The role of human insight in AI-based cybersecurity
To unleash the power of AI, it’s essential to integrate some human input. The technical term is Reinforcement Learning from Human Feedback (RLHF): a machine-learning technique that uses human feedback to train and improve the accuracy of an AI model.
ChatGPT, the most notable example of AI and RLHF working together, took the most innovative AI-based language model available (GPT-3 developed by OpenAI) and paired it with RLHF to optimize it for human interaction. The result – as we are all familiar with by now – is a powerfully fast and (relatively) accurate tool with a simple dialogue format that has taken the world by storm. The power of AI combined with RLHF can also impact other technologies.
If AI-based cybersecurity tools leveraged RLHF, they would be immensely powerful, intuitive, and effective and could improve detection and response times to even the most sophisticated threats.
The benefits of RLHF in cybersecurity
From business email compromise (BEC) to deepfakes, phishing attacks increased in 2022 compared to the prior year. These threats are also extremely costly to companies – according to the FBI’s 2021 Internet Crime Report, BEC accounted for almost a third of the country’s $6.9 billion in cyber losses that year.
It is table stakes for today’s companies to have an effective cybersecurity strategy in place to detect and respond to potential threats and this should incorporate processes, technology, and people.
When developing a cybersecurity strategy, the use of RLHF (or human insights) in conjunction with AI can be a real game-changer. RLHF can be used to train AI-based models to detect and respond to potential threats more effectively by using human feedback to learn from real-world examples.
Key advantages of combining AI and human insights
The four key advantages of combining AI and human insights are:
1. Improved accuracy of threat detection
Traditional cybersecurity solutions, like secure email gateways (SEGs), rely on pre-defined rules and patterns to identify potential threats. However, these rules and patterns can become outdated quickly, leading to a high rate of false positives and false negatives. Sophisticated phishing attacks can also evade SEG systems as they impersonate known trusted senders or takeover accounts. By using RLHF, the model can learn from human feedback and continuously adapt to new threats as they emerge.
2. Faster detection and response to potential threats
Enterprise security teams spend as much as 33% of their time dealing with phishing scams. Since traditional cybersecurity solutions often rely on manual processes, this leads to delays in detecting and responding to potential threats. By combining AI and RLHF, teams can better identify potential threats, resulting in up to a 90% reduction in the amount of time needed to identify and react to phishing scams, while also significantly reducing the organization’s risk posture.
3. Improved security awareness
End users are often viewed as the weak link when protecting an enterprise from cyber-attacks and, for most companies, testing and training are ineffective at best – and non-existent at worst. When users are trained and encouraged to report suspicious activity, they can provide valuable information on new and emerging threats that may not be detected by traditional security systems. Considering that 95% of global cybersecurity threats are linked to human error, this can help security teams stay ahead of the latest threats and improve their overall defense posture.
4. Adapt to and stay ahead of new threats
By reporting suspicious activity, end users can help validate their cybersecurity strategy in real-time. For example, phishing emails reported by users can be immediately reviewed by the company’s security team, helping them to learn and adapt to new threats more quickly. When leveraged by a distributed team across different departments and time zones, RLHF can help reduce the time to detect and respond to threats dramatically. By having a team of security experts, organizations can quickly identify and respond to threats as they emerge, regardless of their location or time of occurrence. This can be especially beneficial for organizations with global operations, as it allows them to stay ahead of cyber threats 24/7.