Chatting About Cybersecurity: A Conversation With ChatGPT on the Role of Artificial Intelligence

October is Cybersecurity Awareness Month, and the Security Industry Association (SIA) Cybersecurity Advisory Board is marking the occasion with a series of helpful content, tips and guidance on key cybersecurity topics. In this blog from SIA Cybersecurity Advisory Board Vice Chair Rachelle Loyear – vice president of integrated security at Allied Universal – learn about the role of artificial intelligence (AI) in cybersecurity.

Rachelle Loyear headshot
Rachelle Loyear, vice president of integrated security at Allied Universal, serves as vice chair on the SIA Cybersecurity Advisory Board.

As we begin Cybersecurity Awareness Month, I thought it would be good to take a look at everyone’s favorite buzzword: “AI.”

It seems like every security company out there has some kind of AI solution that is going to make your security better, faster and stronger. I’m even sure that some of them might actually be able to do it. But today, I wanted to talk to one of the most accessible AI tools out there my little buddy ChatGPT to see what he thinks he can do to help security professionals, and where we are better off leaving the humans in place for now.

Me: So, Mr. GPT… or can I call you Chat? Can you tell me what you have observed since you launched with people leveraging AI tools like yourself in security and cybersecurity functions?

ChatGPT: You can definitely call me Chat! I’m here to help. Since my launch, I’ve observed the transformative impact artificial intelligence can have on cybersecurity. In this rapidly evolving field, AI tools like myself offer significant benefits but also present certain challenges. I’d like to share my thoughts on where I can be exceptionally useful in enhancing cybersecurity measures like writing policies, crafting training and helping identify some types of risks and where it might be wise for organizations to wait until AI technology matures further before fully integrating it into their security strategies.

Me: So, Chat, can you tell me how you can assist organizations with developing their security policies and procedures, as well as creating security awareness training content?

ChatGPT: Absolutely! Crafting comprehensive cybersecurity policies and procedures is essential for any organization, and I can be a valuable asset in this area. I can help by rapidly generating initial drafts based on industry best practices and relevant regulatory requirements. This means I can quickly provide a solid foundation that covers all the necessary elements.

I also ensure consistency across all documents by maintaining uniformity in language and protocols, which is crucial for clarity and compliance. Additionally, I can assist in interpreting and incorporating the latest laws and standards to help organizations stay up to date with regulatory requirements. By handling these tasks, I free up human experts to focus on tailoring the policies to fit the organization’s unique context and culture.

When it comes to creating security awareness training content, I can contribute significantly. Educating employees is vital for maintaining a strong security posture. I can develop engaging materials like quizzes, real-life scenarios and interactive content to make learning more effective and enjoyable. I stay updated with the latest threats and security practices, so I can help keep training materials current and relevant to today’s risks. Plus, I can personalize training modules for different departments or roles within the organization, ensuring that the content resonates with each specific audience.

Me: That sounds very helpful. But what about areas like physical security and operational technology (OT) security? Can AI tools like you assist in those domains as well?

ChatGPT: That’s an excellent question. While I have extensive knowledge in IT cybersecurity, my capabilities in physical security and OT security are more limited. Physical security involves understanding human behaviors, environmental factors and sometimes unpredictable situations that often require on-the-ground human assessment. Similarly, OT security deals with industrial control systems and critical infrastructure, which have specialized protocols and real-time operational requirements that may not be fully represented in my training data.

That said, I can still offer some assistance. For example, I can help draft physical security policies, suggest best practices or analyze data from security sensors if the data is provided in a compatible format. However, the nuanced understanding needed to address the complexities of physical environments and OT systems typically necessitates human expertise.

In these areas, collaboration with security professionals who have domain-specific knowledge is crucial. AI can support by handling routine tasks or providing general guidance, but human insight is essential to navigate the unique challenges presented by physical and OT security.

Me: Are there other areas in cybersecurity where we should be cautious about relying on AI like you?

ChatGPT: Yes, there are additional areas where caution is advised. For instance, relying solely on AI for automated threat detection and response in IT systems has its limitations. I might struggle to identify zero-day exploits or unconventional attack methods that aren’t represented in my training data. There’s also the risk of false positives or negatives misclassifying benign activities as threats or missing actual threats which can lead to security gaps or unnecessary alarms.

Moreover, I may lack the nuanced understanding needed to recognize sophisticated attacks that require contextual analysis and human intuition. Human expertise remains crucial in these areas to accurately interpret threats and make informed decisions.

Handling sensitive and classified information is another area where organizations should be careful. Deploying AI in environments with highly sensitive data requires strict data privacy measures. There’s a risk associated with processing sensitive information, especially if it’s not properly secured or if the AI system itself becomes a target for attackers. Ensuring that AI tools meet all legal requirements for data handling and protecting the AI infrastructure from being compromised are complex but essential tasks.

Strategic decision making is also a domain where I shouldn’t replace human judgment. While I can provide valuable insights and data analysis, understanding an organization’s culture and values and the ethical implications of certain actions requires human insight. Navigating moral dilemmas and responding to unprecedented situations that fall outside predefined parameters are best handled by experienced professionals.

Lastly, overreliance on AI outputs without human validation can lead to issues like reinforcing existing biases present in my training data, reducing critical thinking among security personnel, and challenges in accountability for decisions made with AI assistance. It’s important to strike a balance between leveraging AI capabilities and maintaining human oversight.

Me: So what’s your overall recommendation for organizations looking to integrate AI into their security strategies?

ChatGPT: I believe that artificial intelligence offers significant potential for enhancing corporate security functions across various domains. I can augment human efforts by improving efficiency, providing valuable insights and handling routine tasks swiftly; however, it’s important to recognize and respect my current limitations, especially in specialized areas like physical and OT security.

I recommend a balanced approach:

  • Human-AI collaboration: Use AI tools like me to support and enhance human expertise, not replace it. Collaboration ensures that you get the best of both worlds the speed and data processing power of AI, combined with human judgment and experience.
  • Continuous monitoring: Regularly assess AI outputs for accuracy and relevance. This helps catch any errors or biases and ensures that the AI continues to meet your organization’s needs.
  • Securing AI systems: Implement robust security measures to protect AI tools from threats. This includes safeguarding the data processed by AI and securing the AI infrastructure itself.
  • Establishing ethical guidelines: Develop policies to govern the responsible use of AI in security contexts. Clear guidelines help prevent misuse and promote transparency and trust within the organization.

By thoughtfully integrating AI into cybersecurity strategies, organizations can leverage my strengths while mitigating risks. Waiting for AI technology to mature in certain areas, especially those involving high-stakes decision making, sensitive data or specialized domains like physical and OT security, ensures that when AI is adopted, it enhances rather than compromises security efforts.

Me: Looking ahead, how do you see the role of AI evolving in security?

ChatGPT: Looking to the future, I anticipate that ongoing advancements will address many of my current limitations. As AI technology continues to evolve, I expect to become even more integral to security infrastructures across IT, physical and OT domains. Improvements in machine learning algorithms, better handling of contextual understanding, and enhanced security features will make AI tools like me more reliable and effective.

Organizations that stay informed about these developments will be well-positioned to capitalize on new capabilities as they become available. By keeping abreast of AI advancements, companies can integrate cutting-edge tools and techniques that enhance their security posture, all while maintaining the essential human element that ensures ethical and strategic alignment with organizational goals.

Me: Well, Chat, I really appreciate you taking the time to share your perspectives. It’s clear that AI tools like yourself have a significant role to play in enhancing security, cyber and physical! Whether you are streamlining policy development, creating training content, or assisting with certain aspects of risk assessments and incident responses, your help will be impactful. However, I can definitely also see that there are areas where human expertise remains irreplaceable, especially when it comes to nuanced threat detection, handling sensitive information and making strategic decisions in specialized fields like physical and OT security.

As the use of AI grows in the security field, finding the right balance between using AI capabilities and keeping human oversight will be critical. By doing so, we can harness the best of both worlds to build stronger, more resilient security strategies across all domains.

The views and opinions expressed in guest posts and/or profiles are those of the authors or sources and do not necessarily reflect the official policy or position of the Security Industry Association.