Can Generative AI (ChatGPT, Gemini) be used to simulate social engineering attacks for employee training? I’m looking for ways to create more realistic phishing scenarios without spending a fortune on external consultants. Is it safe to use AI for this?
3 answers
Using Generative AI (ChatGPT, Gemini) for phishing simulations is a double-edged sword. It can certainly create very convincing emails that mimic internal company communications, which is great for training. However, you must be extremely careful about the prompts you use so you don't violate the AI's safety policies or inadvertently leak internal names and structures into the model's training set. It’s best used to generate generic templates that you then customize locally on a secure system.
Do you think hackers are already using these same tools to improve their real attacks? The level of "polish" in recent phishing attempts I've seen is much higher than last year.
It's also helpful for summarizing complex security logs. It can help junior analysts spot patterns that might indicate a slow-and-low breach attempt.
Good point, Helen. It really helps bridge the skill gap for newer team members. Generative AI (ChatGPT, Gemini) is becoming a standard part of the SOC toolkit.
Jerry, absolutely. That's why using Generative AI (ChatGPT, Gemini) for defense and training is so critical. We have to understand the tools the adversaries are using. It’s an AI arms race now, and staying behind means being vulnerable to much more sophisticated social engineering.