Black Hat 2024: AI to Boost Creativity in Security for SOC Pros, Attackers

"Creativity is actually going to grow because that's the thing with AI: It's very creative," says Avihai Ben-Yossef, co-founder and CTO of Cymulate in a conversation with Dark Reading's Terry Sweeney at News Desk during Black Hat USA. That's welcome news for security operations teams looking to innovate, automate, and solve emerging problems. But as with most technology advancements, the same tools and creative inspiration become available to attackers. AI "is going to increase the creativity rates of the attackers and the bad guys, at the same pace," Ben-Yossef adds.

He also lauds AI for being able to answer complex questions that might otherwise take security teams hours or even weeks to work out. But Ben-Yossef is much less impressed with the quality of responses with many GenAI tools; he strongly advocates performing due diligence on any security guidance or recommendations from GenAI's answers to security queries.

Does that mean he thinks security pros and analysts should hold off using GenAi for solving problems? Not at all. "Don't trust it 100%, but dive in right now, for sure, because it can shorten [problem solving], especially for a SOC analyst," Ben-Yossef says. But he warns all security professionals to guard against complacency and to thoroughly validate any results they get to their AI queries.

Ben-Yossef also observes that AI is really good at solving undefined problems and claims AI can access outside-the-box thinking really quickly. "Whenever you have a need, the first question you need to ask yourself is, 'Do I have a solution for it?' And if I don't, I'm going to ask AI."

Avihai Ben-Yossef, co-founder and CTO of Cymulate, co-created the company in 2016 to transform how companies conduct security testing, after seeing firsthand the pain of their customers from not knowing if their organization is secure. Cymulate provides red teams a platform to increase their operational efficiency and optimize their adversarial activities in a production-safe environment through attack surface management, phishing awareness, lateral movement, full kill-chain advanced persistent threat campaigns, and advanced scenarios. Prior to Cymulate, Avihai served in an intelligence unit of the Israel Defense Forces in a leading technological role, followed by becoming a senior information security consultant at Avnet Cyber and Information Security, where he worked on several projects alongside the Israeli Ministry of Defense.