In the past year, the field of AI has seen significant advancements and a greater focus on regulatory and ethical considerations. At ColaSec we will be talking about AI for our May meetup. This will be a group discussion like we had last year. We wanted to revisit AI and how our views and uses of it have changed. We have a virtual option available for those that can’t make it in person.

To prepare for the discussion I wanted to put this blog post together reviewing AI and how it’s impacted our society over the last year. Ironically, this post was created with help from ChatGPT.

ChatGPT weighs in

• Generative AI's Expansion: Generative AI technologies have experienced widespread adoption and development. Companies increasingly use these capabilities not just for enhancing existing products and services but also for innovating new business models​ (McKinsey & Company)​.

• Ethics and Regulation: There has been a growing global movement towards regulating AI more stringently. For example, the European Union has been active in proposing comprehensive AI legislation, and the White House has introduced an executive order aimed at setting standards for AI development and deployment​ (MIT Technology Review)​ (Goodwin)​.

• Technological Innovations: On the technical front, major advancements have been made in areas such as AI explainability, privacy, and safety. New tools have been developed to improve the transparency and accountability of AI models, such as watermarking technologies for identifying AI-generated content​ (Google DeepMind)​.

• Application in Science and Healthcare: AI's application in scientific research and healthcare continues to grow, with new models enhancing our ability to design novel proteins and materials, potentially revolutionizing fields like drug discovery and environmental sustainability​ (Microsoft Cloud)​.

• Public Discourse and Awareness: The public discourse around AI has matured, with more widespread discussions on the ethical implications, societal impacts, and long-term consequences of AI technologies. This includes concerns about AI-generated disinformation and the privacy implications of widespread surveillance technologies​ (CSIS)​​ (Digital Watch Observatory)​.

• Generative AI and Cybersecurity: AI technologies are playing an increasingly critical role in cybersecurity, automating tasks and enhancing threat detection and response capabilities. The dynamic nature of AI is likened to an arms race among companies, governments, and cybercriminals, emphasizing the need for vigilant cybersecurity practices​ (TechNewsWorld)​.

• AI in Political Processes: The use of AI in political processes, such as elections, has become a significant concern. Issues like the generation and spread of political deepfakes are becoming more prevalent, complicating the political landscape and potentially influencing election outcomes. This underscores the urgent need for robust methods to detect and mitigate such AI-generated disinformation​ (MIT Technology Review)​​ (AI Index)​(Check Point).

• Advancements in AI Applications: AI's capabilities continue to expand into more complex and nuanced areas, including multimodal interactions where AI systems can understand and generate outputs across text, image, video, and audio. This broadens AI's application in various fields but also raises concerns about privacy and the creation of synthetic content that can be difficult to distinguish from human-generated content​ (Tech Xplore)​.

• Ethical Concerns and AI Bias: The integration of AI in sectors like finance, healthcare, and public services brings benefits such as increased efficiency and new capabilities. However, it also brings risks such as biases in AI algorithms, which can perpetuate existing inequalities. There is a growing emphasis on developing responsible AI practices to address these issues​ (AI Index)​.

These developments reflect a dynamic field that is not only advancing rapidly in terms of technology but also becoming increasingly intertwined with broader societal and regulatory frameworks.

Tim weighs in

• Verizon DBIR: I recently read the latest Verizon DBIR and made a blog post about it. One of the takeaways was that AI hasn’t had a significant impact on attacks. It is helping with improving efficiencies of attacks but it’s not an action in itself yet. This may change or it may not. Attackers use the path of least resistance. Setup a scheme to attack people with deepfakes and voice impressions can be a bit more elaborate. Not to say that they aren’t out there. It’s just not as widespread.

• Policy creation: One of the first things I did was create security policies for a small business. It took me just a few hours to create 10 security policies that the company was being required. They were concise and easy to read. I hope that security teams are paying attention as this will improve the quality of policies overall and make them much more consumable and easier to understand.

• Building out ExploreSec.com: I’ve used AI to build out a large portion of this site. I’ve gotten a lot more done than I ever would have on my own. I can put up deep dives in less than an hour. I will go back and edit the initial output from ChatGPT. I’ve written a few blog posts with ChatGPT with varying results. I believe my better posts are going to be me and my stories and experiences. I did have one blog post get deleted accidentally after I wrote it. Instead of doing a full rewrite, I had ChatGPT write the article and I thought it came out very well. It’s been very useful for the podcast. I now use ChatGPT almost entirely to write my show notes. When I record I also transcript the conversation. I then take that transcript and have AI build show notes. It’s been an enhancement for show notes and streamlines my post editing process.

• Creating Security Awareness Content: My new role is building out a security awareness program for a large healthcare organization. I’ve used ChatGPT to build out blog posts and create newsletter items. Smishing is my most recent blog post. Like the building out content on the site, I have it create the first draft and then make adjustments from there. This allows me to easily create regular content for our internal communication site while also educating people on different security topics. I’ve also started releasing a monthly newsletter for phishing threat intelligence and security awareness. I take articles I find online and have either ChatGPT or Gemini write a short newsletter item. With Gemini and Co-Pilot I could take the link and just feed it that instead of having to scrap the data. I found Co-Pilot to have the best repeatable format. Eventually I ran out of a free trial and it wanted me to login. It also got very uncomfortable when I was doing phishing research and it forced me off the topic. ChatGPT recently released 4o and it is now taking links and creating content out of it.

• Scripting: I’ve found AI extremely useful for building out PowerShell scripts. One of the things I like to do in a new role is build out the metrics. This often means custom metrics that a platform doesn’t have reporting on. I’ve taken the raw data and created PowerShell scripts that massage the data into the metrics I want. The PowerShell created usually works the first time. If it doesn’t then I simply feed the AI the error. They usually start out being this simple script and quickly get more complicated as I think of more use cases for the script. I will be posting these scripts on my GitHub at some point.

• Research: I’ve been using AI to help do research on topics. I still find that Google is better for some thing. AI is still several months behind on what it can provide but it’s getting better. Like creating content it’s a starting point for research. I’ve found in some of the topics I’ve explored in security it provides resources I’ve never heard of before but it can also be susceptible to marketing content. I would expect this will get worse as marketing teams figure out how to get their content into AI and a top result. Similar to how they figured out Google and other search platforms.

• Image Generation: I’ve been extremely happy with the images generated by ChatGPT. I use it for blog posts where I can’t find images. Usually I feed it the content and ask it to make an accompanying image. I’ve also used it for my presentations when I can’t find a meme or visual that highlights the content. It’s not always great. It still struggles with words but I’ve seen it get better. The same prompt will give different results. Sometimes there’s one thing I don’t like and ask it remove it and it’ll create a whole new image. I’ve messed around with photoshop for a couple images but it usually ends up being more hassle than it’s worth. I just keep giving it prompts until I get something I want. Sometimes starting over and taking a different approach with the prompt is the best option.

• Social Media: I’ve played around with AI for use on LinkedIn. Some of the posts it creates are cheesy. I primarily use it for podcast announcements. I need to play around with it more but I’ve started to move away from it. I have found that the view point for the prompt is big. It can get caught up creating words for a marketing team instead of someone with an idea or wants to comment on a blog post. This makes sense as I imagine marketing teams are using this to create social media posts on a more regular basis.

• Presentations: This year I used AI to help build my abstract, bio, and outline for my presentation. I haven’t had it build my slide deck yet, but I’m toying around with it. The abstract and bio alone are huge for me as I’m not a great self-promoter. I was able to build out all three in 30 minutes. This used to take me several hours to put together. I also believe I’ve been accepted to speak more because of it.

I’ve found AI to be a valuable tool for content and scripting. It’s helped me build content for ExploreSec.com. It’s helped me improve my presentations both from a submission and content standpoint. I’m excited to get back into scripting to see what sorts of automation I can build for doing regular tasks like metrics. Looking ahead, I’m continuing to come up with use cases. My next project is to understand how to use voice AI from an attackers standpoint but also from a podcasters standpoint. There are some use cases that I think will enhance the podcast.

What are your thoughts on AI and how have you used it over the past year?