Just about every cybersecurity provider has an artificial intelligence-related story to tell these days.

There are many security products and services that now come with built-in AI features, offering better ways to seek out and neutralize malware. Or they have new “co-pilot” add-ons that allow human operators to work hand-in-mouse with an AI-driven assistant to screen security alerts. Or they use AI add-on tools for better phishing detection, new threat discovery or troubleshooting of network and application problems or misconfigurations.

SiliconANGLE analyzed both the good and bad sides of AI-based cybersecurity. Now, let’s examine some of the products that offer the most promise.

The spread of AI-infused security cuts across startup and established companies alike. For example, Palo Alto Networks Inc. is developing its own large language model or LLM that will use AI to improve its operational efficiencies. SentinelOne Inc. will have an LLM so that security analysts can query potential threats with a simple search box without the need to learn complex jargon or syntax. Cloudflare Inc. is using machine learning to help more quickly find and neutralize botnets. And both Blink Ops and Trend Micro Inc. will integrate AI into their tools with copilot-like features.

That’s not all. Darktrace Holdings Ltd. has already used AI to identify several cyberattacks, such as one targeting a power grid that its AI found within a few hours. BreachLock Inc.’s penetration testing as a service has been tapping AI to improve its efficiency in handling security audits and analysis services. Cybersixgill has its IQ service that amplifies its dark web scanning tools, as SiliconANGLE wrote about recently.

Then there’s Sentra Inc., which has a browser extension that will anonymize chatbot queries and block inadvertent private data transmissions. Guardz has enhanced its phishing protection with AI. Earlier this year, HiddenLayer Inc. won the RSA Conference Innovation Sandbox for best new product, a tool that can help defend against adversarial AI-based attacks. And those are by no means exhaustive.

Even companies not selling security services want to call attention to their AI cyber capabilities. Grammarly Inc. is using AI to make better writing suggestions, for instance. But it’s also focused on what Grammarly Chief Information Security Officer Suha Can, quoted in HackerOne’s blog, calls “preemptive security,” meaning using AI tools to be able to disconfirm one’s beliefs.

Likewise, Nvidia Corp. has created a specialized AI-based “red team” for various offensive security measures, including developing an entire operational workflow and developer pipeline using various machine learning techniques. The team developed the chart below showing the various AI tools the company is using, and the various security checks and infrastructure used to deploy them.

In parallel to Nvidia’s effort is a collection of more than a dozen open-source LLM tools that can be used for cybersecurity research, curated by a team at Tenable Holdings Inc. These include reverse engineering, cloud and network security. And Check Point Software Technologies Ltd. has a recent post about ways that LLMs and AI can help cybersecurity practice, including better reverse engineering to examine malware and using AI to detect threats that have been authored by AI-based tools. These efforts are helpful, to be sure.

This parade of products is certainly a testimonial to how big the AI bandwagon has become. But the real challenge is distinguishing between the AI infusion and what a security provider has been doing all these years in detection, prevention and so forth. Many of these legacy activities didn’t involve any AI tools or any actual machine learning, other than some basic database queries and clever coding techniques.

Security firms grew up in the 1990s doing malware detection and prevention by looking for code segments that were used by the bad guys in their malware. This is easily visualized with the endpoint protection providers, which collect a great deal of telemetry across their customers and are constantly examining this trove of data. With these huge collections, the companies could morph these scans into examining oddball behavior common to malware authors, such as escalating privileges, scanning for open network ports or executing code upon network entry.

But as bad actors got more sophisticated, they learned how to evade these “tells” and figure out more subtle ways to penetrate a business network with a single packet, remain dormant for hours or weeks. Then they could launch their attacks without giving away their presence until it was too late for defenders to do anything about them.

That sophistication meant that those malware needles are getting smaller and harder to find in bigger data haystacks. And that is where AI-based tools can help by filtering out all the chaff that isn’t needles.

Undoubtedly, those few cybersecurity providers that haven’t yet announced any AI-related products will join in soon. But as is apparent from Nvidia’s Red Team schema diagram, AI isn’t just a stand-in for some marketing hype but requires a full-throated commitment across a broad spectrum of different technologies, tactics and techniques.

And although AI can certainly help to defend an enterprise’s infrastructure, the first iterations of AI-enhanced tools are just like anything else AI-related: enhancements. If they want to stay ahead of the bad guys, companies still need to mind their basic security policies and procedures.

Image: Nvidia