So far, we’ve talked about the security challenges inherent in generative AI as a technology. But now let’s take a look at how generative AI impacts the security landscape itself. We’ll start with looking at how security processes, especially in the SOC, are poised to evolve because of the introduction of generative AI. While the debate continues about the extent to which AI can replace human analysts, it’s clear that generative AI can significantly augment their capabilities, providing a powerful first line of analysis and accelerating response times.
The elephant in the room: Generative AI in the SOC
Looking across the vendor landscape, the number of times the phrases “generative AI”, “SOC, and “force multiplier” show up in the same sentence is blinding (especially if you turn it into a drinking game). It’s the pervasive use case across the industry. Some vendor are talking about automated SOC agents powered by generative AI replacing Tier 1 analysts, some are talking about assisting investigations and remediation activities, and with agentic designs some are talking about having entire SOC processes played out with generative AI. This is a scary time to be a SOC analyst! But the reality is much less drastic. An early study on Microsoft Copilot in Sentinel showed that Novices had a marked improvement in certain areas, while Professionals didn’t see the benefit. Great though, it’s still helpful, right? Well, at a $0 cost sure, but when the time saved was compared against the cost of Copilot, the majority of customers we spoke with felt the value wasn’t actually there yet. To counter this perception, some tools like Google SecOps and others simply rolled the generative AI into their product SKUs. Companies like Splunk, CrowdStrike, and Palo Alto have all taken various paths to pass integration costs to their customers, often based on your licensing tier. But the long story short is generative AI is now a part of the SOC, and it has its place in investigation, automation, and incident response. Generative AI is capable of assisting in incident response by providing analysts with context-rich information and suggesting remediation strategies. It can also aid in threat hunting by finding subtle indicators of compromise that might be missed by more static-based tools. And there is value in making things easier for junior analysts and getting them skilled up faster. In the end, it’s up to you to figure out how much trust you want to place in it as part of your processes. We tend to agree with those saying AI will NOT replace those in the SOC anytime soon (links from Abnormal Security, Elastic, and Red Canary).
AI-Powered Identity and Access Management
Beyond the SOC, Identity and Access Management (IAM) is another area where generative AI can provide substantial benefits. As identity systems become increasingly complex, managing policies and permissions can be overwhelming, and in complex systems understanding IAM decisions is increasingly complicated. Looking into the future, especially with Zero Trust principles, seemingly non-deterministic decisions on access based on a wide range of criteria can make understanding access nearly impossible. But this one area where generative AI can play a significant role. Consuming the totality of IAM policies across multiple vendors, including ones with non-binary criteria, and providing (grounded) insight into whether or not actions will be permitted is nearly impossible today but much easier with generative AI tooling. And there are more use cases visible in the future: replacing annual reviews with real time analytics, faster analysis of least privileged access based on job role, and eventually real-time access decision-making authority. As Identity is getting increasingly complex, generative AI is the beacon of hope that maybe, eventually, we’ll actually be able to make Identity simple to understand. But personally, I wouldn’t bet on that just yet.
High risk, high reward: Generative AI’s role in red teaming
To start, there is absolutely a role for generative AI in executing red team engagements. We use it at Generative Security in multiple places in our platform, and I don’t think we could accomplish as much as we do with out it. Generative AI has proven very capable when we have a strong, data-driven foundation with the right metadata, and then having generative AI massage it for a wider set of use cases. We have found that analyzing responses, understanding and associating contextual information, and providing feedback is, for us, right in the wheelhouse of generative AI. However, there’s another step forward that some have taken, using generative AI in real time as part of the execution of red teaming exercises. We think this is a risky proposition given the goals and objectives of reliable red team vendors. Red team engagements, especially in production environments, need to be properly scoped, acceptable and unacceptable risks identified and managed in real-time, and almost always make sure they do not do more harm than good. People struggle with the tension of achieving the objective and not going to far, an LLM or other generative AI model is far less likely to understand where that line is, and when to not cross it.
The Human-AI Partnership: A Collaborative Future
While generative AI offers immense potential for enhancing security, it’s important to recognize that it’s not a silver bullet. The most effective approach involves a balance between human security professionals and AI-driven tools, focused on empowerment and not replacement. By combining the strengths of generative AI with the experience and intuition humans bring to the table, organizations can build a more robust and resilient security posture.
As always, don’t hesitate to reach out to us at questions@generativesecurity.ai if you want to dive into this some more. Next up we’ll finish talking about the 4 block, diving into Gen AI In Security – Gen AI powered Threats.
About the author
Michael Wasielewski is the founder and lead of Generative Security. With 20+ years of experience in networking, security, cloud, and enterprise architecture Michael brings a unique perspective to new technologies. Working on generative AI security for the past 2 years, Michael connects the dots between the organizational, the technical, and the business impacts of generative AI security. Michael looks forward to spending more time golfing, swimming in the ocean, and skydiving… someday.