Generative artificial intelligence (AI technologies, such as OpenAI's ChatGPT, have the potential to help security professionals defend against sophisticated, unpredictable attacks. The technology will also embolden attackers. Security vendors, however, aren't waiting to see which way the debates go before releasing their own GPT-based tools for security professionals.

Consider this not-exhaustive list of announcements from the past two months:

Tenable Research touted "ample opportunity" for defenders to harness LLMs in the white paper "How Generative AI is Changing Security Research," published in tandem with the release of its four tools.

"From log parsing and anomaly detection to triage and incident response capabilities, defenders could have the upper hand," the research group for Tenable Security wrote. "In addition to our examples of using LLMs like ChatGPT to reduce the manual workload of reverse engineering tasks and security research, another avenue where AI could prove to be a key tool for development teams is static code analysis to identify potentially exploitable code. Coupled with advanced threat detection and intelligence from trained AI models, there is an abundance of use cases to aid defenders."

Fears of What AI Can Do

The surging use of ChatGPT is stoking fears that generative AI, which consists of algorithms that can generate realistic images, audio, or video or produce written content, will be used to do more harm than the efficiencies it provides. On Monday, renowned AI creator Geoffrey Hinton announced that he quit his job at Google. Hinton, who has been referred to as the “Godfather of AI,” warned that tech giants like Google, Meta, Apple, and Microsoft may be moving too fast in unleashing it.

"It's hard to see how you can prevent the bad actors from using it for bad things," Hinton told The New York Times.

Leaders of those companies have responded, saying they take the potential misuse seriously and are creating safeguards. Speaking during a panel session at the World Economic Forum’s Growth Summit in Geneva on Wednesday, Microsoft chief economist Michael Schwarz said both Microsoft and its partner, ChatGPT creator OpenAI, “are really committed to making sure that AI is safe, that AI is used for good and not used for bad.”

However, Schwarz acknowledged the risks. "We do have to worry a lot about the safety of this technology, just like any other technology," he said. "By all means possible, we have to put in safeguards."

Changing Security Research

For many in the cybersecurity industry, AI would significantly accelerate the ability to develop new tools and discover new threats at a scale that would be impossible otherwise, and concerns about its abuse should not be reasons for holding back on using it.

"While there’s certainly a dark side to these emerging technologies, Tenable Research also sees opportunities to use AI for the greater good," the research group wrote in the white paper. "For example, the art of bug hunting requires extensive security and coding skills, and it can take years for an individual to develop the necessary expertise to find zero-day vulnerabilities. As researchers, we turn our mindsets to using and developing tools that can reduce manual labor. With these generative models, we have a unique opportunity to change the trajectory of security research."

During an informal panel discussion held for the media by Tenable Security during the RSA Conference last week, participants agreed that putting the brakes on AI development is unrealistic. "It's certainly not going to stop our adversaries," warned Mark Weatherford, Alert Enterprises CSO and chief strategy officer for the National Cybersecurity Center.

"There’s just no way to stop it," added Tenable deputy CTO Robert Hansen. "Even if you wanted to stop ChatGPT from innovating, all the hackers I know are working on this right now, racing toward whatever they're trying to accomplish."