ChatGPT Emerges as Key AI Tech for Security Vendors
While there are some concerns about how generative AI chatbots such as ChatGPT can be used maliciously — to craft phishing campaigns or write malware — several companies are harnessing the power of conversational AI technology to enhance their product capabilities, including for security.
ChatGPT, a large language model (LLM) developed by OpenAI, uses GPT 3 LLM and relies on large test data sets culled from multiple sources. ChatGPT, which can understand human language, provides detailed answers to simple questions and can handle complex tasks such as creating documents and writing code in response to user queries. It's an example of how conversational AI can be used to organize large volumes of information and enhance user experience and communications.
For instance, a conversational AI tool — whether that's ChatGPT or something else — could serve as the back end of an information concierge that automates the use of threat intelligence in enterprise support.
That's the approach Orca Security appears to be taking with Orca Security Platform. The company incorporated OpenAI's GPT3 API, specifically the “Da-Vinci-03” series, to enhance the platform's ability to generate contextual and accurate remediation plans for security alerts, Lior Drihem, Orca's director of innovation, and Itamar Golan, head of data science, wrote in the announcement.
The new pipeline takes a security alert and preprocesses the data, such as basic information about the risk and its contextual environment — such as affected assets, attack vectors, and potential impact — before feeding the pieces as input to GPT3. The AI then generates a detailed explanation of the best and most practical ways to remediate the issue, Golan and Drihem wrote. These remediation steps can also be embedded in tickets, such as Jira tickets, for teams to reference and implement.
While the AI model can provide inaccurate information (or vague results), “the benefits of utilizing GPT3's natural language generation capabilities outweigh any potential risks, and have seen significant improvements in the efficiency and effectiveness of our remediation efforts,” according to Drihem and Golan.
This isn't the first time Orca Security has been working with language models. The company recently integrated GPT3 into its cloud security platform to enhance the remediation information customers receive regarding infosec risks.
“By fine-tuning these powerful language models with our own security data sets, we have been able to improve the detail and accuracy of our remediation steps — giving you a much better remediation plan and assisting you to optimally solve the issue as fast as possible,” Golan and Drihem wrote.
Harnessing AI & LLM for Applications
Orca Security joins other companies incorporating language models into its product portfolio. Earlier this week, Gupshup launched Auto Bot Builder, which harnesses GPT-3 to help enterprises build their own advanced conversational chatbots. Auto Bot Builder builds chatbots tailed to the enterprise's specific requirements by using content from the enterprise website, documents, message logs, product catalogs, databases, and other corporate systems, processing the information using GPT-3 LLM (Large Language Model), and fine-tuning it with proprietary industry-specific models. Enterprises can use Auto Bot Builder to build chatbots for marketing lead generation activities, product discovery, product recommendations, shopping advice, troubleshooting, and customer support.
These chatbots differ from ChatGPT, a general-purpose chatbot, but like ChatGPT, they have an “exceptionally high degree of language capability” to engage with end users, according to Gupshup.
The cryptocurrency community is also using ChatGPT to create applications such as trading bots and crypto blogs, Jerrod Piker, a competitive intelligence analyst at Deep Instinct, wrote in an email. Examples include using ChatGPT to write a sample smart contract, and a trading bot that identifies entry and exit points to help automate the process of buying and selling cryptocurrencies.