27 Jan Understanding GenAI in Cybersecurity
As the threat landscape continues to evolve, cybersecurity professionals are under increasing pressure to safeguard critical systems against sophisticated attacks. In this environment, artificial intelligence (AI) has become an invaluable ally. But not all forms of AI are the same, and it’s worth diving into a specific subset of AI (Generative AI, or GenAI) to bette understand how it, specifically, is already impacting the cybersecurity function. In fact, according to CompTIA’s 2025 Cybersecurity Trends report, the emergence of generative AI tops the list of factors driving cybersecurity professionals right now as a “high profile trends that needs to be understood.”
What Is GenAI, and How Is It Different?
GenAI is a type of AI capable of creating new data that mimics the patterns and features of the original dataset. At its core are deep learning models, such as Generative Adversarial Networks (GANs) and large language models (LLMs), which excel at generating text, images, or even code. Unlike traditional AI, which focuses on classifying, automating, or predicting, GenAI can “generate” meaningful outputs, making it a powerful tool for tasks such as crafting phishing simulations, producing automated reports, or testing system defenses with simulated attack vectors.
How Does GenAI Work in Cybersecurity?
GenAI functions by training on vast datasets, enabling it to understand and recreate patterns from the data. For cybersecurity applications, this could include training on threat intelligence feeds, logs of historical attacks, or even open-source intelligence. “Imagine you have several years’ worth of risk assessments, penetration tests, and internal audit reports, for example, and you manually have been trying to analyze this information to show trends in your security program,” one Fortune 500 CISO told CIO Magazine. “Previously, we would have likely hired a consulting company to help us start over with a new assessment or analyze the data to create the trend. We can now perform these assessments, saving our companies’ human labor and significant dollars.”
CrowdStrike agrees: “GenAI can enable teams to analyze data from different sources or modules, enabling teams to conduct traditionally time-intensive, tedious data analysis with speed and precision GenAI can also be used to create natural-language summaries of incidents and threat assessments, further accelerating and multiplying team output.”
Moreover, when combined with existing AI tools, GenAI can supercharge automation. An LLM integrated into a Security Information and Event Management (SIEM) system could summarize threat alerts, prioritize risks, or suggest mitigation steps based on historical responses. In this way, GenAI doesn’t replace existing AI capabilities but enhances them by adding a creative, context-aware dimension to cybersecurity workflows.
The Benefits of GenAI in Cybersecurity
The ability to generate novel, context-aware outputs offers several key advantages for cybersecurity:
- Improved Threat Simulation: GenAI allows teams to simulate realistic attack scenarios, enabling better preparation for emerging threats. Unlike static simulations, GenAI-driven tests can adapt to mimic the tactics of specific threat actors.
- Enhanced Incident Response: By rapidly analyzing data and generating contextual summaries, GenAI can accelerate decision-making during active threats. It helps responders cut through the noise and focus on actionable insights.
- Augmented Human Expertise: GenAI can generate reports, summaries, or recommendations, freeing human analysts to focus on more complex or strategic tasks. For government agencies, this is particularly valuable given resource constraints.
- Cost Efficiency: Automating repetitive or time-intensive tasks, such as log analysis or phishing simulations, can save resources and improve operational efficiency. In this way, it can help organizations deal with talent shortages and high turnover among skilled cybersecurity staff.
Understanding the Limits of GenAI in Cybersecurity
Shadow AI looms large as a concern. “I’m pretty certain our developers are using tools outside our trusted development zones, and we have little ways to detect this,” one CISO says. “Trust, training, and awareness are important to ensure the employees are ‘doing the right thing,’ but honestly, if they are not, we’d likely not know.”
Complicating matters, efforts to manage the risks associated with AI—like shadow AI—are lagging. A study from IBM and Amazon Web Services found that the vast majority (82%) of respondents believe secure and trustworthy AI is essential, but only 24% are actively securing current GenAI projects.
In other words, GenAI isn’t going to secure itself, and if organizations don’t take the necessary steps to ensure GenAI can be used safely, it can increase risks.
To that end, it’s worth noting at least one naysayer (of GenAI specifically, not AI in general): advisory group Forrester suggests that CISOs might begin deprioritizing GenAI in 2025 by 10% “due to lack of quantifiable value.” They argue that GenAI is currently caught in a hype cycle where, even if it does produce benefit, the practical outcomes can’t yet match the expectation or level of investment being made. “In 2025, the trend will continue, and security practitioners will sink deeper into disenchantment as challenges such as inadequate budgets and unrealized AI benefits reduce the number of security-focused GenAI deployments,” they write.
A Strategic Path Forward
For cybersecurity leaders and CISOs at government agencies (and Forrester’s pessimistic outlook notwithstanding), the adoption of GenAI does represents a potentially sizable opportunity—and perhaps even a necessity in the face of adversaries also adopting GenAI technologies themselves. The key to success, however, is a thoughtful and strategic implementation of GenAI that accurately understands what it can and cannot do. Only then can leaders harness its potential to bolster cybersecurity defenses while maintaining realistic expectations.
About PSL
PSL is a global outsource provider whose mission is to provide solutions that facilitate the movement of business-critical information between and among government agencies, business enterprises, and their partners. For more information, please visit or email info@penielsolutions.com.
