Sophos reveals how GPT can help defeat cyberattackers
Sophos has published a report exploring how GPT-3 (and by extension GPT-4) can help defeat cyberattackers.
The report, GPT for You and Me: Applying AI Language Processing to Cyber Defenses, shows projects developed by Sophos X-OPS using GPT-3’s large language model. Cybersecurity professionals can use the platform to simplify searches for malicious activity in datasets, and speed up analysis of the “living off the land” binary (LOLB). It can also be used to filter spam more accurately.
“Since OpenAI unveiled ChatGPT back in November, the security community has largely focused on the potential risks this new technology could bring,” said Sean Gallagher, principal threat researcher at Sophos. “At Sophos, we’ve long seen AI as an ally rather than an enemy for defenders.”
GPT security projects
Sophos has been working on three prototype projects that use GPT-3 as an added cybersecurity barrier.
It tested using a natural language query interface for sifting through malicious activity in security software telemetry with the few-shot learning method. Sophos also tested the model against its endpoint detection and response product.
It found that defenders can filter through the telemetry with basic English commands. This removes the need for defenders to understand SQL or the underlying structure of a database.
The GPT-3 filter has proved to be significantly more accurate when compared to other machine-learning models for spam filtering.
Researchers also simplified the process for reverse-engineering the command lines of LOLBins using GPT-3. Reverse engineering is difficult but is imperative for understanding the behaviour of LOLBins and preventing future attacks.
Want to use GPT-3 in your business? We explain how to take advantage today.
Proof of copilot concept
Many companies operate on limited resources, meaning notifications and detections can take much work to sort through thoroughly.
“We’ve proved that, with something like GPT-3, we can simplify certain labour-intensive processes and give back valuable time to defenders,” Gallagher said.
Sophos is already working on incorporating prototypes into its products. The results of its work are available on GitHub for those interested in testing GPT-3 in their analysis environments.
“In the future, we believe that GPT-3 may very well become a standard copilot for security experts,” Gallagher added.
NEXT UP
Why Rotterdam is a tech haven: a love letter from a startup
We reached out to Kees Wolters asking for a comment on Rotterdam as one of the best cities in Europe for tech workers – he sent us what amounted to a love letter to the city, which we decided to publish in full (with his consent), below.
Verizon and Skylo launch direct-to-device messaging using satellites
Verizon and Skylo partnered to launch a direct-to-device messaging service for customers and Internet of Things (IoT) enthusiasts.
IBM pushes for EU to make AI open and collaborative
If the EU wants to remain a global digital leader then it needs to make AI open and trusted. So says IBM in its new digital policy agenda for Europe.