Generative AI used to conduct cybersecurity drills

Generative AI is being used as a way to train people on cybersecurity threats by providing real-time simulations of cyber attacks. Two recently launched products demonstrate the interest companies have in providing such training.

Enterprise cloud email security platform Ironscales announced the beta launch of GPT-powered Phishing Simulation Testing (PST), aimed at helping employees rapidly personalize cyber training given the exponential rise in socially engineered attacks. Spear phishing emails generally target specific individuals, organizations and companies for scams and cyberattacks. The program can generate personalized spear phishing simulation campaigns to combat hard-to-detect, advanced phishing attacks. Every spear phishing simulation message is crafted utilizing PhishLLM, Ironscales' proprietary large language model that has been trained on millions of data points from the Ironscales community.

Employees receive these simulated phishing emails in their inboxes. If they click on the link or button within the email, they will receive a message informing them it was a test, and it will take them to a training video to further educate them on how to spot such threats in the future. Employees don't know when or from whom these emails will be sent , so they are true phishing simulation tests.

"We are witnessing a tremendous uptick in customers seeking tools and technologies to counter the intensifying threats posed by sophisticated socially engineered attacks such as spear phishing and business email compromise," said Ironscales CEO Eyal Benishti. "The revelation that human error contributes to over 73% of data breaches underscores the urgency and the validity of our adaptive AI and human-centric approach as vital elements of fortifying email and overall organizational security. For our R&D teams, adaptive AI and machine learning are not merely tools, but the vital veins supplying the innovation for our solutions. We take immense pride in these newest AI-driven advancements that protect better, simplify operations, and empower organizations."

Ironscales also announced a new Accidental Data Exposure (ADE) capacity, which utilizes advanced algorithms to promptly identify and warn employees about emails that may leak sensitive data — enhancing their security awareness and proactively preventing potential data leaks in real-time.

Meanwhile, Norway-based cybersecurity startup Pistachio, formerly named CYBR, this week announced the release of its AI-driven security training platform, aimed at helping companies mitigate human error on cyber defense. The software uses AI to assess each employee's security strengths and weaknesses through various simulated cyber attacks. Once an employee profile has been created, the platform sets up an individualized security training program. The simulated attacks continue and only slow down once the individual's training is at a satisfactory level, helping companies ensure their entire workforce is capable of handling new threats when they arise.

"The emergence of easy-access AI technology has changed the ballgame completely for cyber security," said Mohammed Awais, co-founder and CEO of Pistachio. "For example, where scammers previously sent out generic phishing emails to large groups and hoped to get lucky, they are now able to tailor their attempts to individual targets with minimum effort. Without individualized cyber security training, many of these attacks will succeed," 

The launch was accompanied by news that Pistachio had secured €3.25 million ($3.56 million) in funding from an investor group led by Signals Venture Capital.