Google releases security LLM at RSAC to rival Microsoft’s GPT-4-based copilot

Today in the Moscone Center, San Francisco, at RSA Conference 2023 (RSAC), Google Cloud announced Google Cloud Security AI Workbench, a security platform powered by Sec-PaLM, a large language model (LLM) designed specifically for cybersecurity use cases. 

Sec-PaLM modifies the organization’s existing PaLM model and processes Google’s proprietary threat intelligence data alongside Mandiant’s frontline intelligence to help identify and contain malicious activity, and coordinate response actions. 

“Imagine a world where you know, as you’re generating your infrastructure, there’s an auto-generated security policy, security control, or security config that goes along with that,” Eric Doerr, VP of Engineering at Google Cloud, said in an interview with VentureBeat. “That’s one example that we’re working on that we think will be transformative in the world of security operations and security administration.”

One of the tools included as part of Google Cloud Security AI Workbench is VirusTotal Code Insight, released today in preview, which allows a user to import a script and analyze it for malicious behavior.

Another, Mandiant Breach Analytics for Chronicle, entering preview in summer 2023, uses Google Cloud and Mandiant threat intelligence to automatically notify users about breaches, while using Sec-PaLM to find, summarize and respond to threats discovered within the environment.  

Kickstarting the defensive generative AI war 

The announcement comes as more organizations are beginning to experiment with defensive use cases for generative AI, as part of a market that MarketsandMarkets estimates will reach a value of $51.8 billion by 2028. 

One such vendor, SentinelOne, also unveiled a LLM security solution today at RSAC that uses algorithms like GPT-4 to accelerate human-led threat-hunting investigations and orchestrate automated responses. 

Another key competitor experimenting with defensive generative AI use cases is Microsoft with Security Copilot, an AI assistant that combines GPT-4 with Microsoft’s proprietary data to process threat signals and create a written summary of potential breach activity.

Other vendors, like cloud security provider Orca Security and Kubernetes security company ARMO, have also begun experimenting with integrations that leverage generative AI to automate SOC operations. 

However, Doerr argues that Google Cloud’s data sets it apart from existing security solutions that leverage generative AI. 

“I really think we have an unparalleled amount of data relative to security, to train the model to speak security very well,” Doerr said, pointing to the data gathered across the Google product ecosystem through Mandiant threat intelligence, Chrome, Gmail and YouTube. 

In addition, Doerr also notes that Google Cloud customers will be able to use the LLM as it is offered out-of-the-box or plug in their own data to refine the mode.