Generative AI (artificial intelligence) has been one of the dominant trends in technology all year. It represents a shift from traditional, reactive AI systems to proactive, creative models. These sophisticated algorithms are not just tools for analysis or pattern recognition; they are creators, capable of producing novel content—be it textual, visual, or even code-based. This leap from understanding to creation opens a Pandora’s box of opportunities and challenges, particularly in fields like cybersecurity.
Technology and cybersecurity vendors have launched a variety of generative AI models and tools, including CrowdStrike. The company announced Charlotte AI at its Fal.Con conference in September. I spoke with Elia Zaitsev, CTO of CrowdStrike, about the company’s approach to generative AI, and how CrowdStrike is addressing the inherent risks of AI.
Generative AI: A Creative Revolution
Imagine a tool that doesn’t just follow instructions but offers novel ideas, designs, or solutions. Generative AI serves this purpose, acting as a digital muse for creatives and professionals alike. In realms like marketing, journalism, or design, this technology can generate drafts, visuals, or entire campaigns, offering a starting point that’s often the hardest step in the creative process.
Moreover, in business and academia, generative AI’s capacity to automate routine tasks and analyze data with unprecedented depth transforms productivity. It’s like having an assistant who not only manages your schedule but also suggests improvements and insights you might have missed.
Cybersecurity and Generative AI: A Symbiotic Relationship
For cybersecurity professionals, generative AI is both a shield and a sword. It revolutionizes threat detection by learning to recognize patterns and anomalies that could indicate a cyber attack. These AI systems can monitor networks in real-time, providing instant alerts and even automated responses to potential threats—far faster than any human team could.
When George Kurtz, co-founder and CEO of CrowdStrike, unveiled Charlotte at the Fal.Con conference, he talked about how generative AI has the potential to dramatically simplify security and improve the experience for security analysts. According to Kurtz, Charlotte is designed to empower anyone to better understand the environment and the threats and risks present in the organization.
Training and simulation are other areas where generative AI shines. By creating realistic cyberattack scenarios, these systems offer invaluable training platforms, honing the skills of cybersecurity professionals in safe, controlled environments.
Moreover, AI’s ability to sift through enormous datasets can unearth insights about vulnerabilities and trends in cyber threats, a task too voluminous and complex for human analysts alone. This data-driven approach enhances the predictive capabilities of cybersecurity systems, fortifying defenses against ever-evolving threats.
The Balancing Act: Harnessing AI’s Power and Mitigating Risks
While generative AI offers remarkable benefits, it also brings significant challenges. Data privacy is a paramount concern, as these AI models often require vast amounts of personal data for training. The potential for misuse or unauthorized access to this data is a real and present danger.
Bias in AI is another critical issue. AI models can inherit and even amplify biases present in their training data, leading to skewed and unfair outcomes. This is particularly problematic in fields like recruitment or law enforcement, where biased algorithms can have life-altering consequences.
Another concern is the over-reliance on AI, which could lead to a degradation of skills among professionals. The convenience of AI assistance should not lead to complacency or a decline in human expertise.
Finally, the potential for AI-generated threats, like deepfakes or automated hacking tools, is a new frontier in cyber warfare. These tools can be used maliciously to spread misinformation, impersonate individuals, or launch sophisticated cyberattacks.
CrowdStrike’s Charlotte AI
CrowdStrike is a case study in the application of generative AI through its Charlotte AI model. When I spoke with Elia, he outlined how Charlotte addresses the unique challenges of applying AI in cybersecurity. The model is designed with a keen focus on accuracy and data privacy, essential in the sensitive domain of cybersecurity.
Elia noted that many generative AI models allow users to interact with the “naked LLM,” a term he noted is gaining traction but emphasized he couldn’t take credit for coining it. In a nutshell, it refers to generative AI models that let users work directly with the large language model backend. He stressed that this approach creates a variety of potential risks and privacy concerns, and cautioned that a better approach is to have tools or systems that act as buffers or intermediaries so there is no direct access to the LLM.
“The key is, no user is ever directly passing a prompt and directly getting an output from an LLM. That’s a key architectural design,” shared Zaitsev. “That allows us to start putting in checks and balances and doing filtering and sanitization on the inputs and outputs.”
He also explained that Charlotte represents a departure from traditional AI models by prioritizing the reduction of ‘AI hallucinations’—the inaccuracies or false data often generated by AI. This focus on reliability is crucial in cybersecurity, where misinformation can have dire consequences.
The multi-model approach of Charlotte also works to validate the output. Elia acknowledged that LLMs will sometimes hallucinate. The issue is when those hallucinations, or results that are outside of the scope of what the generative AI model is designed to deliver are actually passed as output to the user.
Another safeguard against AI hallucinations for CrowdStrike is that everything Charlotte does is fully traceable and auditable. It is possible to track where Charlotte got its results from, and even to see how it arrived at its conclusion or built the query it presents.
He also described how Charlotte’s architecture is built to counteract ‘data poisoning’—attempts to corrupt AI systems by feeding them misleading information. This safeguard is vital in an era where AI systems are increasingly targeted by sophisticated cyberattacks.
The Case Against An Omnipotent AI
We talked about the idea of having an AI that can do everything—the notion of an omnipotent AI. Elia told me that there is an emerging concept called “mixture of experts” that describes CrowdStrike’s approach.
“People have realized, instead of trying to build one giant, omnipotent model, people have realized they’re getting much much better results by mixing and matching multiple small but purpose-built ones,” explained Elia.
It is much easier to design smaller LLMs and generative AI models focused on very specific tasks or problems rather than working to build one model capable of doing everything. Then, the goal of the interface AI—Charlotte in the case of CrowdStrike—is to interpret the request from the user and identify the best tool for the job.
CrowdStrike is also positioned to deliver on the mixture of experts concept through its product architecture. CrowdStrike can provide these innovations for customers in a single platform—seamlessly addressing the needs of both CIOs and CISOs without the need for integrating or stitching together disparate tools.
Forward-Thinking: Crafting a Safe AI Future
As generative AI continues to evolve, balancing its power with responsibility becomes crucial. CrowdStrike’s approach with Charlotte—prioritizing data privacy, minimizing AI hallucinations, and ensuring human oversight—is exemplary in this regard. By implementing robust safeguards and ethical guidelines, we can steer this powerful technology towards beneficial uses while curtailing its potential for harm.
Generative AI marks a watershed moment in technology, offering unprecedented creative and analytical capabilities. Its impact on fields like cybersecurity is transformative, enhancing both defensive and offensive capabilities. However, as we embrace this technology, it’s imperative to remain vigilant about its potential pitfalls.
One of CrowdStrike’s taglines is “We Stop Breaches”—a concept that is more crucial than ever. Adversaries continue to grow in sophistication, utilizing Dark AI to widen the scale and speed of their attacks, while increased legislative mandates and SEC regulatory oversight have put growing pressure on executive leadership and company boards to prioritize cybersecurity.
The future of AI is a tapestry we’re still weaving—thread by thread, decision by decision—with the promise of incredible innovation balanced by the responsibility of ethical stewardship.