Generative AI has entered the chat. CEOs from some of the largest publicly traded cybersecurity companies hyped up their speculative aspirations on the burgeoning technology during recent earnings calls.
Executives at CrowdStrike, Palo Alto Networks and Okta are all impressed enough with generative AI to consider the technology a viable mechanism to boost defense and lift the performance of their respective businesses.
Generative AI and large language models are getting a lot of play in the industry — the terms come up often in discussions and on stage at industry events — but not everyone is convinced the technologies will deliver the promised benefits.
The recent hullabaloo in the industry about generative AI reflects the fact there hasn’t been a major defense innovation for a while, according to Kelly Shortridge, senior principal at Fastly.
“It almost feels like we’re hungry for something more or something better really, but we’re just not sure where to look for it,” Shortridge said. “As an industry we’re just really trying to latch on to anything that might work even if it’s pretty speculative.”
To the extent that misalignment remains, the hype surrounding generative AI and LLMs require balance with realistic outcomes that businesses can achieve in the name of defense.
Tool development underway
Vendors have released some security tools infused with generative AI and LLMs and more are in the pipeline.
CrowdStrike added Charlotte AI, a generative AI tool, to its endpoint detection and response platform last month. Palo Alto Networks, which hasn’t released new products based on the technology as quickly as Microsoft or Google plans to release a proprietary LLM for security within a year.
“Let's be clear: This isn't a sprint; it's a marathon,” Palo Alto Networks Chairman and CEO Nikesh Arora said via email. “Palo Alto Networks is embarking on a multiyear journey to use AI across all aspects of cybersecurity, which will require thoughtful execution backed by robust data and well-defined processes.”
As generative AI gains momentum, Arora expects the cybersecurity vendor and others across the enterprise software industry to undergo a transformation over the next couple years.
“That’s the real opportunity and challenge in front of us, and I think half of the people out there will get it wrong,” Arora said last month during Palo Alto Networks’ earnings call for its fiscal third quarter of 2023, for the period ending April 30.
Arora mentioned generative AI within the first two minutes of his prepared remarks and subsequently mentioned “AI” more than 30 times during the call.
The immediacy of the opportunistic AI moment extends to other cyber CEOs who want in on the action, too.
“AI is a big deal, and I think it’s one of these things that is getting a lot of hype and is probably still underhyped,” Okta CEO and Co-Founder Todd McKinnon said May 31 during the company’s fiscal first quarter of 2024 earnings call for the period ending April 30.
“There's going to be tons of new industries created and industries changed, and there's going to be a login for all these things,” McKinnon said.
“That's an identity problem and we can help with that,” McKinnon said. “So in a sense, we're really going to be selling picks and shovels to the gold miners.”
Mining data for value
Data lakes and the quality of data they hold presents a broader and more specific opportunity for generative AI and LLM as it relates to cyber defense.
“Generative AI is transforming the world and security is no exception,” George Kurtz, president, CEO and co-founder of CrowdStrike, said on May 31 during the earnings call for the company’s fiscal first quarter of 2024, for the period ending April 30.
“LLMs are only as good as the data on which they are trained, and human annotated content makes for the best training data,” Kurtz said. “While we expect that LLMs will become commoditized over time, that data on which they are trained will not.”
Generative AI favors companies that have large data lakes and the financial leverage to make significant investments, but the technology’s ability to deliver significant outcomes for defense isn’t a certainty.
“I’m very skeptical. I think it’s pretty much a solution in search of a problem, especially in cybersecurity. I think if anything it probably benefits attackers more,” Shortridge said.
“I think we want to be part of the new hotness but we don’t really understand how it applies and I personally think it’s because it doesn’t really apply today,” Shortridge said.
For now, the leaders of some of the world’s largest public cybersecurity firms see more upside than downside.
“The latest AI tools and technologies, such as ChatGPT have accelerated the pace ushering us into the next technological wave,” Arora said via email. “There are many great things about it, and a lot more will evolve in the coming months and years, but the focus, momentum and effort are there.”