Skynet the CTI Intern: Building Effective Machine Augmented...
Scott J Roberts
BSidesSF 2024 · Day 1
This talk, "Skynet the CTI Intern: Building Effective Machine Augmented Intelligence," delivered by Scott J Roberts, Head of Threat Research at Interpres, delves into the practical application of large language models (LLMs) and generative AI within real-world Cyber Threat Intelligence (CTI) workflows. Roberts candidly shares his experimental journey, exploring the pros and cons of integrating these nascent technologies into daily operations, emphasizing the importance of setting realistic expectations and focusing on tangible outcomes rather than speculation.
AI review
This talk cuts through the usual LLM hype by presenting a series of practical experiments integrating machine augmentation into real-world cyber threat intelligence workflows. The speaker demonstrates both successes and failures in tasks ranging from summary generation and one-off data creation to complex MITRE ATT&CK technique extraction and STIX 2 object merging. The candid approach to what worked and what didn't, backed by actual code and results, provides valuable insights for CTI teams looking to leverage these tools effectively.