The dust is settling on InfoSec London 2023, and in reflection we offer a unique insight to the discourse that’s been circulating. As a company that specialises in the production of artificial intelligence tools for Cyber Threat Intelligence analysts, we’re acutely aware of how AI tools are impacting the CTI scene. So, allow us to feed your curiosity about the zeitgeist that pervaded this year’s conference.
Don’t Worry, You Still Have a Job!
People, in all their carbon-based glory, were still very much relevant within InfoSec’s cyber scene. All the mainstream CTI vendors went out of their way to highlight their star analysts. The usual analyst profile was a decade or more of policing and/or military experience.
Standard human-centric metrics of capability—such as team size, linguistics, and data-source access—still seemed to be the main factors of a CTI services maturity.
The ‘AI Module’ within the CTI Service
Although humans are still firmly in the loop, AI-driven CTI definitely made its presence felt at InfoSec. Many CTI vendors demonstrated AI-driven elements of their products. Some have clearly ‘bet the house’ on AI, hanging their entire platform off the technology. But most have a more modest AI-based offering within a principally non–AI-based service.
The vast majority of these AI additions to extant service offerings revolve around optimising the search for, and delivery of, text-based intelligence. Typically, this takes the form of an adapted large language model, in the style of ChatGPT but focused on a proprietary set of threat-intelligence documents. Summarising text also seems to be a big focus of near-term development of AI technology for CTI.
These AI modules are certainly a new solution, from a technological perspective. But they all aim to consume text-based intelligence on a large scale. That’s a problem we in the intelligence field have negotiated since long before the advent of digital technology.
Impact of AI on CTI
After the storm of publicity incited by ChatGPT, Bard, and other tools, the tangible impact of AI on the CTI field is somewhat underwhelming—at least, as far as the InfoSec experience demonstrated. The AI additions to existing products that we saw were significant; but they were largely no more impressive than the non–AI-based services that originally put vendors on the map.
This isn’t to say that AI-based tools won’t have an impact on CTI. It’s just maybe a little early to fully appreciate their potential impact. When it does manifest, where might that impact be felt?
- Filling The Skills Gap – (but maybe not where you think): One of the most insightful quotes we heard during InfoSec came from Mark Ward, the CISO at Three, who said, ‘There is a huge skills gap at the bottom of the skills pyramid, at the entry-level positions. But just adding more bodies will not solve the problem.’ This highlights a possible future role for AI in the more transactional areas of cyber security—which currently consume so much of junior staff members’ time.
- Correlation Across The Board – Intelligence work, in general, is often about correlations between things like indicators of compromise and tactics, techniques, and procedures. In this area, AI has the ability to excel, especially given that much ambiguity dwells around these correlations.
- Need For Structure – CTI is a discipline principally driven by text-based content. This presents a huge challenge for the future. It also presents a barrier to such developments as big-data–driven CTI and more structured threat-hunting activities. In this area Elemendar’s READ. shines, being able to automatically structure CTI text according to the STIX and MITRE ATT&CK framework.
There’s your brief roundup of our reflections on InfoSec 2023. Yes, the impact of AI on CTI was somewhat muted, but the impact is there and will only continue to grow over the next few years.