Microsoft lets generative AI loose on cybersecurity

As a part of its continued quest to inject generative AI into all its products, Microsoft today introduced Security Copilot, a new tool that aims to "summarize" and "make sense" of threat intelligence.

In a light-on-the-details announcement, Microsoft pitched Security Copilot as a way to correlate data on attacks while prioritizing security incidents. Countless tools already do this. But Microsoft argues that Security Copilot, which integrates with its existing security product portfolio, is made better by generative AI models from OpenAI -- specifically the recently launched text-generating GPT-4.

"Advancing the state of security requires both people and technology — human ingenuity paired with the most advanced tools that help apply human expertise at speed and scale," Microsoft Security executive vice president Charlie Bell said in a canned statement. "With Security Copilot we are building a future where every defender is empowered with the tools and technologies necessary to make the world a safer place."

Microsoft didn't divulge exactly how Security Copilot incorporates GPT-4, oddly enough. It, instead, highlighted a trained custom model -- perhaps GPT-4-based -- powering Security Copilot that "incorporates a growing set of security-specific skills" and "deploys skills and queries" germane to cybersecurity.

Microsoft stressed that the model isn't trained on customer data, addressing a common criticism of language model-driven services.

This custom model helps "catch what other approaches might miss," Microsoft claims, by answering security-related questions, advising on the best course of action and summarizing events and processes. But given text-generating models' untruthful tendencies, it's unclear how effective such a model might be in production.

Microsoft itself admits that the custom Security Copilot model doesn’t always get everything right. "AI-generated content can contain mistakes," the company writes. "As we continue to learn from these interactions, we are adjusting its responses to create more coherent, relevant and useful answers."

Hopefully, those mistakes don't end up making a bad security problem worse.