Skyhawk Security announced the company is using ChatGPT to enhance cloud threat detection and make it faster and easier for customers to find and understand security incidents that might otherwise fly under the radar.

Tests run by Skyhawk on the new ChatGPT features showed measurable improvements in the speed of detecting breaches based on anomalous activities, doing so at a much lower operational cost. According to Skyhawk's tests on various datasets, in 78% of cases the platform produced alerts earlier when adding ChatGPT to the scoring process. This capability is generally available to Skyhawk customers today at no additional charge.

The company has incorporated ChatGPT in two unique ways:

• Earlier detection of malicious activity. One of Skyhawk's key advantages over other security tools is its ability to show actual threats as they are progressing on a graphical storyline known as an ‘Attack Sequence'. Skyhawk's new ‘Threat Detector' feature using the ChatGPT API is trained on millions of security data points from across the web. It uses that data to help augment the Attack Sequence technology's scoring mechanism. Skyhawk's existing scoring mechanisms are based on proprietary machine learning technologies that use malicious behavior indicators (MBIs) and then assign those MBIs a score when they get to the point that something appears to be worthy of an alert, known as a ‘Realert'. It solely alerts on real threats, significantly reducing false positives. Adding ChatGPT to the scoring system is one additional parameter that vastly improves the confidence of a given score and enables the platform to alert to anomalous behaviors earlier.
  
• Explainability of attacks as they are progressing. An Attack Sequence correlates multiple suspicious events to provide observability into the validity of a potential attack and how it manifests. Today, Skyhawk adds textual explanations (produced by ChatGPT) for the incidents found by the platform. These appear in a new platform tab called the ‘Security Advisor'. Having these textual explanations, in addition to visual representations, helps organizations understand incidents in greater depth and makes them more accessible to security personnel.

"Lots of security companies are chasing the generative AI hype, with superficial additions like using AI to help with remediation recommendations. Skyhawk is doing something fundamentally different," said Chen Burshan, CEO of Skyhawk Security. "We are using ChatGPT, and the world's vast quantities of available security data, to help score and assess risk levels of various malicious detectors. It's like asking thousands of security researchers to advise during the investigation of an incident on the risk of anomalous behaviors and to help define that risk. With the well-known shortage of cloud security expertise, customers can use Skyhawk's unique approach of leveraging ChatGPT to overcome the shortage in personnel, thus improving the time to detect and respond, at a much lower operational cost."

"As researchers, we continuously experiment with novel AI algorithms to enhance our capacity to identify malicious activities. The remarkable performance elevation we have achieved by integrating large language models is just the beginning of what we will be able to do with GPT and similar models," said Amir Shachar, director of data science at Skyhawk and author of Semi-discrete Calculus. "We can prove that detection now happens sooner - adding an additional level of confidence to our threat detection platform that no other company has."