-generated communications can be personalized, to increase the likelihood of victims falling prey to these scams.

• Fake Social Media Profiles: Gen AI makes it easy for hackers to create fictitious, authentic-looking social media accounts. Such fake profiles are used in scams called ‘confidence fraud’, where scammers trick victims into trusting them, often by portraying themselves as a loved one, friend, or expressing romantic interest. 

• Fake Identification: Criminals use AI to create fake profile photos, or even full identification documents. Then, they use these to give credibility to their fake personas. This tactic is used in identity theft and impersonation, for example.

• Voice Cloning: Gen AI can generate audio clips that impersonate voices of trusted individuals. You probably heard clips where famous politicians or celebrities are presumably saying things they never did. In a similar way, hackers create “vishing” campaigns (short for “voice phishing”). This phishing attack uses phone calls to trick individuals into revealing sensitive information. Scammers generate voices that their victims know and would trust, like their boss or a business partner. The goal of such campaigns is typically to manipulate victims into authorizing financial transactions or providing sensitive information.

• AI-Generated Videos and Deepfakes: Like with the previous bullet, you probably saw multiple fake videos of politicians or celebrities. These AI-generated videos are called ‘deepfakes’ and can look very realistic. Their goal is to trick victims into believing that they are dealing with legitimate authorities, or with a business representative, when it comes to video calls. For example, in today’s competitive recruiting market, there have been reports about companies that received an influx of fake applicants, especially for IT roles, where the applicants used deepfake videos for video interviews (Zoom, for example). Once they pass the interview process and get hired – and there are multiple reports of such cases discovered retroactively – the scammers can get access into highly sensitive IT systems the organization has.

• Insider Threats: Attacks by external scammers are dangerous, but Gen AI can also be misused by insiders. Real employees may attempt malicious activities, such as creating false data, stealing data, or attempting financial fraud. The common denominator for all these is that the security breach attempts originate from within the organization’s network, not from the outside. But even loyal employees may be tricked into unintentional threat actors by cyber criminals. The latter have a large arsenal of TTPs that they can use, including trying to get employees to click on a Gen AI phishing email, or to be compromised by vishing or deepfakes. The result of these activities, whether intended by employees or being tricked by malicious actors, can lead to breaches of sensitive data or fraudulent financial transactions.

A study on The State of Phishing 2024”, held by SlashNext, shows a dramatic increase in malicious emails activity. Since the launch of ChatGPT in late 2022, the study states a staggering surge of 4,151% in malicious emails. The same study showed that in the middle of 2024, there was an 856% increase in malicious emails in the previous 12 months. These numbers illustrate how common AI-generated attacks have become. As Gen AI technology continuously evolves, security teams must prioritize using Gen AI security defenses, to protect sensitive information and financial assets.

The Importance of Security Teams Using Gen AI

AI-powered attacks are becoming both more complex and widespread. Threat actors leverage AI to develop sophisticated attacks. As a countermeasure, security teams must also adopt gen-AI capabilities to maintain an advantage against threat actors. It’s becoming increasingly hard, even impossible, for security teams to protect against an ever-growing number of new security threats without using gen-AI themselves.

Organizations must adopt AI-enhanced security tools that help their security teams fight against AI-based attacks. Cybersecurity teams in the future, and some already do that at present, include both human analysts and Gen AI security technologies. Such AI-based security tools allow the organization to scale safely, while also reducing manual efforts and human errors.

The Gen AI Advantage for DevSecOps

Generative AI can transform SOC and engineering teams by turning DevSecops from reactive to proactive. CISOs and GRC leaders must evaluate their governance and security frameworks and increase the adoption of DevSecOps that leverages Gen AI. Security leaders must also verify that new technologies comply with regulations and follow best practices regarding the usage of gen-AI.

Implementing Generative AI in the SOC

It is guaranteed that threat actors will continue to take advantage of AI and come up with increasingly sophisticated cyber threats. In response, organizations must integrate gen-AI into their security systems. This requires a balanced approach that prioritizes collaboration between technology and human expertise. It is crucial to select the right gen-AI provider, so that security teams can be effective and resilient when responding to new threats. Gen-AI enables the SOC to have improved visibility and response times, By leveraging fast technology and improving visibility and response times, thus strengthening the organization’s defenses and make it more secure against criminals who also use Gen AI.

FAQ

What Is Generative AI?

Generative AI is a subset of artificial intelligence. It analyzes vast amounts of content and data, and “learns” from these. Then, when a user submits a query, the gen-AI system can generate new content, based on what it previously learned. The new content can be text, charts, images, audio, video, code, and more.

What’s the difference between gen-AI and traditional AI?

Traditional AI systems primarily analyze historical data, with the goal of forecasting a future outcome. This is used for weather forecasting, financial modeling, voting patterns, and more. Generative AI, on the other hand, focuses on creating new content, based on patterns it learned from existing data it previously analyzed.

How can Gen AI improve threat detection?

Gen AI-based threat detection analyzes huge datasets and looks for anomalies. The Gen AI system knows what normal operations look like, and these make the vast majority of operations in the datasets it reviews. Once the Gen AI finds an anomaly, it flags it for further inspection. The trick is that gen-AI does all that in incredible speed, literally in real-time, which enables organizations to quickly respond to incidents, and hence reduce the chance of a security breach.

Which attacks can Gen AI help prevent?

Gen AI is effective against attacks that require analyzing huge amounts of data, or traffic patterns. Then, the AI system flags out anomalies, which are suspicious activities. These attacks include data exfiltration, phishing, malware, and automated social engineering. 

Are there any ethical considerations for using Gen AI in cybersecurity?

Yes, there are ethical considerations to investigate when implementing a Gen AI system for cybersecurity. These include data privacy, algorithmic bias, and also the potential for misuse by adversaries. Organizations should establish clear policies and governance frameworks, to make sure they use Gen AI in a responsible manner, both respecting ethical guidelines and complying with regulations.

Will Gen AI change cybersecurity?  How?

This is not a futuristic question, but something that’s already happening at present. Gen AI is already changing cybersecurity. Threat actors leverage Gen AI to launch increasingly sophisticated and larger attacks. In response, organizations must also invest in AI-powered cybersecurity systems, to give their security teams a fighting chance against cyber criminals. Gen AI cybersecurity tools anticipate emerging threats, while making the job of human analysts much easier – all with the goal of improving the organization’s overall security posture and prevent breaches.