How Generative AI is Shaping the Future of Cybersecurity: Key Insights for CISOs and Enterprises

January 15, 2025 2 Minute Read

The increasing adoption of generative artificial intelligence platforms by threat actors, cyber defenders, and the average organization will present enterprises with an unprecedented number of cybersecurity issues in the coming years, according to a new Gartner® report and information from Trustwave subject matter experts.

In the report, Gartner®, 4 Ways Generative AI Will Impact CISOs and Their Teams, 6 December 2024, By Jeremy D'Hoinne Et Al, the analyst firm covered how security and risk management leaders, specifically CISOs, and their teams will need to secure how their organization builds and consumes generative AI and navigates its impacts on cybersecurity.

Gartner® defined generative cybersecurity AI as GenAI techniques that learn a representation of artifacts from existing (cybersecurity) data or through simulation agents and then use it to generate new artifacts.

While Trustwave agrees with the Gartner® main takeaways, we also have several additional thoughts on how AI, and some of its adjacent technologies, will impact security in the future.

Let's start off with how Gartner® views the situation.

Gartner® report says that GenAI capabilities will be increasingly embedded in existing security tools to improve operator proficiency and productivity. The first implementations of these prompts support threat analysis and threat hunting workflows:

• Interactive threat intelligence: Access to technical documentation, threat intelligence from the security provider, or crowdsourced (using various methods separately or in combination, including prompt engineering, retrieval augmented generation and querying an LLM model using an API).
• Alert enrichment: Automatically add contextual information to an alert, including threat intelligence, or categorization in known frameworks.
• Alert/risk scoring explanation: Refines existing scoring mechanisms to identify false positives or contribute to an existing risk-scoring engine.
• Attack surface/threat summarization: Aggregate multiple alerts and available telemetry information to summarize the content according to the target reader use case.
• Mitigation assistants: Suggest changes in security controls; new or improved detection rules.
• Security engineering automation: Generate security automation code and playbooks on demand, leveraging the conversational prompt.
• Documentation: Develop, manage and maintain cohesive security policy documentation and best practices policies and procedures.

Trustwave's Take on AI

The impact AI will have on the world is a topic that is already at the forefront of Trustwave's organizational thought process with our leadership contemplating its technical impacts and upcoming compliance issues.

Trustwave's subject matter experts see security issues as organizations being setting up either their own or a third-party AI system. The issue is AI often involves granting access to large datasets containing precious information, yet many organizations fail to apply rigorous scrutiny to this process.

This lack of oversight could lead to significant data breaches unless companies address flaws and exposures. This will likely require significantly reworking the production of applications and tighter governance of AI usage and integration.

At the same time, Trustwave sees threat actors leveraging AI technologies to automate and enhance the precision of focused cyber-attacks. As recently seen, AI can identify vulnerabilities, tailor attack strategies to circumvent defenses, and generate convincing social engineering schemes at scale. AI can automate the creation of social engineering attacks through customized phishing emails or voice messages. In fact, the near future may bring the first cyberattack operated from conception, to building code, to implementation, to data exfiltration or ransom demand totally conducted by an AI.

Trustwave also believes AI-driven innovation in cyber defense, with AI accelerating innovation on both sides of the cybersecurity equation. We believe deception systems will become increasingly important in cyber defense and threat intelligence research, helping to stay ahead of evolving threats.

GARTNER® is a registered trademark and service mark of Gartner®, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Navigating DORA Compliance: A Roadmap to Operational Resilience with Trustwave

Why Vulnerability Scanning Alone Isn't Enough: The Case for Penetration Testing

Trustwave's 2025 Cybersecurity Predictions: The Era of End-to-End AI Cyberattacks is Here