Let’s explore the relationship between LLMs and cloud security, discussing how these advanced models can be dangerous, as well as leveraged to improve the overall security posture of cloud-based systems. Simply put, a large language model (LLM) is an artificial intelligence program designed to understand and generate human language. It is trained on vast amounts of text data from the internet, learning grammar, facts and reasoning abilities. With this knowledge, an LLM can answer questions, generate text and even hold a conversation with users. Examples of LLMs include OpenAI's ChatGPT, Google’s Bard and Microsoft's new Bing search engine.
As cloud computing continues to dominate the technology landscape, it has become more important than ever to ensure robust security for the services and data residing in the cloud. The development of large language models (LLMs) has shown great promise in enhancing cloud security.
As revolutionary as the LLM technology can be, it is still in its infancy, and there are known issues and limitations that AI researchers have yet to conquer. These issues may be the showstoppers for some applications. And, like any tool accessible to the public, LLM can be used for benign, as well as malign purposes. While generative AI can produce helpful and accurate content for society, it can also create misinformation that deludes the content for consumers.
LLM may generate output that cannot be grounded by the input context or the knowledge of the model. It means that the language model generates text that is not logically consistent with the input, or is semantically incorrect but still sounds plausible to a human reader.
Most LLM applications rely on pretrained models because creating a model from scratch is too expensive for most organizations. However, there is no perfectly balanced training data, and thus every model will always be biased in certain aspects. For example, the training data may contain more English texts than Chinese texts or more knowledge about liberalism than conservatism. When humans rely on the recommendations from these models, their biases can result in unfair or discriminatory decisions.
LLM may not always generate the same outputs that are given the same inputs. Under the hood, LLMs are probabilistic models that continue to predict the next word based on certain probability distributions.
LLM tools are typically built with security filters to prevent the models from generating unwanted content, such as adult, violent or proprietary content. Such filters, however, can sometimes be bypassed by manipulating the inputs (e.g., prompt injection). Researchers have demonstrated various techniques to successfully instruct ChatGPT to generate offensive texts or make ungrounded predictions.
By design, LLM can only take unencrypted inputs and generate unencrypted output. When a proprietary LLM is offered as a service like OpenAI, the service providers hoard a large amount of sensitive or classified information. The outcome of a data breach incident can be catastrophic, as seen in the recent account takeover and leaked queries incidents.
With their advanced language generation capabilities, LLMs can create convincing, but false content. This contributes to the spread of fake news, conspiracy theories or malicious narratives.
Malicious actors can weaponize LLMs to create sophisticated social engineering attacks, such as spear phishing emails and deep fake content.
LLMs can be used to generate content that closely resembles copyrighted or proprietary material. This poses a risk to organizations that rely on intellectual property to maintain a competitive advantage.
Generative AI has been used for auditing source code and writing new code. Researchers demonstrated it could also write malicious code like ransomware. There are also reports showing that cybercriminals use ChatGPT to create offensive scripts.
However, if used correctly, LLM can also be leveraged to improve cloud security.
One of the most significant benefits of LLMs in the context of cloud security is their ability to streamline threat detection and response processes. By incorporating natural language understanding and machine learning, LLMs can identify potential threats hidden in large volumes of data and user behavior patterns. By continuously learning from new data, LLMs can adapt to emerging threats and provide real-time threat information, enabling organizations to respond quickly and efficiently to security incidents.
As regulatory frameworks continue to evolve, organizations face the challenge of maintaining compliance with various security standards and requirements. LLMs can be used to analyze and interpret regulatory texts, allowing organizations to understand and implement necessary security controls easily. By automating compliance management, LLMs can significantly reduce the burden on security teams and enable them to focus on other critical tasks.
This is extremely relevant to compliance-heavy products, such as Prisma Cloud, and even more relevant when the customer managing the product is trying to comply with certain regulations.
Social engineering attacks, such as phishing and pretexting, are among the most prevalent threats to cloud security. By utilizing LLMs to analyze communication patterns and identify potential threats, organizations can proactively detect and block social engineering attacks. With advanced language understanding capabilities, LLMs can discern the subtle differences between legitimate and malicious communications, providing an additional layer of protection for cloud-based systems.
Effective communication is a critical aspect of incident response in cloud security. LLMs can be used to generate accurate and timely reports, making it easier for security teams to understand the nature of incidents and coordinate their response efforts. Additionally, LLMs can be employed to create clear and concise communications with stakeholders, helping organizations manage the reputational risks associated with security breaches.
LLM, AI and ML aren’t strangers to Prisma Cloud. We are currently leveraging those technologies to improve our customers’ cloud security in several ways. For example, Prisma Cloud provides a rich set of machine-learning-based UEBA anomaly policies to help customers identify attacks launched against their cloud environments. The policies continuously inspect the event logs generated from the activity of the existing subjects in each environment and look for any mischievous activity.
Prisma Cloud is committed to being at the forefront of technological advancements, enabling us to anticipate and proactively address emerging threats and risks in the era of generative AI. We persistently leverage the power of AI to streamline security operations, identify novel threats, and efficiently close security gaps. Recognizing the limitations and risks of generative AI, we will proceed with utmost caution and prioritize our customers' security and privacy.