AI & Generative AI in Cybersecurity: From Detection to Defense
Overview
This 3-day hands-on program is designed for cybersecurity analysts, SOC engineers, AI practitioners, and IT risk managers to understand how Artificial Intelligence (AI) and Generative AI (GenAI) can be leveraged to detect, prevent, and respond to modern cyber threats. Through real-world tools, live demonstrations, and case-based exercises, participants will gain the skills to apply AI across a range of cybersecurity use cases.
Day 1: Foundations of AI in Cybersecurity
The first day focuses on building a strong foundation in AI/ML techniques and how they are applied in cybersecurity operations, from basic anomaly detection to malware classification.
Topics Covered:
- The Modern Threat Landscape
Understanding the evolution of cybersecurity threats and where traditional tools fall short. Discussing ransomware, APTs, phishing attacks, and insider threats.
- Why AI in Cybersecurity?
Exploring the need for intelligent systems that can learn from patterns and adapt to new threat vectors without hardcoded rules.
- Introduction to AI/ML for Security
Fundamentals of supervised and unsupervised learning. Classification vs. clustering. Use of decision trees, SVM, random forests, and neural networks in threat modeling.
- Security Data Sources for AI
How logs, NetFlow, firewall outputs, EDR data, SIEM alerts, and endpoint telemetry feed into AI models.
- Use Case: Anomaly Detection in Network Traffic
Using unsupervised learning (e.g., Isolation Forest, K-Means) to detect lateral movement or port scanning in a dataset of network traffic.
- Use Case: Malware Detection using ML
Feature engineering from binaries, logs, and sandbox reports. Participants will build a malware classifier using Python (Scikit-learn or XGBoost).
Tools Introduced:
- Scikit-learn
- Splunk for data collection
- Wireshark sample packet analysis
- Open datasets: CICIDS2017, VirusShare
Case Study:
Darktrace’s AI-driven SOC – How behavioral AI was used to detect zero-day threats before signature-based tools flagged them.
Day 2: GenAI Applications in Cyber Defense
This day explores the transformative role of Generative AI in cybersecurity, especially in automating SOC responses, summarizing threats, and detecting phishing attempts using LLMs.
Topics Covered:
- Understanding Generative AI in Security
What makes GenAI different? Overview of large language models (LLMs) such as GPT-4, Claude, Gemini, and their architecture.
- Prompt Engineering for Security Tasks
How to write structured prompts for GenAI to generate useful security content like:
- Threat summaries
- IOC enrichment
- Compliance explanation
- Log file interpretation
- Use Case: Phishing Detection with GenAI
Using LLMs to analyze the language patterns in emails to distinguish between phishing and legitimate messages. Comparison with traditional spam filters.
- Use Case: GenAI-Powered SOC Assistant
Building an assistant using OpenAI API that takes an incident ticket or alert and:
- Summarizes the log
- Suggests a containment or remediation step
- Suggests analyst queries or MITRE TTPs
- Hands-on Lab: Create a Threat Intelligence Chatbot
Participants use LangChain and OpenAI to create a chatbot that answers questions like “What is the TTP of Emotet?” or “Summarize this threat advisory.”
- Use Case: Generating YARA and Sigma Rules Automatically
Demonstrating how GenAI can assist in writing pattern-based detection rules by converting malware characteristics into detection scripts.
Tools Introduced:
- OpenAI GPT API
- LangChain
- HuggingFace Transformers
- Sigma/YARA rule repositories
- Browserless scraping for threat intel
Case Study:
MITRE ATLAS Project – Real-world applications of AI in mapping adversarial behaviors and generating attack simulations with language models.
Day 3: Advanced AI, Offensive Use Cases & Ethical Considerations
The final day focuses on advanced applications including red teaming with GenAI, insider threat detection, and how AI is embedded into cybersecurity tools. It ends with a discussion on responsible AI use.
Topics Covered:
- Use Case: Insider Threat Detection
Using AI to monitor abnormal user behavior (UBA/UEBA). Analysis of access patterns, privilege escalations, and login anomalies.
- Use Case: Identity Fraud Detection
Using facial recognition liveness detection and behavior biometrics. Integration of tools like FaceNet and liveness APIs to prevent fake KYC attempts.
- Use Case: Red Teaming with GenAI
Simulating adversarial attacks using GenAI:
- Auto-generating social engineering emails
- Crafting payload scripts
- Bypassing simple phishing filters
- Tool Showcase: Commercial Solutions with Embedded AI
A walkthrough of modern tools that use AI under the hood:
- Darktrace – Behavioral anomaly detection
- CrowdStrike Falcon – Endpoint protection with ML
- Vectra AI – AI-driven network detection
- Microsoft Sentinel – AI + ML for threat hunting
- Lab: Automate SOC Ticket Triage Using AI
Using Python and ChatGPT to read a log entry or alert and:
- Categorize it (true positive, false positive)
- Suggest containment step
- Generate incident summary
- Responsible AI & Governance in Cybersecurity
Discussing AI model bias, hallucination risks, false positives, and adversarial inputs. Ethical red flags, compliance with NIST AI RMF and EU AI Act.
Case Study:
Capital One Data Breach Analysis – Could behavioral AI have helped prevent or mitigate the insider-led breach? Discussion on detection gaps.
