What You Should Know About Generative AI, LLMs, and Agentic AI

Generative AI and Its Implications for Security

Generative AI (aka GenAI), which includes variants like GANs (Generative Adversarial Networks), is a type of artificial intelligence, used to create a variety of content types – text, audio, images, video and more – based on patterns “learned” from trained datasets. Because of this, GenAI presents opportunities in cybersecurity, including:

Enhanced Simulation and Training: Generative models can simulate cyberattacks to test defenses, users and help train security systems.

Incident Response Planning: By generating realistic attack scenarios, generative AI aids in incident response and scenario planning; it can even be used to supplement table top exercises.

Forensic Reconstruction: Generative AI can help reconstruct timelines and sequences of events based on fragmented data, aiding in post-incident analysis.

Phishing: When it comes to phishing, generative AI cuts both ways. In conjunction with LLMs, generative AI is used by hackers to craft impeccably good spear-phishing emails. Conversely, generative AI benefits detection and response teams by analyzing email content, images and patterns to flag suspicious messages that may bypass traditional filters.

Understanding LLMs (Large Language Models)

LLMs, such as OpenAI’s ChatGPT, Google’s Gemini, or Meta’s LLaMA, are a subset of GenAI. LLMs are trained on massive amounts of text, representing a breakthrough in natural language processing. They learn how to predict the next word in a sentence, leading to powerful language understanding, as well as the ability to generate human-like text, which can be used for a variety of tasks. In cybersecurity, LLMs are increasingly used for:

Threat Intel Summarization: LLMs can parse through vast amounts of textual data, including CTI feeds, CVE disclosures, online forums, social media, even dark web chatter, to highlight relevant findings for your environment.

Report Generation: LLMs add value by summarizing complex security incidents or generating any number of detailed reports, saving security operations professionals valuable time.

Alert Explanation: LLMs can describe what an alert means, what might have triggered the alert, and suggest next steps.

Take caution. LLMs do not “know” anything. They are pattern predictors. They are prone to hallucinations, are vulnerable to prompt injection attacks, and can be manipulated.

The Rise of Agentic AI

Agentic AI refers to AI systems that can plan, reason and act to achieve specific goals. Instead of just answering a question, agentic AI can break tasks into steps, use tools, such as calling APIs or running scripts, and can adjust based on new information. In cybersecurity, agentic AI is instrumental in:

Automated Triage: An agent can ingest an alert, look at logs, check for known bad IPs, and suggest whether to escalate – all automatically.

Interaction: Agentic AI systems also have the ability to interoperate and leverage LLMs, enabling new and creative ways to tackle a wide variety of tasks.

Dynamic Threat Adaption: Unlike playbook-based security tools, Agentic AI agents can adapt in near real time based on evolving threat landscapes, which enhances overall cyber-resilience.

Conclusion

Generative AI, LLMs and Agentic AI are not only here to stay, but they represent transformative technologies that impact cybersecurity leaders, detection and response teams, alert triage and investigation analysts. Having a basic understanding of these related yet discrete technologies helps any security professional better plan and make informed decisions when evaluating and implementing AI in their security operations.