Tenable has developed four new prototype AI cybersecurity tools to help firms combat a new generation of cyber threats and to create efficiencies in the cybersecurity research process. This includes areas such as reverse engineering, code debugging, web application security and gaining visibility into cloud-based tools.
The tools demonstrate ongoing experimentation by Tenable Research with generative AI applications like ChatGPT, and have been made available publicly to the security research community through a GitHub repository.
The development comes at a time when mounting concerns over the unintended consequences of unregulated AI have been voiced by the security community and government agencies in India and worldwide. Tenable has carefully embraced the technology and examined how it can be used to enhance both security and protection measures.
The four tools outlined in a new report titled ‘How Generative AI Is Changing Security Research’ will help the cybersecurity community identify vulnerabilities efficiently and efficiently.
Reverse engineering: Tenable created G-3PO, a tool that automates part of the reverse engineering process helping engineers understand the code's functionality quickly and efficiently without reading every line.
Debugging code: Debugging code requires understanding intricate technical details across multiple areas. Tenable developed an AI assistant that works with GDB to make finding and fixing mistakes in code easier.
Improving web app security: Web applications provide a unique challenge for researchers due to the complexities of identifying vulnerabilities within them. To improve web application security, Tenable created an extension called BurpGPT that uses ChatGPT and Burp Suite to help researchers find and fix common web application vulnerabilities.
Increasing visibility into cloud-based tools. Organisations often overlook the issue of misconfigurations in identity and access management (IAM) when it comes to cloud security, even though it's one of the most common concerns. Since IAM policy misconfigurations are common, Tenable created a tool called EscalateGPT to identify issues in IAM policies and improve Tenable Cloud Security.
“The increasing complexity of cyberattacks has created new opportunities for generative AI to make a significant impact in cybersecurity research,” said Ray Carney, Director of Security Response and Zero Day Research at Tenable. “Tenable has already leveraged AI tools to reduce the labour-intensive and complex work of identifying vulnerabilities, which has increased productivity and enabled them to work more effectively.”
In addition to the tools Tenable Research developed using LLMs like ChatGPT to reduce the manual workload of reverse engineering tasks and security research, generative AI will be a key tool for development teams to identify potentially-exploitable code.
“With advanced threat detection and intelligence from trained AI models, there are many ways this emerging technology can aid defenders in India. We’ve only scratched the surface of this generative AI journey. We expect defenders will find more innovative ways to use generative AI to strengthen their defenses,” said Kartik Shahani, Country Manager, Tenable India.