Sophos reveals how GPT can help defeat cyberattackers

Sophos has published a report exploring how GPT-3 (and by extension GPT-4) can help defeat cyberattackers.

The report, GPT for You and Me: Applying AI Language Processing to Cyber Defenses, shows projects developed by Sophos X-OPS using GPT-3’s large language model. Cybersecurity professionals can use the platform to simplify searches for malicious activity in datasets, and speed up analysis of the “living off the land” binary (LOLB). It can also be used to filter spam more accurately.

“Since OpenAI unveiled ChatGPT back in November, the security community has largely focused on the potential risks this new technology could bring,” said Sean Gallagher, principal threat researcher at Sophos. “At Sophos, we’ve long seen AI as an ally rather than an enemy for defenders.”

GPT security projects

Sophos has been working on three prototype projects that use GPT-3 as an added cybersecurity barrier.

It tested using a natural language query interface for sifting through malicious activity in security software telemetry with the few-shot learning method. Sophos also tested the model against its endpoint detection and response product. 

It found that defenders can filter through the telemetry with basic English commands. This removes the need for defenders to understand SQL or the underlying structure of a database.

The GPT-3 filter has proved to be significantly more accurate when compared to other machine-learning models for spam filtering. 

Researchers also simplified the process for reverse-engineering the command lines of LOLBins using GPT-3. Reverse engineering is difficult but is imperative for understanding the behaviour of LOLBins and preventing future attacks. 

Want to use GPT-3 in your business? We explain how to take advantage today.

Proof of copilot concept

Many companies operate on limited resources, meaning notifications and detections can take much work to sort through thoroughly.

“We’ve proved that, with something like GPT-3, we can simplify certain labour-intensive processes and give back valuable time to defenders,” Gallagher said.  

Sophos is already working on incorporating prototypes into its products. The results of its work are available on GitHub for those interested in testing GPT-3 in their analysis environments. 

“In the future, we believe that GPT-3 may very well become a standard copilot for security experts,” Gallagher added.