ChatGPT, unlike other Machine learning and artificial intelligence tools, is relatively new in cyber security. One of the most common use cases of ML/AI has been endpoint detection and responses (EDR), where ML/AI uses behaviour analytics to pinpoint anomalous activities. It can use known good behaviours to discern outliers, then identify and kill processes, lock accounts, trigger alerts and more. ChatGPT is tapping into the programming pattern of these cybersecurity tools to present a well-reformed cybersecurity pattern.
Cited by a junior cybersecurity analyst, ChatGPT can write an alert for a brute force attack against Active Directory. The AI could create the alert and explain the logic behind the query. ChatGPT could do all of these because it has learned SPL (Search Processing Language) which enables it to be a perfect guide for cybersecurity analysts.
Another compelling use case for ChatGPT is automating daily tasks for an overextended IT team. The AI can regulate the number of stale Active Directory accounts with its ability to build the logic to identify and disable accounts that have not been active in the past 90 days. If a junior engineer can create and schedule this script in addition to learning how the logic works, then ChatGPT can help the senior engineers and administrators free up time for more advanced work.
In addition, ChatGPT could be used as a force multiplier in a dynamic exercise. It could be used for purple teaming or a collaboration of red and blue teams to test and improve an organisation's security posture. With a simple request, ChatGPT can create a rudimentary but functional script that will enable a red-teamer to add this persistence to a target host. While the team uses this tool to aid penetration, the blue team can use it to understand what those tools may look like to create better alerting mechanisms.
While ChatGPT has its limitations, it will be an important tool that cybersecurity personnel could leverage to alleviate repetitive and mundane tasks and, likewise, gain an instructional guide, especially for less experienced threat hunters. Additionally, it is crucial for cybersecurity professionals to prioritise privacy and security when conducting online activities. One effective way to protect online privacy is by utilising a hidden VPN.