11 Oct 2023
by John Sotiropoulos

Safeguarding the UK economy: Unlocking the security potential of Generative AI

Guest blog by John Sotiropoulos, Senior Security Architect at Kainos Software #techUKCyber2023

In an era of deep changes, cyber threats are constantly evolving.  Although demand for Cyber Security skills continues to outstrip supply, protecting the UK economy has never been more critical. Our Cyber Security team is pioneering the use of Generative AI to meet this challenge head-on, offering scalable and dynamic solutions that secure services and contribute to the nation's economic stability.  

While we're at the forefront of adopting the technology that will help safeguard the future, we are also safeguarding the technology itself by contributing to industry leading LLM security standards and ensuring the technology is used responsibly and safely.  

Innovative Applications 

Leveraging our culture of technical exploration, realised through hackathons, dedicated innovation periods, and domain-specific investigations, we have explored the following applications of Generative AI: 

  1. ChatGPT for OWASP ASVS Tests: Leveraging ChatGPT's code generation capabilities, we’ve automated the generation of OWASP Application Security Verification Standard (ASVS) tests from threat models and system contexts. By automating the generation of critical security tests, we are ensuring faster compliance and fortifying the digital infrastructure the UK economy relies on. 
  1. DASTy, a Chrome Developer Plugin: An intelligent plugin that performs on-the-fly HTTP traffic analysis. Using ChatGPT, our plugin provides real-time assessment of security vulnerabilities, mitigations, and tailored recommendations whilst offering a chat-based investigation mode. The plugin exemplifies the use of Generative AI to detect evolving vulnerabilities and help security professionals evaluate them in context.  
  1. Auto Configuration of Secure Cloud Environments: Our members are participating in the UK cyber community, and one of our Security Engineers recently won first place at the HackTheHub Fintech Hackathon. Their winning proof-of-concept uses ChatGPT to auto-configure secure cloud environments from text-based non-functional requirements. This is a step towards ensuring the cloud services essential to the UK's economy are secure by design, reducing the risk of cyber threats.  

Setting the Global Standard for Securing Generative AI 

We work as part of the Core Team for the OWASP Top 10 for Large Language Model (LLM) Applications. The recently published version 1 of this list has already become an industry de-facto standard, adopted by U.S. departments and agencies, and inspiring a wealth of tutorials, including contributions from IBM's distinguished engineers. As part of the OWASP Top 10 for LLM apps project, we are actively collaborating with NIST's Trustworthy AI researchers and other standard bodies and agencies to share knowledge and findings.  This helps ensure the UK is both leading and benefiting from a collaborative approach to Generative AI security.  

Safeguarding Usage, Data, and Customer Privacy 

Our use of Generative AI has privacy by default as its heart, preventing the re-use of sensitive data for model training and memorisation.  Clear rules and guidelines that protect data and customer privacy help ensure that Generative AI is harnessed securely and does not pose risks to the data-driven UK economy. 

We work closely with Suzanne Brink, our Data Ethicist, to ensure we harness a culture of Ethical AI. Having a human in the loop to review and verify Generative AI output is central to safe usage, protecting us from bias and model hallucinations.  

The Future Is Bright, but Only If We Make It So 

Generative AI is a technological revolution in the making with both possibilities and peril. We are committed to discovering the former while mitigating the latter. Through diligent and proactive use, we increase understanding. More importantly, we navigate toward a future where Generative AI is not just powerful but also safely harnessed for the effective delivery of cyber security. 


techUK’s Cyber Security Week 2023 #techUKCyber2023

The Cyber Programme team are delighted to be hosting our annual Cyber Security Week between 9-13 October.

Click here to read all the insights

Join us for these events!

11 October 2023

Cyber Innovation Den 2023

Central London Conference

Cyber Security Programme

The Cyber Security Programme provides a channel for our industry to engage with commercial and government partners to support growth in this vital sector, which underpins and enables all organisations. The programme brings together industry and government to overcome the joint challenges the sector faces and to pursue key opportunities to ensure the UK remains a leading cyber nation, including on issues such as the developing threat, bridging the skills gap and secure-by-design.

Learn more

Join techUK's Cyber Security SME Forum

Our new group will keep techUK members updated on the latest news and views from across the Cyber security landscape. The group will also spotlight events and engagement opportunities for members to get involved in.

Join here

Cyber Security updates

Sign-up to get the latest updates and opportunities from our Cyber Security programme.

 

 

 

 

Related topics

Authors

John Sotiropoulos

John Sotiropoulos

Senior Security Architect, Kainos Software

John Sotiropoulos is a Senior Security Architect at Kainos, helping secure large-scale projects. Prior to Kainos, he provided technical and product leadership to successful start-ups like Metastorm and Alfresco. His interests include privacy, cloud security, and securing AI. An active OWASP contributor, he's on the Core Experts Team for the OWASP Top 10 for LLM applications and is working on a forthcoming book on Adversarial AI.