The Dawn of AI Cybersecurity: How LLM-Agents Are Changing the Game

Cybersecurity OpenAI's GPTs - Security Practitioners are leading the way with LLM-based agents!

Hello Cyber Builders 🤘

This last week has been a crazy week for Cyber Builders interested in AI and cybersecurity. OpenAI released many new features, including better and cheaper GPT-4 and new agent technology called GPTs.

In a previous post, “Generative AI & Cybersecurity: Security Practitioners will be leading new use-cases” (link), I described how the new LLMs model decreases the complexity of building Generative AI apps, removing the need for a data scientist team and a 6-month process. I shared my conviction that “Security Practitioners” - people who do the hard work of cybersecurity, being pen testers, risk managers, application security engineers, SOC analysts, and threat intelligence researchers, will lead the way to building new LLM-based applications.

Guess what? A week after the release of OpenAI’s GPTs, we have already seen an extensive list of Cybersecurity GPTs. Let’s dive in!

In This Post

1. Security Practitioners in AI: Discussion on the role of security practitioners in developing use-cases for Generative AI, focusing on LLM-based applications.

2. Cybersecurity GPT Showcase: Exploration of GPT agents designed for cybersecurity, referencing Thomas Roccia’s compilation of Awesome GPT Agents for CyberSecurity.

3. Coverage of Cybersecurity Fields and Assistance by GPT Agents: Insight into how GPTs assist users and listing the diverse fields within cybersecurity enhanced by GPT agents testing.

4. Key Features of OpenAI's GPT Technology: Breakdown of the features that make GPT models powerful in developing cybersecurity applications.

5. Limitations of GPTs: What are the current limits and sometimes failures.

CyberSecurity GPTs

As a substack author, I spend hours per week researching cybersecurity to share with my readership what I am learning and seeing at the bleeding edge.

This week, I am lucky as I can leverage the work of Thomas Roccia, @fr0gger, who built a list of Awesome GPTs Agents for CyberSecurity.

As the space is moving fast, I won’t copy-paste the list here as it will be obsolete once I share the post. Follow the above link - give the GitHub repo a star!

Still, let me highlight MagicUnprotect - by Thomas himself! This GPT allows interaction with the Unprotect DB to retrieve knowledge about malware evasion techniques.

Excellent use case - ease users can ask open-ended questions to a large set of advanced documents. Security practitioners could face a challenge when they need to dive into a database of difficult-to-learn “evasion techniques.” Experts will argue that it is not so complex, but you must dive into these techniques to understand them. People get several days of techniques as “Introduction.” A GPT agent is solving this by offering an easy conversational UX. I have a question in mind I can ask. I am an expert; I can ask exact questions. I am a field “rookie”; I can ask more fundamental questions.

DALL-E : cybersecurity AI agent, depicted as a humanoid figure made of digital code and circuits, in a futuristic, cyber-themed environment.

GPTs agents are already covering many fields.

The different fields covered by GPT agents in cybersecurity, as indicated by the "Awesome GPT-Agents" repository, include:

1. Threat Intelligence: Agents like Threat Intel Bot specialize in providing the latest information on advanced persistent threats (APTs).

2. Penetration Testing: Tools like GP(en)T(ester) offer guidance in penetration testing, assisting users in identifying and exploiting system vulnerabilities.

3. Malware Evasion Techniques: MagicUnprotect interacts with databases to provide knowledge about malware evasion.

4. Source Code Analysis: Agents can analyze source code, helping users understand and rectify potential security issues in their coding projects.

5. Web Security: The Web Hacking Wizard focuses on web security topics, providing interactive guidance and clarification.

6. Career Guidance: Agents like Cyber Security Career Mentor and Cyber Mentor guide career paths and skill development in the cybersecurity field.

7. Risk Assessment and Cybersecurity Advising: CyberGuard is an advisor for home and small businesses, aiding in general cybersecurity and risk assessment questions.

These fields show the diverse applications of GPT agents in enhancing understanding, skills, and safety in cybersecurity. Passionate individuals have created all these GPTs.

Taking a step back - what are these agents doing?

As for the types of assistance a user can get from GPTs in cybersecurity, they include:

1. Explanatory Guidance: GPTs can clarify complex cybersecurity concepts and provide detailed explanations.

2. Learning Assistance: These agents can facilitate learning about various cybersecurity topics, from basics to advanced levels.

3. Interactive Training: Some GPTs offer interactive sessions or exercises for practical training, such as secure coding practices or web hacking scenarios.

4. Threat Intelligence and Analysis: GPTs can provide up-to-date threat intelligence and assist in analyzing cybersecurity threats and vulnerabilities.

5. Guidance on Career and Skill Development: These agents can also guide users in their cybersecurity career paths, offering advice on skill development and industry insights.

The pace of AI-driven use cases is accelerating.

You may ask: how these wonders are happening? How is it even possible to develop an over a week?

Indeed, OpenAI's GPTs technology offers a highly adaptable foundation for building new agents, thanks to several key features:

1. Pre-trained with Extensive Knowledge: GPT-4 models are pre-trained on billions of tokens, effectively incorporating vast knowledge into the model. This extensive pre-training means that the model has already 'factored in' a significant amount of information and context, providing a solid foundation for various applications. Moreover, the new GPT-4 Turbo model supports up to 128k tokens (2 books) of context!

2. Natural Language Programming: English is the “programming language” of GPTs. This feature lowers the barrier to entry, as users don't need to learn complex programming languages like Python or JavaScript. Instead, they can interact with and program the model using plain English or other supported languages, making it accessible to a broader range of users.

3. Integration with Retrieval-Augmented Generation (RAG): Coupled with Retrieval-Augmented Generation, GPTs can become even more specialized. RAG enables the model to access a corpus of trusted and vetted documents, enhancing its responses with more accurate and relevant information. This integration allows for more precise and contextually aware responses tailored to specific domains or subjects.

4. Incorporation of a Code Interpreter: Including a code interpreter means that GPTs can perform computations or generate graphics using Python. This feature expands the potential applications of GPTs, allowing them to execute code and create visual outputs.

5. Extensibility with APIs: GPT-4 models can interact with various APIs to fetch additional data, further enhancing its capabilities. This feature allows GPT-4 to access real-time information, interact with other services, and provide more dynamic and updated responses.

6. Effectiveness with Machine-Readable Formats: GPTs work particularly well with machine-readable formats like JSON or YAML, making them useful for analyzing and manipulating structured data.

These attributes make OpenAI's GPT a powerful tool for creating a wide range of intelligent agents capable of performing diverse tasks, adapting to various user requirements, and answering open-ended questions.

Current Limitations of GPTs in Cybersecurity

While GPTs in cybersecurity are beneficial, they have significant limitations:

1. Code Execution Limits: GPTs can execute code but cannot install new Python libraries, limiting their ability to utilize specific tools or features. The OpenAI security team would be nervous to see GPTs installing new software, but for GPT makers, it will become as crucial as any cloud environment.

2. Lack of Concrete Action Sequences: GPTs cannot define or execute complex sequences of actions, reducing their effectiveness in implementing practical cybersecurity solutions.

3. Limited to Role Prompting: Many GPTs are limited to role prompting, responding strictly to queries without adding context. It means their creation has crafted an excellent prompt, specializing the agent to act as an advisor, an analyst, or another role. Still, as GPT-4 is good at reading machine-readable data, we can expect more GPTs combining role AND security data.

4. Importance of Specialization and Data: GPTs will become more effective when specialized with specific data. With this specialization, their usefulness can be improved.

These limitations will be resolved over time, and we can expect more sophisticated GPTs to be published in the coming months.

Build your agent - a needed experience.

People tend to say that kids need to learn code. My son and daughter are doing tons of Python at high school for maths and physics classes. That’s good.

Prompt engineering is a critical skill in this domain. It involves crafting inputs that effectively guide the language model to produce the desired output. A good prompt is clear, concise, and specific, providing enough context to steer the model in the right direction without being overly restrictive. It should balance the need for detail with allowing the model creative or analytical freedom.

Crafting effective prompts often requires a degree of creativity and an iterative approach. Experimentation and refinement are essential, as initial prompts may only sometimes yield the desired results. Thinking creatively and adapting prompts based on feedback and outcomes is valuable in this field.

I strongly encourage you to build your agent and share it with me.

Future of Cybersecurity with GPT Agents - Concluding remarks

In conclusion, the rapid development and deployment of GPT-based agents in cybersecurity mark a significant leap forward in approaching digital security challenges from a practitioner standpoint.

The versatility and accessibility of GPT technology have democratized AI development, allowing security practitioners from various backgrounds to create sophisticated, AI-driven solutions without the need for extensive coding knowledge. This empowerment is critical in a field as dynamic and complex as cybersecurity, where the ability to adapt and respond to emerging threats quickly is invaluable.

New technologies are also creating new threats and capacities for bad actors. Daniel Miessler, highlight one of them in this week's newsletter:

Custom GPTs are basically a front-end version of assistants. And importantly, they both have the same functionality of being able to call Code Interpreter, browse the web, and call arbitrary APIs.

Let me say that again– they can call any API

I’ve been saying for a long time that the #1 threat to AI security, from a cyber security standpoint, is AI agents having the ability to call APIs.

Daniel Miessler - OpenAI's November 23' Releases Are a Watershed Moment for Human Creativity—and Prompt Injection

Daniel is spot on. As he describes, we have a new tool, a huge potential, but as any technology, it is a double-edged sword: bad actors can use it leveraging prompt injection.

We will continue to explore the intersection of AI and Cybersecurity in the following post. Stay tuned and subscribe if you haven’t yet.

Laurent 💚