Author: Liam Hackett, Head of Development and creator of Velma, Rootshell’s own AI.
It’s been a year since I last wrote about AI. Since then, we’ve seen an explosion in AI tools and applications. All starting with the release of ChatGPT. We’ve gone from a curiosity, to mainstream excitement and now it’s plateaued. Probably due to the commonality of applications, putting AI in its tagline to get people’s attention.
Right now, we’re in a tentative position. AI is going through the Gartner hype cycle, of which we’re currently at the “Trough of Disillusionment”. Some news articles talking about how ChatGPT is getting dumber. Every application now a day’s has AI somewhere in the marketing. When in reality, it probably doesn’t…but you can’t prove that.
We went from the position where Microsoft Bing could have dethroned Google as the number one search engine, due to its integration of ChatGPT. But that’s now seeming very unlikely. Google has its own, experimental, Large Language model called Bard.
Facebook has its own, Llama 2, but interest seems to be more on the fight between Twitter and Threads, which neither of which use large language models.
However, this doesn’t mean that large language models aren’t still useful.
At Rootshell, we’ve embraced AI and I’ve highlighted a few ways below that it is being used.
Day-to-day productivity: I know colleagues are doing simple tasks, like writing emails or writing our social media posts by prompting large language models. We have also used large language models in a couple of our product launches and events (see below).
But we can’t completely trust the first output yet. There are still the cases of misunderstanding in the data or prompt that was provided. However due to the relatively low amount output from this method we’re able to correct this before reaching the user.
A currently in development project uses a pre-trained open-source model to transform sentences into mathematical data and then measures the Cosine Similarity to group that data together. This saves a human thousands of hours sifting through hundreds of thousands of documents, justifying and remembering if one document is similar to another document. With this tool, that’s all done for us mathematically.
This method doesn’t utilise an online language model. Instead, it uses the underlying technology used in large language models like ChatGPT, the model is used to study the words in a text, transforming them into mathematical vector data and plotting them on a graph. Having done that, we can take this graphed data and calculate the Cosine Similarity and group related text together. As this is using part of the underlying technology and not AI itself, we can expect a constant outcome of the data provided.
Keep an eye out in the near future to find out what we are developing. You won’t be disappointed.
Summarising Text: Our recently announced AI Velma uses a Large Language Model to help summarise articles and internet sources to help easily provide context to the end user about active vulnerabilities found on the internet.
We have used this in conjunction with another method of summarising text and currently provide both to the end user. We found that sometimes text is added that does not provide appropriate context. This is why we also provide an additional algorism-based solution.
This algorithm ranks sentences, figures out the keywords in the sources and dictates a summary around those keywords.
Our hope is that this improves with future data models, experimenting more with the model’s temperature to refine the output, using an Open-Source model to easily generate our own text summarizer that is consistent or falling back to an algorithm-based generator completely.
Design and creativity resource: The third example isn’t utilizing a large language model in an application, but instead designing a t-shirt. For the Infosec 2023 Exhibition, we needed to create some t-shirts to give away on our stand. These started with some low effort, easy to make pun-based t-shirts. However, using Midjourney a large language model image generator, we were able to quickly create several mocked up t-shirt designs. We then picked our favourite design, before handing that to an external artist to create a bespoke t-shirt design based on the image we generated.
With all these examples we’re either directly using a large language model or the underlying technology of the model.
There’s been a lot of talk about the dangers of AI. Most of these worries are misplaced. The dangers we should worry about AI is how people use them.
A nuclear bomb does not explode on its own.
AI like ChatGPT is not self-thinking, nor does it have any real understanding of the data you’re providing it. The biggest thing ChatGPT does is to build its own context of what you’re asking it and using that to funnel off to a directory of underlying applications that OpenAI have built.
The danger is how people use it. Deep fakes are the most immediate danger, not from the loss of jobs for artists. But in the believably in fake news stories. If it becomes incredibly easy to fake an image or video the worry is that fake news stories can be reinforced with this “evidence”. Fool people to believing fake news to not believing real news in fear that it has been faked.
If you would like have a demo to learn more about how we are using AI in our Active Exploit Detection (for the greater good!) please click below.
Subscribe So You Never Miss an Update
