The work comes out at a time when threat groups are ramping up their use of ChatGPT and other AI functions in their arsenal of malicious tools. The threat hunting platform is one step toward leveling the playing field, or so Ric Smith, SentinelOne's chief product and technology officer, said.
He added:"We're putting the same technology in the hands of security teams, so they can respond and head them off just as fast."Cybercriminal adoption of AI has been fast, according to companies selling products to combat that AI.
As for the platform's inner workings, SentinelOne's AI threat-hunting platform relies on two components for the dataset it trains on, the broader cybersecurity domain and the security data lake built from data and other information collected by the vendor, according to Smith. For example,"analysts can ask questions using natural language, such as 'find potential successful phishing attempts involving PowerShell' or 'find all potential Log4j exploit attempts that are using 'jndi:ldap' across all data sources,' and get a summary of results in simple jargon-free terms, along with recommended actions they can initiate with one click, like 'disable all endpoints,'" Smith said.