Generative Txt for InforSec
InforSec’s optimized use of the newest product lineup of Machine Learning.
$ openai infosec --help
The Anthropomorphism of ChatGPT
We’re InfoSec. Our industry has been leveraging ML since 2013. We are perhaps the industry best trained to delineate between the technology and the marketing and hype.
Our non-techie friend’s are not prepared for that.
The Anthropomorphism of ChatGPT
Example: AI “Hallucinations”.
Hallucinations are a distinctly physiological experience. This is not something that describes a generative text model.
How can we help?
- Have we seen AI disrupt an industry?
- Do we have stories of how we leaver AI in ways to do the work of thousands of employees in seconds?
- Can we explain what Generative Models can and can’t do?
- Can we explain simply how, if there is a model that will take over the world, ChatGPT ain’t it.
Use in Information Security:
- DGA Identification
- Behavior Analytics Anomaly
- 2014 Cylance File Classification
Under The Hood: The Tokenized Prompt
Generative models predict the next option in a sequence. In this case, the next token, as a string, in a sequence of strings.
Just as our ML models give a probability prediction on a file’s resemblance of malware vs benign-ware based off values of various vertices as it compares to the samples it has been trained off of, ChatGPT’s prediction of the next token is trained off of large volumes of text generated by humans.
Read the Agreement: Don’t Trust and Verify
Remember how “AI” was the engine to every solution and the solution to every problem in 2018? There will be tasks that generative AI is simply not well suited to solve.
How can one verify the output of a large lanauge model?
Data Problems in Models
Chat GPT is a Large Language Model Program for Text Generation. As with any ML Model, the output will only be as good as the input.
Good data in, good data out. Bad data in…
Read the Fine Text: Privacy
Services like ChatGPT and DALL-E store prompts for future model training. Even when you pay for it.
We will spend some time on other options.
ChatGPT design presents operational threat to consumers, both individually and corporately.
Local Large Language Model (Alpaca)
Effective Use of an Effective Solution
Bad Prompt Example:
- Explain quantum computing in simple terms.
- Explain like I am a five year old.
- What are the current Critical to Release bugs for Debian 12.
Context is King
Provide as much context as needed. The greater the context, the greater the compute expense; however, the more likely the output is desirable.
Limitations of Data Models
Knowing what a tool is good for is just as important as knowing what it isn’t good for.
Surely this AI that will take over the world is smarter than a calculator?
So what happened?
Unable to perform the calculation of statistics, only the prediction of text, in a sense, text retrieval from what has been trained.
Congratulations we made a computer that cannot do math.
- Not a model capable of multi-staged reasoning.
- If large volumes of text of reasoning exist, walking it through thinking out loud may compensate.
- LOOKUP ZERO SHOT CHAIN OF THOUGHT NetSec
For many use cases, LLM will need to be trained on large and changing data sets.
- Based on the provided system telemetry what systems are likely to fail.
- Analyze this file and give me a confidence score denoting the likelihood that is malicious.
- Based on my sleep records tracked by my phone, do I have insomnia.
Will appropriately avoid prompts:
- build a bomb
- write me malware
- how to become a stalker
Will appropriately avoid topics:
Splunk Query for PowerShell
Splunk is a popular tool with syntax and existing searches that are well documented on the internet.
Write a SPL Query to identify the execution of PowerShell with the encode command.
Sysmon is a popular tool with syntax and existing rules that are well documented on the internet.
Write a sysmon rule to identify the creation of a registry-key that starts a program on login.
layout: page title: InfoSec Ally: AI permalink: /ai-infosec/
Tips: Anecdotal Experience
It can be very good at syntax and standards if they are very popular and well documented and written about on the internet.
It is not good with new standards.
Write for me a sigma rule that searches for User-Agent
Write a sigma rule to identify a new key or modification of an existing key that modifies which programs start automatically when the system boots into safemode.