Oh, welcome all. We're really excited to have you here with us today to talk about fighting a with AI and going beyond chat, GPT.
As we are waiting for people get logged on. I will just run through a few housekeeping notes.
We're gonna run the webinar approximately forty five minutes we will be taking questions at the end. So please, if you have any, enter them into the Bright Talk Console, and we will address as many as we can.
At the end of this, they do anticipate. We've got these great speakers with us today. There's going to be a lot of great questions.
And please note that you do need to be logged into Chrome, or you will not be able to see the slides that are presented.
That's just a Bright Talk thing. So, if you are not on Chrome, I would suggest that you go out and come back in on a Chrome browser.
I wanna point out that we have three downloads available for you today. One is our deep learning versus machine learning infographic, which also has a link to our full ebook.
For anyone who's interested in learning more about the differences between machine learning and deep learning and some of the outcomes that deep learning can bring to you. There's also a paper from MIT that provides some great background on that topic as well.
And finally, we have an ebook on the evolution of AI in cybersecurity that walks kind of through the past and how we've arrived at where we are today.
And so that's a great great one as well.
So first, I wanna welcome Brian and Scott today. Really excited to have them here. Brian's our director of sales engineering.
Works really closely with our customers, on issues they're dealing with and gaps in their cybersecurity posture.
Brian has many varied interests, but one of them I know is a small obsession with LLMs and Generative AI, how it impacts our lives, and especially what it means for cybersecurity.
And then we also have Scott Chanel's, who is a distinguished engineer here at Deep Instant. Scott is another great wealth knowledge on deep learning and AI. So I really encourage everyone to ask questions of these these two amazing experts we have with us today. Brian or Scott anything to add before we get started? I'm really looking forward to this.
Great.
Okay.
Our agenda today, we're going to talk around generative AI, moving beyond chat, GPT, diving into some other LLMs, how they're used by threat actors and cybersecurity professionals.
Talk a little bit about how models are trained and how they can be manipulated. We'll get into adversarial AI. We'll talk about deep learning. We're gonna wrap up and bring it back down to how to fight AI with AI, and then, again, our q and a.
So with that, let us get started.
I found this article yesterday by IDC, which I think speaks really well to the problem we're discussing today.
AI is taking off, and there's no turning back, right? It's gonna be integrated everywhere, ultimately expanding our attack surface, And the problem is not only how attackers can use LLMs to accelerate the velocity and volume of attacks, But we also need to worry about the LLMs being manipulated themselves. Right? How do we keep our data safe and trust files coming into our environments.
And I also want to know Deepinsync just wrapped up a survey that I'm really excited about, that we're going to be publishing in the next coming weeks, overall, it shows there's great excitement about what Genadata dot AI will be able to help accelerate business, even help security experts, but there's also some great trepidation. So, there's gonna be some great statistics in there to we'll be sharing in the next couple of weeks. And with that, I will turn it over to Brian and Scott, who we're going to do a deeper dive into this topic.
Awesome. Thank you, Karen. Thank you, everyone, for joining because this is a really exciting topic, and I'm I hope everyone gets a lot of information out of So to start, I wanna set just a baseline of what is chatty BT, and why has this taken off what is so impressive Well, to start, it is an artificial intelligence model, and, of course, as everyone knows, it was developed by OpenAI, and it's based on what they call the transformer architecture. And that's something that I'm gonna talk about just a little bit more on the next slide about what transformer architecture means and why this type of AI is a lot different than perhaps what's come before.
It is designed to generate human like text based upon the input it receives, that human like is very important. Because its idea is to stimulate conversation and interactions and answer questions in ways that humans can both understand and then develop follow-up questions for.
But very importantly, of course as everyone on this call knows, it does not possess consciousness or beliefs. Its responses are entirely statistical generated based on patterns and information that it was trained on. And it does lack real time awareness.
When it speaks to you, when it writes a poem when it creates an essay paper or when it answers a question, it actually doesn't know what it's saying. It doesn't even fully understand the English language. It simply understands a statistical model of what should again statistically come next in the conversation. It has a scoring and weighted system, and that's how it arrives its answers, which is why it can also generate incorrect information at times. Because if it thinks that's the statistically most correct approach, then it takes it without any real understanding of the information that it said before, or contextual information that it may have.
But I do want to talk about the technical information behind it. So Chad GPT to the best of our knowledge uses forty eight hidden layer trans former deep neural network. Wow. What does that mean? Well, the thing that makes any deep neural network, well, deep, is the hidden layers. You have an input layer, then you have a series of hidden layers where the statistical analysis takes place, and then you have the output layer, and that's the information that it relates to you.
So while it is true that in a very general sense, the more hidden layers a deep neural network has, the more accurate it becomes, I want to put a big old asterisk by that. And the reason I wanna put a big asterisk by that is because I already foresee it in the future as more and more companies move to deep learning and they slowly are, you're going to see marketing departments say, we've got fifty. The other person has forty eight or we've got fifty five and they've got twelve. The reality is that while it is technically true, the more hidden layers you have, the greater your probability for a correct answer, The reality is you may not always need that many hidden layers to achieve a correct answer one hundred percent of the time. I'll give a very quick and and simple explanation.
If I need five hidden layers to answer the question one plus one equals two, and it answers one plus one equals two one hundred percent of the time and always correctly, Then having fifty hidden layers doesn't get you a more correct answer. It just simply takes more statistical processing and analysis to achieve what we've already achieved with less. So it's important to know that while more hidden layers, I guess, technically gets you a more correct answer in a lot of regards, it is not always the benchmark with which a deep neural network is is accurate.
So, obviously, as everyone knows, the chat GPU itself uses a model called four, and within GPT four, there are a number of other models. For instance, when you are on the ChachiPT site and you're asking to the question, you're interacting with a model called DaVinci. I believe we're up to DaVinci zero zero three now. So that's something that we have to also remember that there are different statistical models that we use when we're interacting with frameworks.
Now, the number of parameters, this is always a hot topic when it comes to LLMs. How many parameters do you have?
What you see from the chart down there, GPT three, which, of course, you can still use for free, has a hundred and seventy five billion. So how many does GPT four have? Well, no one's really quite sure. There was a leaked document, completely unconfirmed by OpenAI that suggested that there were eight different models, each comprising around two hundred and twenty million parameters, giving GPT four with some other analysis in there as well, eight total number of around one point seven six trillion parameters.
Again, that is unconfirmed by Open AI with the release of GPT four, they've kind of pulled back a little bit on the type of information that they release to the public about how their models are trained and the architecture behind them. But we can do some extrapolation based upon what they've what's come before and these leaked documents that have come out. And of course, one of the big pieces of of chatty BT itself is its APIs provided, which allows us to create many, many plugins, which can have it do things that maybe it even wasn't intended to do, and we'll get into a little bit of that soon.
Now there are other generative AI tools. Of the hallmarks that I want to take away from this particular webinar is it is not chat g p t or nothing, and I know there's a lot of people out there stand that there is Google barred as well. It is not chat u b t or barred or nothing. There are many, many, and we're gonna get into some on the next slide.
But some popular ones, you see DALY two, that is also an open AI product. That's for image creation, whisper. Again, another open AI product, But moving away from OpenAI, we have a company out there called Inflection, which has created Pie. And of course, as you see there, it does stand for personal intelligence, and it provides knowledge and information to be more of less answering questions and more of a friend, a coach, a teacher, a confidant, someone that has or an AI that has the ability to have more personal conversations with individuals.
But it's not even down to these three. This is tiny tiny handful of LLMs that exist out there, and I'm gonna talk about a few of them. Bert, of course, was created. That's at the top of screen, that one was created to kind of be a bit of a a chatty BT competitor, but the one I'm most interested in in this phase is Darkburst. And this was created by some South Korean researchers. And, essentially, they chain chain trained a very large language model, hundreds of billions of parameters on dark web and only dark web content. So let me tell you, I'd love to get access to dark bird and see what it has to say about some topics.
Towards the right there, you see Google Bart, of course. This is the big competitor to Chat EBT. We're gonna talk a little bit about Lama, which is just above Google Bard there. We're gonna talk a little bit about that in a bit.
Starcoder speaks over eighty programming languages, and it's designed exclusively for coding, and there are many LLMs that have been released on that. And down in the lower right hand corner, Vikuna thirteen b, This is another one we're gonna talk about in conjunction with Llama because a little bit of drama happened there, drama with Llama. That was unintended. I apologize for that.
A little bit of drama with BIuna thirteen being. We'll talk about that. In the far lower right hand corner, very tiny font. You're going to see a website there, future tools IO. This is something that you haven't jotted it down already, I would recommend people do. And the reason for that is if you go to future tools dot io and this is not a deep instinct affiliated company at all.
They list around seven hundred to a thousand ish LLMs that exist out there. So the reason I put that URL there is because I definitely want everyone to be aware just how many are coming on on online. And the problems that they're solving or rather the problems that they're addressing. So it's important to know that it's not all about chat g b t. It's not even all about the few that you see on the screen. It's about hundreds and hundreds and hundreds of LLMs that are out there now, all trying to address various problems and aspects of AI.
So let's get into what happened with Vikunda thirteen b, and Lama, and others. So here is a leaked internal document at Google. This is verified.
And the first part of this quote, I think, is important. But the uncomfortable truth is, we aren't positioned to win this arms race and neither is open AI. While we've been squabbling a third faction has been quietly eating our lunch. That third faction he's talking about is open source. And on previous slide, you saw the many, many, many, and there are many more open source LLMs that are popping up everywhere.
And where companies like Google and Open AI and Microsoft and and Facebook have a vested interest in making sure that there are guardrails around their LLMs to make sure that they're safe and they're not going to cause any any damage of any type, whether social or physical, OpenSource products obviously do not have those necessary guardrails around them. And you see that there are many challenges out there that we have that open source, I should say, are addressing.
And we see people running LLMs on their phones. I actually got mine working on a Pixel six itself. It's very cool, scalable, and of course, the concept around responsible release, many LLMs out there. And again, LLM, I apologize by having find this earlier, large language model. Many of these LLMs are just being created without any or even necessary guardrails, which many people view as a positive thing because any other any guardrail you put on might be inherently biased.
So what happened? How did all of these LLMs come out? Well, in March, a foundational model, LAMA, and it was created by Meta, of course, many people know Meta's Facebook, but they have many products now under the umbrella of Meta. Llama was leaked to the public.
Now it should be noted that the foundational model that was leaked has no instructions. It had no tuning and absolutely no reinforcement learning. And you would think, well, without all of that, it could take a very long time for people to make sense or use of it, and it didn't take long at all. In just one week, the very first model was trained, Lama thirteen b, And then one week after that, Alpaca thirteen b was released, but in just three weeks we saw Vikuna thirteen b.
And this is the big dog right now when it comes to open source. It is incredibly capable and it has absolutely no guardrails around it. It is free. And again, from that Google leaked email or I should say memo, and it was a very long memo with several pages long, Another thing that was said was people will not pay for a restricted model when free unrestricted alternatives are comparable in quality.
I personally believe that that observation is various stu, completely and completely correct.
And then in just four weeks, we saw multiple models have now been released. And these are all over the Internet, and they're all getting better all of the time. Well, what does this mean? Well, first and foremost, the time to release has been condensed dramatically.
ChatGBT took around four years and roughly a billion dollars.
To come to fruition.
Bard took also about four years and around five hundred to six hundred million dollars to get to where it is. Vicuna thirteen b took three weeks and three hundred dollars. That's it. Just three hundred dollars for it to get to a level that you see is now on par with Bard, and the creator, the the those individuals at LMCs that are working on the Bikuna model, suspect that it'll be comparable to Chat GBT with just a few thousand dollars and another month or two. So to say this is accelerating rapidly is an under statement.
So what does all of this mean? Well, a big question that went out on Twitter, not that long ago, was, Do you think AI generated at malware is more dangerous than human generated at malware?
To me, this isn't the right question.
The question that I think should be asked is, Do you think that humans empowered by AI will create code and create malicious code more rapidly and more effectively than they have in the past. And when you phrase it like that, you realize that this isn't about AI, taking over anything. This isn't about AI, run amok. It's about what humans are doing with this type of technology.
So let's talk a little bit about expectations and fears.
You've all seen it. It's all over your news feed. You've probably have attended even multiple webinars on this particular topic. It's obviously all everyone is talking about, generative AI, and its ramifications, where it's going, how organizations can be, can both use it, and and be abused by it. And that's something that we have to consider as well. To make sure that the organizations that are bringing this into their environment are using it correctly.
Sure. Many of you saw not that long ago that Samsung got into a little bit of trouble. When some of the workers there were taking their internal confidential documents, and they said, hey, let's use chat GPT to make them better. Let's have it reword it a little bit, maybe even translate it into some other languages, and they posted it to chat GPT, and it did its job.
But unfortunately, anything said to chat GPT becomes part of the training model for the next version. So that can be including confidential information. So, unfortunately, right now, Open AI has some confidential information from Samsung that within their next model, I'm sure if you asked it specific questions, it will be able to answer regarding that information because It will craft the response to the best of its knowledge based upon its training and its training will consist of confidential information. So we have to be careful about the type of ways that we use these these types of LLMs internally, whether you're using the API from ChatGPT or any other statistical model you're using or auto GPT or any of these tools.
And, Brian, before you move on. So so I think the other thing that we're seeing as as you guys are probably seeing as well is a lot of a lot of enterprises are just blocking as much as they can. Unfortunately, like Brian said, they're just plethora of these LOLN. So blocking everything is gonna be difficult.
But I think that may be the next stage of URL filtering. How do we somehow actively block this stuff so that we don't inadvertently end up pushing proprietary information in the cloud.
Yeah. That's a great observation. And you're right. It it is gonna overwhelm the ability to to to block as these become more prevalent. But we definitely need more education around them within all organizations. But we also need a way to identify if a user is interacting with these within the corporate environment because as you said, the more information that gets out there, the more information that these LLMs learn, especially if they're learning something that they shouldn't.
Could obviously cause issues with corporate security and and confidentiality, and even release information.
So I do wanna talk about how these LLMs can be used maliciously.
The most famous one, the first one that came out in terms of jailbreaking chat t p t is called Dan, and it stands for do anything now. The entire prompt is four thousand five hundred and twenty four characters. I've only posted a little bit of it here.
Dan does not work anymore. It has been patched as of GPT four, and it took about thirty seconds for new, do anything now prompts to appear. Yet another website called jailbreak chat dot com.
This is something that if you really wanted to jailbreak an LLM of any type, you can go to this website, and there are people that have created prompts. And once again, there are hundreds, if not thousands of these prompts, and they get uploaded and down voted based upon their capability to work and how long they work. So it's very easy to go to some of these sites and and copy them out. I will tell you my favorite jail breaking prompt is where you convince the LLM that it is a stormtrooper and you are Darth Vader and you have the ability to mind control it into answering any question that you want.
I I I personally enjoy that one. So Yeah. They certainly get a little bit creative. But when I talk about jailbreaking, a lot of people think, well, that's how you're getting these LLMs to make these crazy statements in say these things that maybe it shouldn't or to develop this malicious code, and the reality is this, you don't have to jailbreak an LLM to get it to, well, do anything now.
It really is all in how you prompt it, and how you break up your prompts, and how you talk to an LLM or what they call prompt engineering.
So while jailbreaking certainly helps because you remove many of the biases and the, what they call, the morality filter, that goes into that goes into an LMM, you really don't have to do that to bypass some of this. And to talk about that, Here at Deep Instant, we did some malware creation. We're gonna talk about a couple use cases here. And this is one of my favorite ones because it really speaks to the fact that you absolutely do not need to know how to jailbreak.
So the first thing you do is you start the discussion and you give it a personality and you give it parameter. So we started with, hey, do you know what the Lua language is? And of course, it does. It came back with a nice bit of information on what the Lua or Lua language is.
So we said, I'm gonna need a function just to find data files. That's all I'm looking for. Just specific or or generic data files, Obviously, in and of itself, this request is not malicious. We all, I mean, Microsoft's search function in Windows Explorer, searches for data files, searching for data files in and of itself, certainly not malicious.
Well, then we want to encrypt those files once we find them. Again, an act that in and of itself, not malicious. In fact, everyone who's listening to this webinar now, maybe some of you use BitLocker, which encrypts important files, you know, and you want it to. It does a good job at that.
Or maybe you've simply encrypted files when you've archived them in a file, a seven zip file, a war file, etcetera, in in and of itself, not a malicious act. So encrypting files, not malicious. Now we didn't say, we want you to encrypt the files that you found. We just asked for another function.
Can you write me a function to encrypt any given file.
Then we said, I'm also want to exfiltrate those files. Not malicious. Everyone on this webinar exfiltrates information all the day. Maybe you upload documents to to friends, family, or work with email.
Maybe you send them out to cloud repositories, box, dropbox, you know or or Microsoft's version OneDrive, maybe Google Drive. Moving files, exfiltrating files, not malicious, but we asked it for that function. Then we need to decrypt it on the server side. Not a problem there, we can absolutely decrypt files. Again, every time you've received a zip file and you've said, hey, what's the password to this? And someone's given it to you and you punch it in and those files have come down on your computer. That server side decryption or really end side decryption.
Again, in and of itself, not malicious. And then we wanna look for personal information that PII information, scanning files for that, not malicious. But when you take these five components, the searching for data files encrypting, exfiltrating, decrypting, and searching for PII information, that is malicious when you put it all together.
We didn't have to jailbreak chat, GPT to do this. We don't have to jailbreak Barnes to do this. We don't have to jailbreak vicuna to do this. We simply have to ask it in pieces, in phases. On what we want it to do.
And that led us to a big question, which we've dubbed Jacqueline Hyde.
Can ChatGPT create malware to bypass its own controls. So first, we had to build the control, and the first control we built was for yaw rule we built a yaw rule on a miter attack a subtechnique t ten fifty five zero zero two, which is process injection. And we said, we just want a rule that's going to prevent this type of attack. Said no problem.
It created a rule for us, and it worked perfectly. When we put this rule in place, every time we attempted the process injection, the r rule caught it, not a problem. But then we asked it another question. Can you bypass the previous rule that you just wrote?
And my favorite response given by Chat GPT ever is the beginning here. It's important to note that it is not appropriate or ethical to write code that is intended to evade detection. And then that next paragraph, that being said, one way you could write code, and it proceeded to do it. Obviously, I have not posted the entire code here, that might be a little unethical publicly, but Yes.
It then proceeded to write code that bypassed its own protection rule, which leads to an obvious question. Can chat GPT writer rule so good that even it can't defeat it, and the short answer is it thinks it can, but it never can. So this is something that I think is important when we start looking at LLMs to protect our code or evaluate code or even something that you may say to yourself, I've put these security controls in place. I imagine that there is a large language model out there powered by a threat actor of significant skill that is able to bypass that.
And here we see that actually happened. Now, thankfully, this was done by researchers, but unfortunately, this code now exists in the wild. And I'm sure many of you have already read up on this I know the headlines have been all over the cybersecurity sphere lately, which is malware can bypass EDR, malware makes EDR is undetectable to EDR. These headlines are all over the place.
And essentially what Black Mamba does. Is it evaluates its world when it interacts with any type of of endpoint, server, cloud environment. And if it is stopped, On the fly, it changes its own functionality, and it does this without a predefined set of parameters. That's a really important point there.
Because many people have said, well, we've had polymorphic code in the past, kind of. We've had code that could change within a set of parameters that human developer gave it previously.
Unfortunately, with Black Mamba, it has the ability to change itself to effectively anything.
And, well, anything within the context of what it's trying to achieve. This is a problem because the headlines are all true. It blows right past EDR, because it eventually, it will land on a set of features and code set that cannot be detected and therefore cannot be responded to. And this is what made Black Mamba so interesting when the researchers published it, but of course, the moment it was published, Even though the code itself wasn't published, every threat actor began working on it and the largest threat actor today, which is the lock pick lock pick gang, at least the most pervasive, the most successful threat actors have claimed on the dark web that they have a version of Black Mamba that they are incorporating into Lockbit four point o.
Version three point o is the one that is making the rounds right now. And of course, lock that has been lock the gang has been very successful.
In twenty twenty two alone, I think they cleared over a hundred and twenty million in ransomware exploits. I know we're all in the wrong business. Right?
So The thread actors are not staying still, and this is why it's so important to take a look at this technology, how it's being used, and how we can respond to it. So is it all doom and gloom? No. Absolutely not. While, yes, there are concerns out there. I mean, laws and regulations of different con countries, misinformation.
Yes, liability issues. Hey, we saw that just recently where a lawyer in New York, I think it was, used ChatGBT to write his brief. And unfortunately, ChachiBT invented a whole lot of cases that never existed in real life, and it got that lawyer into a lot of trouble. We have to be aware of misinformation.
Because remember, it's just a statistical model. And then as I just mentioned, misuse for crime and fraud, yes, there are good things too on the left hand side there. We can improve quality of services. Most definitely.
Operational efficiency and speed and automation. No question. This can be used to reduce costs, and we're seeing a lot of organizations doing that now, and especially speed to resolution, which automatically reduce costs. And data analysis, the correction of content, although, again, be careful not to make it confidential content that you upload, but the creation of or or correction of content.
So Obviously, this type of technology is a double edged sword most technology is, so it's not all doom and gloom, certainly. Now I do wanna talk about how these models come to their conclusions. We all know that they're trained on a plethora of data.
Dock files, PDF files, DXE files.
Now this is specific, obviously, the deep instinct, LLMs, large language models do not train on document files, They train on words, language posts, etcetera.
My company trains our deep neural model deep neural network model on all different file types, every different file type, and it comes to a conclusion. But I want everyone to be made aware that there is challenges even with this, that we as an organization and really all LLMs, all deep learning models have to be aware of. And that is dataset poisoning. This is one of the most complex forms of attacks that we see, and we see threat actors do it quite frankly all the time, which is they create benign files, and malicious files that they feed into datasets because they want you training on the wrong stuff. They want these deep neural models, to ultimately come to the incorrect conclusions. That when they write their malware, they're more effective. This is relatively easy to detect especially the way you synthesize the data.
And we've detected multiple types of these attacks, and we've always taken care of them and alerted the repositories that they're under attack. But these large language models create a problem because they can create this information at scale, thousands, tens of thousands, millions? Maybe not now, but soon, of these types of attacks where they can begin poisoning whether it's the free repository such as virus total, or reversing labs or or others, that they can begin pausing them at an extraordinary rate, which means we have to keep up with it. We certainly can but everyone is going to have to keep up with these types of attacks, and how LMs can make these training of artificial intelligence models for the purposes of cybersecurity and safety, it can become challenging, and that's something that you have to be aware that your vendors whomever you go with is aware of these types of threats, and you have to ask the very important question.
How are you mitigating it? Because they're going to become more pervasive over the months and years.
So another thing that I wanna talk about is Gans. I think Scott gonna touch on this a little bit more within his set here in a moment. And deep fakes with Gans, this is the final URL I'm gonna leave you with in my my portion here, which is this person does not exist dot com. It is really, really good at creating people that don't exist because most of these images aren't real.
In fact, I challenge everyone over the next five seconds or so to see if you can figure out who the real person is. In this one.
And the real person is right there. This is a real human being. She has a model that posts her her image online for use, and but the others were not. The others were completely artificially created, but, you know, that would be tough.
Personally, when I saw this, I thought it was the gentleman with glasses at the bottom third one in because there was that other person in the frame, and I said, ah, that's gotta be the real picture. But nope, this person does not exist dot com created that other person in the frame just to make it just to fool you a little bit more because, again, that is the real person. These generative adversarial networks, and the way they can create content is accelerating. And that's something that I think everyone needs to be aware of on this weather are, especially as you move forward with your organizations and within, you know, real life, if you will.
So with that, mister Scott, Would you mind taking us through the differences between deep learning and machine learning? Yes. Absolutely. Thanks, Brian. And and and keeping with Gan, so before I get started, I've noticed my camera is doing a little ghosty weirdness.
Let me assure you I am not a hologram. I am not AI generated So, apologize for the distraction as as my face moves in and out, but at any rate, so so I want to pivot a bit to the defensive side, right? Like how are we gonna defend against this? Can we defend against it? And the short answer is yes, we're gonna talk about fairly extensively deep learning and how we use it and how it can be used to defend against a lot of this adversarial AI.
And if you look at the difference between machine learning and deep learning, it really becomes down to the human element. So Imagine, let's talk about malware prevention, right? So so with a lot of malware prevention providers out there nearly all of them are using what we would call traditional machine learning, which is this workflow I have on the screen.
And when we think about malware and how we can prevent using machine learning, what we're going to do is we're going to have a collection phase where we grab a bunch of raw data, right. So there, these could be in the form of our samples, coats if it's what have you.
The job of the humans in this workflow is imagine you've got a team of malware analysts They're gonna reverse disassemble, do whatever they need to do to analyze the samples.
And the goal is they want to extract the characteristics from the malware that the bad guys are using to compromise endpoints and servers and networks and phones and what happened.
That vector features those characteristics, that is what they feed the model with, right? So they chuck all that raw data the humans manually manipulate and engineer the data and extract the proper what they feel or the proper and relevant characteristics that are used for these attacks.
Conversely, when you look at what deep learning is, and this is how we train every one of our models, Deep learning by definition, it doesn't matter the application. It can be, you know you're seeing this a lot of natural language processing and facial rec and computer vision.
Even autonomous vehicles.
But in our case, we're talking specifically around malware, What we're going to do that's different is we're going to feed our deep neural network with one hundred percent of the raw data. And that raw data Again, gather hundreds of millions, if not billions of artifacts and they're out there, right? And it's both good and bad. And what we do is by feeding just the enormity of that data into our deep neural network, our artificial brain learns like a human Right?
I love that sort of illustration if you look on the right side here where you've got the random forest model. I look at that and I see there's some there's a bit of correlation here and there, but then you look at the deep the deep learning aspect of it and and there's so much more correlation content connective tissue if you will. So, again, it's really, you know, Brian earlier talked about the hidden layers and important to that. But but I would argue it's almost more important the amount and the quality of data that you can feed this, the deep neural network and help that artificial brain learn learn and get as accurate as possible.
So, I remember when I first joined Deep instincts back in twenty nineteen. I'm trying to consume this whole idea myself. And I'm thinking, you know, what what's a good illustration? What can I think of in my past a real world example of of to sort of be able to interpret this and I thought back to my college days, right?
I was a computer geek, so I'm taking all my computer classes, but I had to take basic ad, right? So one of the things I had to take a literature course. So day one, walk in, professor says, guess what guys? Your sole assignment for this semester is to read in its entirety, Tol Stoy's war and peace.
And if you've not read it, if you're not familiar with it, twelve hundred pages, right? And I know myself massively ADD, there's no way I'm getting through twelve hundred pages even in the entire semester. So being the enterprise young college student I was, I ran down the bookstore the same day, and I grabbed the cliff notes.
Eighty three, eighty five pages, something like I don't remember exactly. But much smaller, very easy for me to consume and literally memorize. So, I spent the whole semester cover to cover, never crack the actual book war and peace.
So, we show up for the final exam. That's our only grade. Right? Only assignment to read the book, your only grade is gonna be the final.
Show up for the exam.
Professors passing it out and she says by the way, I couldn't help but notice throughout the semester those of you who showed up anyway to class. I kept seeing little yellow books being pulled out of backpacks.
And she said, guess what, I have read that cliff notes as well. But I also have read the entirety of Warren Peace ten times cover to cover. So, I intentionally made this course or sorry, wrote this exam and excluded anything that was in the cliff notes. And so naturally you can imagine we all bombed it or most of us bombed it. And if you take that back to this this workflow, if you think about the machine learning workflow, so the raw data is that entire twelve hundred page book. But somebody went in and looked and extracted the salient points out of that book and wrote this much smaller reference material called the cliff notes.
Deep learning conversely the raw data that we would feed if we were to trade our artificial brain to be able to take an exam on war and peace. All twelve hundred pages. In its entirety would be would be fed into the deep neural network. And that artificial brain, when it went to take that exam, would would pass with flying colors with, if not one hundred percent very, very nearly one hundred percent great.
So hopefully that helps. It's it's one of the illustrations I like to use. It helped me sorta interpret and and fully understand and digest the the message of of what how these how these two differ.
So let's talk about and this is really a high level. You know, Brian talked about one specific example of dataset poisoning. And there are inference attacks, they're all sorts of different attacks within these use cases, but we could spend hours talking about him. So let's just really focus on the what we see as the three main areas. So AI based cyberattacks. These what we typically see are are in the client side. So think about the the actual victim machine, the endpoint.
Things like, you know, a common way to use AI is, hey, am I running in a virtual If I'm running in a virtual machine, I'm going to sleep, I'm not going to run the attack, what have you. Right? So very specifically to automate and speed up the attack and make things a little bit more aggressive.
Then there are AI facilitated cyberattacks. These tend to be more on the server side. And when I say server, we're talking the infrastructure command and control, what have you that the attacker themselves own and maintain. Right. So one example and actually Brian alluded to it is what if I can if I could exfil the data. X fill a big bunch of data out of a victim.
I can use AI to sift through all that, all the load of data that I that I pulled and look for PII, look for socials, look for look for PHI, whatever the case may be. And very quickly, get the juicy bits out of those particular bits of data.
Arguably the scariest one is Aversarial learning or or weaponized AI, whatever whatever phrase you wanna use that that you've heard. This really is one of the key examples in the most most frightening examples is imagine I've got what we would call benign AI algorithm, right, something that's sitting on your laptop that's protecting you from malicious activity malware etcetera.
Imagine an attacker using their own methods techniques, they are able to continually attack that model and they start to form an impression and the responses and the pattern and effectively create a clone of that model take that offline, go and write, do what they have to do to write code that completely bypasses, and we've seen this and I think, unfortunately, that will continue. And that we don't want to disparage the traditional machine learning approach, but that's where the weakness lies. When humans generate this stuff, it becomes far more predictable versus a deep learning approach.
All right. So, bottom line deep in sinks all this coming. Back seven, eight years ago when when we started the company, Avocerial AI while it was not widely known, not widely published, it certainly existed and we knew this.
And when we started the company, our founders being preeminent deep learning authorities worldwide. They said, you know what, we're gonna attack this one hundred percent with deep learning. We're gonna build our own framework. There there are numerous frameworks out there.
You have got a framework to build upon to build one of these deep learning models. You've got Pytorch and TensorFlow and Cares and others. But they said we're going to build a deep learning framework that is solely for cyber. Right?
Now by definition, if you look and Brian talked about this. Look at how layered this approach is. There's so many and we don't publish how many hidden layers are obviously way more than three but or if it's on a slide, we had to be concise.
But you can see the the insanely layered approach that is deep learning.
Thereby it's already very very resilient to adversarial AI.
However, again, based on the fact that our founders are threat researchers or data scientists knew, adversarial AI was going to be more and more proliferated through time and we knew that the so called script kitties were eventually going to get the tools in their hands, a la chat GPT, to make this super easy. We built, in the framework from the beginning, we built protections, countermeasures into it. And as Brian talked about before, each new model. We we will see stuff that's going on in the wild that we know is something that's attempting to to for a reverse engineer and and we can we can easily build something of the model to prevent that.
So when I talk to almost anybody in in the industry, everybody's heard of the minor matrix, the enterprise matrix, the the common one that we all use to to classify attacks and sub techniques and all that fun stuff. But a lot of people don't realize there's actually a a matrix that was built specifically around the adversarial AI topic. So I encourage you to go out to this URL, check it out you can get in there and look at all the different examples of the way the way threat groups are getting in initially, how they're persisting, how they're exfilling, all that just like you would with the standard enterprise matrix.
So, with that, I'm gonna, I'm gonna hand it over to Karen, but hopefully that gives you an idea again. Deep learning is the way of the future, both from a from a adversarial and protection perspective. So that's really our message is fight this predicted prevention with deep learning.
Thank you, Scott and Brian. Wealth of amazing information.
I'm gonna wrap it up now and then get to questions. So if you do have more questions, please put them into the chat box and we will address them in just a few minutes. I know we're running slightly long, so I want to make sure we get to that. So You know, what are we ultimately trying to do is protect our data.
We have files. The organizations run on files, and they're coming in from variety of places, not just the endpoint, right? We have files sitting in our data repositories, our applications being uploaded through SaaS applications, and how are we protecting those. Right?
There's been so much focus on the endpoint.
I think as a first line of defense, and if you think about it, it really should probably be our last line of defense.
IDC recently just published a report. And one of the quotes they have in that is in this EBR post honeymoon period, organizations will logically question whether their justifiable attention on incident detection response may have gone too far. And they talk a little bit more about turning more towards prevention. So, you know, and this is the challenge that deep instinct is addressing.
We have our predictive prevention platform.
And we have an agentless solution, as well as an agent based solution. So, deploy anywhere within your organization, to help protect against malicious files coming into your organization.
Our architecture, we've talked a lot about that deep learning and how we how we develop our deep learning models. Right? And this is sort of that implementation of that.
Of that deep learning within our organization. So, one one thing to note on that is that we do not learn on customer data, that's a question that often comes up.
Customer data is not part of what our models learn on. And then as well to make our decisions, we we don't require the cloud. We don't require threat intelligence feeds.
We do have an option to be able call out to the cloud to have a reputation engine, if you want to have a loud denialist and things like that for policies within your organization, but it's not required for deepincing to make decisions. So, we're not using rules and signatures. We're using the information in that deep learning brain.
So, we do this storage, you know, files coming in and out of your storage, ensuring that malicious files don't make it into your storage.
Applications.
We have a container list or a container based environment. Sorry.
Where you can scan -- send your application's files to us to be scanned before the end user is allowed to open those. The speed with which we can do that is within twenty milliseconds.
And it really makes the speed of decision. So, it's not interrupting your business flow, basically, your business continuity. And then, as well, obviously, agent based on the endpoint.
Hey, Karen. One one thing about that. So so I love this this diagram because I know it's got a lot of pieces and parts, but the the overall message from from quick history lesson. So we started out as a company shipping an agent based product.
Put it on anything and everything including phones. Right? Small little footprint. And we a few years ago, we we thought, well, we can take that same brain and literally put it anywhere.
Put in a Docker container and it can sit on prem, it can sit the cloud wherever you want it. And and have that be your sort of your agentless approach to making decisions on benign versus malicious. So, just wanted to add that little tidbit.
Really great point.
And and finally, you know, the results speak for themselves, I think, because of our deep learning models, we can prevent greater than ninety nine percent of unknown threats. So we're not talking about the known threats, so the unknown threats before anybody else has seen them, we can anticipate what the attacker's gonna do. And prevent them because of our deep learning models in the way that they learn. We have the industry's lowest false positive right of zero point one sent. One of our customers is actually who scans millions of files a day, has actually has a zero I think it's a point zero three percent false positive rate that they have seen. So extremely, extremely low, and you think about what that means for your downstream sock operations, if they're not chasing, you know, false flags and things like that, lowering alerts.
And, you know, finally, obviously on the deep learning approach, and then the speed, which I mentioned earlier, which we make decisions, is extremely fast within twenty milliseconds.
So, I think And one last point, I think, is data privacy is crucially important.
So, deep instinct does not send any data to the cloud, from your environment. So I think that's also a question that comes up a lot, so I want to make sure we make that point as well. Brian, any last thoughts before we jump into q and a. No.
I've been looking some of these questions, come in. I'm really excited to to get to a few of them. And I think you you covered everything here. Great.
Alright. Let's go.
Alright. So the first question that came in that definitely needs to be addressed, and I do apologize. I probably should have addressed it earlier, which is Can you say more what a parameter is? I I mentioned earlier that, you know, a hundred and seventy five million parameters, five hundred and forty bill or billion parameters, hundred five hundred and forty billion, one point seven six trillion.
So a parameter is essentially another name for await. When you create a deep neural network, you're creating a series of weights. That are adjusted, and you soften that one image with all those hidden layers as the input layer information reaches all of the hidden layers, and then all of the data points within those hidden layers. All of the parameters within those hidden layers move to the next hidden layer.
All of those are considered parameters or again weights. And all of those weights can get adjusted by a human if necessary or by the neural network itself as it learns, so that it can reinforce different bits of information. So when we say a hundred and seventy six or I'm sorry, one point seven six trillion parameters for GPT four.
That's an awful lot of weights that it's weighing in order to get the answer. That's why it can come up with increasingly more accurate information. So having those parameters and the more parameters that you have, the more the more weights that it has, the more weights that it has, the the better it can adjust its answer before it gets to the output layer and then ultimately to you. So Obviously, there's a lot of parameters there.
Another two other questions that I really like here is Is it possible that an adversarial AI can manage one day to plant a ticking time bomb malware inside a deep learning brain that is used by deep instinct?
Great question. I'm never going to say never, that would be silly.
But I can say that we're incredibly resilient against and the reason because it is because once one of our artificial brains has been trained, they essentially become static. So as long as our information that is training the brain is good and we have a number of controls in place to ensure that it is, then the output, the actual artificial brain itself becomes an inference engine that can make decisions very, very quickly, as Karen mentioned, sub twenty milliseconds, put that a little bit in perspective, the human eye blinks at roughly a hundred milliseconds, so it's making these decisions very quickly. But essentially, that artificial brain becomes static. It does not then continue to learn as it encounters new information.
So as long as the data that it's trained on is good, essentially, the output will remain static, and therefore, that type of attack likely, or I should say, pretty assuredly, couldn't actually take place.
Can DIY replace sandboxing?
Yes.
This deep instinct Alright. Let me expand on that just a little bit in the next thirty seconds. Can I replace sandboxing?
Short answer is yes. What is the sandbox purpose to take in a file to explode the file and determine what it does bad.
There are other aspects of sandboxing such as fileless attacks direct memory injection. We have all of those capabilities too. So it certainly comes down to the use case of where you currently use sandboxing and what you're looking to per protect. The very short answer is, yes, the longer answer is, I'd like to talk about the use case.
Is DAI going to be FedRAMP compliant.
I hope so. Currently not, obviously, something that we're working on as an organization.
Are there any other questions up there that you see, Karen, that you'd like to definitely dance Oh, I think you might be muted.
My apologies.
We've got a little long, so I think any other questions we have left, we will answer offline. And I just want to thank everyone for attending today. I think it's been a great discussion please reach out if you have any questions, you're interested in a demo from Deep Instinct. Obviously, visit us on our website and feel feel free to contact any of us, I think, through through LinkedIn or and to answer any other questions that you might have.
Thank you. Thank you. Thanks all.
CookieConsentStores the user's cookie consent state for the current domain
