As cyber threats in recent times increasingly leverage Artificial Generative Intelligence, the integration of LLMs into cybersecurity cannot wait.
.png)
The immense popularity of Large Language Models (LLMs) has changed the general perception of Artificial General Intelligence across the world. The advanced comprehension capability and general reasoning skills these models possess make them versatile enough to have a wide array of applications. The avenue of cybersecurity is no different, with giants like Nvidia actively pursuing the possibility of LLMs playing an active role in the future of cybersecurity.
LLMs are expected to have a huge impact on various aspects of cybersecurity such as vulnerability detection, code generation, programme repairing, threat intelligence, anomaly detection, and assisted attacks. The significance of assisted attacks, in particular, is not to be understated as these tools are freely available to all. If not managed and included in security efforts, their capabilities can be used by malicious parties. Large language models (LLMs) bolster cybersecurity in both code-based and text-based domains. The ability to comprehend, analyse, and, when necessary, generate code is integral in securing cyberspace.
Furthermore, text-based LLMs hold immense potential in identifying and mitigating phishing scams. Models like CodeLlama (developed by Meta AI) and StarCoder (developed by Hugging Face and ServiceNow), in tandem with benchmarking software such as CyberBench and SecEval (developed by Xuanwu AI) have already displayed the capability of LLM involvement in the domain of cybersecurity. Thus, it is apparent that LLMs will play a decisive role in the future of cybersecurity.
The borderless nature of cyberspace compels a paradigm shift in cybersecurity development, advocating for a collaborative approach that transcends regional boundaries. This would imply that the development of cybersecurity, including the assimilation of new technologies into it would be more effective if done at a multinational level by something akin to an international or multilateral organisation. However national interests take precedence when independent sovereign entities interact, and this can lead to lopsided or ineffective development. Furthermore, establishing and maintaining a truly neutral international organisation is a complex endeavour.
Regional variances would influence what sovereign nations focus on while fortifying their cybersecurity walls. Thus, it is best to approach the issue of introducing advancements in technology to cybersecurity to the highest cohesive political entity, that being a sovereign country.
Regional variances would influence what sovereign nations focus on while fortifying their cybersecurity walls. Thus, it is best to approach the issue of introducing advancements in technology to cybersecurity to the highest cohesive political entity, that being a sovereign country.
For illustrative purposes, consider an international organisation, comprised of member states. attempts to implement a singular LLM for cybersecurity at the organisational level. This endeavour would necessitate extensive discussions and consensus building among member states regarding the primary focus of the LLM. However, the varying nature and volume of cyber threats each nation faces would likely lead to conflicting priorities. Additionally, the said international organisation might be inclined to prioritise the needs of the nation with the most capital, soft and hard power, and human capital. This dynamic could result in a lopsided LLM development skewed towards the dominant contributor. Therefore, assuming sufficient resource availability, independent LLM implementation in cybersecurity by the member states would likely prove more effective than a single, potentially skewed, organisational LLM.
Large language models (LLMs) are typically trained on vast datasets to achieve a level of generalisability. While fostering versatility and user-friendliness for commercial applications, this broad approach creates a “jack-of-all-trades, master-of-none” scenario. Thus, while LLMs excel at applying their language comprehension to diverse tasks, they fall short when it comes to specialised problem-solving within one domain. However, for sensitive domains like cybersecurity, specialised expertise is paramount. The construction of domain-specific LLMs entails a three-step process: base model selection, fine-tuning, and efficiency evaluation using benchmarking software. This necessitates the creation of cybersecurity-specific datasets, which may exhibit regional variations reflecting the prevailing cyber threats encountered by the population.
Large language models (LLMs) are typically trained on vast datasets to achieve a level of generalisability. While fostering versatility and user-friendliness for commercial applications, this broad approach creates a “jack-of-all-trades, master-of-none” scenario.
The disclosure of sensitive cybersecurity data to a wholly private entity, particularly one situated in a foreign nation, could disrupt the balance of power in cyberspace. However, the creation of an LLM from scratch is an arduous task that requires massive amounts of capital, time, and data. Therefore, the optimal way to leverage LLMs in cybersecurity is to choose an open-source base model exhibiting strong performance on cybersecurity benchmarks, followed by targeted fine-tuning as required. While closed-source models such as Open AI’s ChatGPT or Google’s Gemini might achieve superior benchmark scores initially, their proprietary codebases, controlled by private entities, pose significant limitations. The restricted nature of these models would likely hinder effective fine-tuning, potentially diminishing their overall efficacy in specific regional contexts.
LLMs represent an evolving technology, and their application in a domain as crucial to societal well-being as cybersecurity necessitates continuous monitoring and evaluation. The data required to optimise a base model efficiently needs to be collected continuously to ensure that the LLM remains robust. This includes data on all cyber threats, the damages incurred, and the countermeasures undertaken. This iterative process of data acquisition and periodic LLM updates necessitates the support of a reliable agency capable of facilitating seamless information collection and resource allocation.
LLMs represent an evolving technology, and their application in a domain as crucial to societal well-being as cybersecurity necessitates continuous monitoring and evaluation.
Current regulations governing Artificial Intelligence (AI) have yet to fully encompass the nuanced oversight required for the specific application of LLMs in cybersecurity as they are currently limited to broad regulations, such as the European Union’s AI Act and the frameworks developed by the National Institute of Standards and Technology in the United States to manage AI risks. However, these regulations represent crucial initial steps towards the effective implementation of AI technologies in governance, including LLMs for cybersecurity purposes.
While governance of a developing technology and its implementation in security affairs has not reached the end of its development cycle, it is an expensive process in terms of human resources. This is especially so in the case of LLMs, given their generative properties as it mandates constant cross-checking and validation. However, the integration of LLMs into cybersecurity cannot wait. Cyber threats in the modern era increasingly leverage Artificial Generative Intelligence, and achieving parity in capabilities is an urgent priority. Therefore, state intervention in developing and integrating LLMs into cybersecurity is an urgent necessity.
Pranoy Jainendran is a Research Intern at the Observer Research Foundation.
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.
PREV
.png)
.png)