Sophos, a leading cybersecurity service provider, has released new research showcasing the potential of GPT-3, the language model that powers ChatGPT, as a co-pilot to help defeat cyber attackers. The report titled “GPT for You and Me: Applying AI Language Processing to Cyber Defenses” describes the projects developed by Sophos X-Ops using GPT-3’s large language models. These projects simplify the search for malicious activity in datasets from security software, more accurately filter spam, and speed up analysis of “living off the land” binary (LOLBin) attacks.
Sophos believes that AI, including GPT-3, can be an ally rather than an enemy for cybersecurity defenders. The report explains how the security industry can leverage GPT-3 to improve cybersecurity defenses. The researchers at Sophos X-Ops have been working on three prototype projects that demonstrate the potential of GPT-3 as an assistant to cybersecurity defenders. They use a technique called “few-shot learning” to train the AI model with just a few data samples, reducing the need to collect a large volume of pre-classified data.
The first application Sophos tested with the few-shot learning method was a natural language query interface for sifting through malicious activity in security software telemetry. The interface enables defenders to filter through the telemetry with basic English commands, removing the need for defenders to understand SQL or a database’s underlying structure.
Sophos also tested a new spam filter using GPT-3 and found that it was significantly more accurate than other machine learning models for spam filtering. Lastly, Sophos researchers developed a program to simplify the process for reverse-engineering the command lines of LOLBins, a notoriously difficult task critical to understanding LOLBins’ behavior and stopping such attacks in the future.
Sophos aims to simplify labor-intensive processes for cybersecurity defenders and give back valuable time to them. The report also includes plans to incorporate the prototypes above into Sophos products and to make the results of their efforts available on GitHub for others interested in testing GPT-3 in their own analysis environments. Sophos believes that GPT-3 may become a standard co-pilot for security experts in the future.
17 March 2023