Using ChatGPT to Augment Threat Detection

Cloud Security

Skyhawk recently announced a couple of new features that are based on ChatGPT. What’s new?

Watch this video and then read the blog for details:

  1. A new addition to our scoring mechanisms for malicious events called ‘Threat Detector’.

We use the ChatGPT API as an “advisor” to help us be more confident about our scoring mechanism. Our current scoring mechanism has several of these kinds of rules and machine learning based classifiers that can be thought of as advisors, and each one of them takes the score into another direction – but the ML models eventually use all of them to decide on the level of threat of an event. Skyhawk’s new ChatGPT functionality features “countless” new advisors whose opinions we consider in our final scoring mechanism, one that is proficient and smart because it is based on the security data of the whole internet.

  1. A new tab in our product called ‘Security Advisor’.

Skyhawk adds textual explanations (produced by ChatGPT) for the incidents found by the platform. These appear in a new platform tab called the ‘Security Advisor’. Having these textual explanations, in addition to visual representations, helps organizations understand incidents in greater depth and makes them more accessible to security personnel.

How does Chat-GPT help with scoring an Attack Sequence?

Our product uses ML to score security events and track them on a timeline called an “Attack Sequence”. We use Machine Learning labeling functions to “ask questions” about each potential event, and then score those events using proprietary information that we have gathered about security events (as well as the MITRE framework and other contextual components). Each advisor that we use scores whether an event is suspicious or not, and then we aggregate all the advisors’ results to create the Attack Sequence. Now, we’re adding another very strong advisor, that helps us to improve the detection rate and the speed of detection.

How does GPT help?

GPT is trained on reams of security data from across the web. For Skyhawk, it adds yet another point of view that we may not have thought of ourselves – a sort of unknown unknown. It allows us to assess what is considered risky and malicious based on different reports that GPT found on the web. And that gives us more confidence that we’re not missing anything. Because up until now, all these labeling functions of our advisors were actually code that we wrote ourselves, and now we add GPT results – a black box that acts as a sort of super-advisor.

Can you give an example?

Below is a real sequence where Skyhawk was able to alert just before the user actually performed a data extraction. However, GPT raised the flag after the very first activity of the sequence which means that we were able to avoid the data extraction by alerting on this much earlier than before, and of course much earlier than any other product on the market.

ChatGPT Threat Detector Skyhawk

In this image the ‘AWS API failure’ is something that is, while we identified it as is malicious, it’s not yet harmful. So most security products will either not alert, or alert but it will be ignored as something that is not necessarily threatening. But GPT, together with our MBI for this activity, created the confidence to alert the customer that this is a true alert (what we call a Realert).

What is the benefit of our ChatGPT functionality for Skyhawk customers?

The benefit is better security for cloud infrastructure. Security tools need to be as accurate as possible so that we have more alerts that are real and fewer that are that are false positives. The Chat-GPT API adds a layer of confidence because in our tests it found true malicious activity that led to a breach (in 78% of the cases we tested) earlier than without the Chat-GPT data.

It’s as if we take the advice of thousands of security researchers and average them, using the wisdom of the crowds to gain confidence on when to alert customers. This way they can pay attention only to events that are real threats and ignore the rest.

The addition of Chat-GPT scoring allowed us, in 78% of the cases, to alert earlier than we would have with our own baseline score.

Want to learn more? please join the upcoming webinar on April 25th at noon EST by registering here.


Skyhawk Security stands out in a competitive market! The organization is proud to announce that it has been named a finalist in the 2024 Cloud Security Awards program in four categories: Cloud Security Innovator of the Year Best Use of

Cloud SecurityAIData BreachThreat Detection

The Cybertech conference of 2024 was supposed to mark the tenth year of the event that has long been considered the most significant in the local industry. The event that started as an event by Israelis, for Israelis, has long

Cloud SecurityAIData BreachThreat Detection

US National Institute of Standards and Technology (NIST) defines “Attack surface” as: The set of points on the boundary of a system, a system element, or an environment where an attacker can try to enter, cause an effect on, or

Cloud SecurityAIData BreachThreat Detection

It is a fact that the security industry suffers from a chronic shortage of skilled employees. This global shortage, which ISC2 estimates at 4 million professionals. The global workforce is estimated at 5.5 million people, meaning it nearly needs to

Cloud SecurityAIData BreachThreat Detection

Please check out this guest blog post by Alex Sharpe, a Cyber Security Expert with decades of experience. The SEC Cybersecurity Rule is designed to provide transparency so investors can make information decisions. The rule effectively imposes two requirements on

Cloud SecurityAIData BreachThreat Detection

Security teams are quickly realizing the benefits of Generative AI and are incorporating this technology into their security products for earlier detection of risks in the environment. AI can help security teams better recognize and resolve threats and exposures in

Cloud SecurityAIData BreachThreat Detection

Thanks For Reaching Out!

One of our expert will get back to you
promptly at

Fill out the form and we'll schedule your demo
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.