Device & IoTPress ReleaseThreat Detection & Defense

Tenable Releases New Generative AI-Powered Cybersecurity Tools To Cybersecurity Research Community

Tenable®, the Exposure Management company has launched new prototype AI cybersecurity tools to help firms combat a new generation of cyber threats and to create efficiencies in the cybersecurity research process. This includes areas such as reverse engineering, code debugging, web application security and gaining visibility into cloud-based tools.
 
The security community across the Asia Pacific, and the rest of the globe, have raised concerns about the use of generative AI technologies such as OpenAI’s ChatGPT. Singapore’s Cyber Security Agency previously put out a bulletin highlighting cybersecurity concerns around ChatGPT, and

has also highlighted the potential for misuse of large language learning models (LLMs) by cyber threat actors. 
 
But AI can also be used to enhance both security and protection measures. Tenable’s new tools, along with an accompanying report outlining their research and use, will enable cybersecurity professionals to be better equipped to navigate the quickly evolving cybersecurity landscape. 

  • Reverse engineering: Tenable created G-3PO, a tool that automates part of the reverse engineering process helping engineers understand the code’s functionality quickly and efficiently without reading every line.
  • Debugging code: Debugging code requires understanding intricate technical details across multiple areas. Tenable developed an AI assistant that works with GDB to make finding and fixing mistakes in code easier.
  • Improving web app security: Web applications provide a unique challenge for researchers due to the complexities of identifying vulnerabilities within them. To improve web application security, Tenable created an extension called BurpGPT that uses ChatGPT and Burp Suite to help researchers find and fix common web application vulnerabilities.
  • Increasing visibility into cloud-based tools. Organisations often overlook the issue of misconfigurations in identity and access management (IAM) when it comes to cloud security, even though it’s one of the most common concerns. Since IAM policy misconfigurations are common, Tenable created a tool called EscalateGPT to identify issues in IAM policies and improve Tenable Cloud Security.

Ray Carney Director, Security Response and Zero-Day Research, Tenable said, “It is clear that cyber threat actors will take advantage of generative AI, and it is only a matter of time before reliable, AI-written malware is a threat.” 
 
He added “In the short term, with Asia Pacific already being one of the worst hit regions by phishing attacks, the situation may worsen as LLMs are used to supercharge phishing attacks. The silver lining is that whilst generative AI will be of help to threat actors, there is also a great opportunity for defenders to harness it as well.” 
 
“With many nations in Asia Pacific grappling with a severe shortage of cybersecurity talent, generative AI tools could help alleviate the situation by reducing the manual workloads associated with reverse engineering tasks and other aspects of security research,” said Sugiarto Koh, Regional Director of Southeast Asia, Tenable. “While we’ve only just scratched the surface of how AI can play a role in security research, Tenable has already leveraged LLMs to develop new tools that can act as a force multiplier and reduce labour-intensive and complex work that can enhance productivity and enable us to identify vulnerabilities more swiftly and effectively.” 
 
The tools are now available for test-driving on Github to the cybersecurity community at no cost.
 
To read the full report, please visit https://www.tenable.com/cyber-exposure/how-generative-ai-is-changing-security-research.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *