30 Mar ChatGPT as a security co-pilot
Sophos, innovative leader in the cybersecurity industry, has released new research demonstrating how the language model behind ChatGPT can be used to filter spam, detect malicious activity and speed up the analysis of ‘living off the land’ binary (LOLBin) attacks.
“At Sophos, we’ve long seen AI as an ally rather than an enemy for defenders, making it a cornerstone technology for Sophos, and GPT-3 is no different. […] The security community should be paying attention not just to the potential risks, but the potential opportunities GPT-3 brings,” said Sean Gallagher, Principal Threat Researcher at Sophos.
Sophos X-Ops researchers have been working using three prototype projects that demonstrate the potential of GPT-3 as an assistant to cybersecurity defenders. All three use a technique called ‘few-shot learning’ to train the AI model with just a few data samples, reducing the need to collect a large volume of pre-classified data.
Tests included using the few-shot learning method with a natural language query interface, allowing for sifting through malicious activity – this was then tested against the endpoint detection and response product. With this, defenders can filter through the telemetry with basic English, as opposed to SQL or by having to utilise a data’s pre-existing structure.
Sophos went on to test a ChatGPT assisted spam filter, which had surprising accuracy.
Finally, a ChatGPT-assisted program was tested, reversing the command lines of LOLBins, something which is notoriously difficult, but necessary to understanding LOLBins and their malicious behaviour.
It’s been proven that ChatGPT is effective at navigating ‘noise’, identifying important information and presenting it in actionable ways. This significantly reduces labour-intensive processes and gives more time to defenders.
“In the future, we believe that GTP-3 may very well become a standard co-pilot for security experts,” said Gallagher. The framework only becoming more relevant as it continues to evolve, alongside other artificial intelligence models.