Generative AI (GAI) Use for Cybersecurity Resilience: A Scoping Literature Review

Jessica Parker

doi:10.30560/ijas.v8n2p1

Jessica Parker Marymount University, United States

DOI: https://doi.org/10.30560/ijas.v8n2p1

Keywords: Artificial Intelligence (AI), cybersecurity, Generative Artificial Intelligence (GAI), information security

Abstract

With cyberattacks increasing in volume and number, organizations are increasingly at risk of adverse financial and reputational impacts. Cyber attackers are quick to implement technologies like Generative Artificial Intelligence (GAI) to enhance attacks, while organizations have yet to fully benefit from GAI to improve cybersecurity defenses. This scoping literature review analyzes current research and identifies gaps in the literature about how Generative Artificial Intelligence (GAI) can be used to enhance cybersecurity resilience. The analysis includes an overview of GAI, ethical considerations and challenges, future directions and research opportunities, and a discussion of how this GAI research can be applied.

References

Aceto, G., Giampaolo, F., Guida, C., Izzo, S., Pescapè, A., Piccialli, F., & Prezioso, E. (2024). Synthetic and privacy-preserving traffic trace generation using generative AI models for training network intrusion detection systems. Journal of Network and Computer Applications, 229, 103926. https://doi.org/10.1016/j.jnca.2024.103926
Alawida, M., Shawar, B. A., Abiodun, O. I., Mehmood, A., Omolara, A. E., & Hwaitat, A. K. A. (2024). Unveiling the dark side of ChatGPT: Exploring cyberattacks and enhancing user awareness. Information, 15(1), 27. https://doi.org/10.3390/info15010027
Aldasoro, I., Doerr, S., Gambacorta, L., Notra, S., Oliviero, T., & Whyte, D. (2024). Generative artificial intelligence and cyber security in central banking. BIS Papers. https://doi.org/10.1093/jfr/fjae008
Almeida, J., & Gonçalves, T. C. (2024). The AI revolution: Are crypto markets more efficient after ChatGPT 3? Finance Research Letters, 66, 105608. https://doi.org/10.1016/j.frl.2024.105608
Alwahedi, F., Aldhaheri, A., Ferrag, M. A., Battah, A., & Tihanyi, N. (2024). Machine learning techniques for IoT security: Current research and future vision with generative AI and large language models. Internet of Things and Cyber-physical Systems, 4, 167–185. https://doi.org/10.1016/j.iotcps.2023.12.003
Andreoni, M., Lunardi, W. T., Lawton, G., & Thakkar, S. (2024). Enhancing autonomous system security and resilience with Generative AI: A comprehensive survey. IEEE Access, 12, 109470–109493. https://doi.org/10.1109/access.2024.3439363
Bandi, A., Adapa, P. V. S. R., & Kuchi, Y. E. V. P. K. (2023). The power of generative AI: A review of requirements, models, input–output formats, evaluation metrics, and challenges. Future Internet, 15(8), 260. https://doi.org/10.3390/fi15080260
Banko, M., Brili, E., Dumais, S., & Lin, J. (2002). AskMSR: Question answering using the worldwide web. In Proceedings of 2002 AAAI Spring Symposium on Mining Answers from Texts and Knowledge Bases, 7-9. https://cs.uwaterloo.ca/~jimmylin/publications/Banko_etal_AAAI2002.pdf
Bartolo, A. (2023, February 16). GitHub Copilot update: New AI model that also filters out security vulnerabilities. Educator Developer Blog. https://techcommunity.microsoft.com/blog/educatordeveloperblog/github-copilot-update-new-ai-model-that-also-filters-out-security-vulnerabilitie/3743238
Bengio, Y., Hinton, G., Yao, A., Song, D., Abbeel, P., Darrell, T., ... & Mindermann, S. (2024). Managing extreme AI risks amid rapid progress. Science, 384(6698), 842-845. https://doi.org/10.1126/science.adn0117
Caldwell, A. (2023). Novel cybersecurity challenges within Artificial Intelligence. Journal of Internet Technology and Secured Transaction, 11(1), 796–801. https://doi.org/10.20533/jitst.2046.3723.2023.0098
Dhoni, P. S., & Kumar, R. (2023). Synergizing generative Artificial Intelligence and cybersecurity: Roles of generative Artificial Intelligence entities, companies, agencies and government in enhancing cybersecurity. Journal of Global Research in Computer Sciences. 14(3). https://doi.org/10.4172/2229-371X.14.3.005
Dixit, P., & Silakari, S. (2021). Deep learning algorithms for cybersecurity applications: A technological and status review. Computer Science Review, 39, 100317. https://doi.org/10.1016/j.cosrev.2020.100317
Drew, J. (2024). Tech roundtable: There’s more to AI than ChatGPT: Our panel provides perspective on the potential, perils, and place of GenAI in the wider context of Artificial Intelligence and automation. Journal of Accountancy, 237(4), 22–25.
Dwivedi, R., & Elluri, L. (2024). Exploring generative Artificial Intelligence research: A bibliometric analysis approach. IEEE Access, 12, 119884–119902. https://doi.org/10.1109/access.2024.3450629
Eaton, C., Rundle, J., & Uberti, D. (2021, May 9). U.S. pipeline shutdown exposes cyber threat to energy sector. Wall Street Journal. https://www.wsj.com/articles/u-s-pipeline-shutdown-exposes-cyber-threat-to-energy-sector-11620574464
Eze, C. S., & Shamir, L. (2024). Analysis and prevention of AI-Based phishing email attacks. Electronics, 13(10), 1839. https://doi.org/10.3390/electronics13101839
García-Peñalvo, F., & Vázquez-Ingelmo, A. (2023). What do we mean by GenAI? a systematic mapping of the evolution, trends, and techniques involved in generative AI. International Journal of Interactive Multimedia and Artificial Intelligence, 8(4), 7. https://doi.org/10.9781/ijimai.2023.07.006
Gill, S. S., & Kaur, R. (2023). ChatGPT: Vision and challenges. Internet of Things and Cyber-physical Systems, 3, 262–271. https://doi.org/10.1016/j.iotcps.2023.05.004
Google Cloud. (2023). Cybersecurity forecast 2024: Insights for future planning. https://cloud.google.com/resources/security/cybersecurity-forecast
Guo, D., Chen, H., Wu, R., & Wang, Y. (2023). AIGC challenges and opportunities related to public safety: A case study of ChatGPT. Journal of Safety Science and Resilience, 4(4), 329–339. https://doi.org/10.1016/j.jnlssr.2023.08.001
Gupta, M., Akiri, C., Aryal, K., Parker, E., & Praharaj, L. (2023). From ChatGPT to ThreatGPT: Impact of generative AI in cybersecurity and privacy. IEEE Access, 11, 80218-80245. https://doi.org/10.1109/ACCESS.2023.3300381
Hamouda, D., Ferrag, M. A., Benhamida, N., Seridi, H., & Ghanem, M. C. (2024). Revolutionizing intrusion detection in industrial IoT with distributed learning and deep generative techniques. Internet of Things, 26, 101149. https://doi.org/10.1016/j.iot.2024.101149
Hassenstein, M. J., & Vanella, P. (2022). Data quality—concepts and problems. Encyclopedia, 2(1), 498-510. https://doi.org/10.3390/encyclopedia2010032
Hu, M., Behar, E., & Ottenheimer, D. (2024). National security and federalizing data privacy infrastructure for AI governance. Fordham Law Review, 92(5), 1829–1853.
Huang, K., Wang, X., Wei, W., & Madnick, S. (2023). The devastating business impacts of a cyber breach. Harvard Business Review. https://hbr. org/2023/05/thedevastating-business-impacts-of-a-cyber-breach.
Humphreys, D., Koay, A., Desmond, D., & Mealy, E. (2024). AI hype as a cyber security risk: the moral responsibility of implementing generative AI in business. AI and Ethics, 1-14. https://doi.org/10.1007/s43681-024-00443-4
Intrusion detection and prevention systems reviews and ratings. (n.d.). Gartner. Retrieved October 4, 2024, from https://www.gartner.com/reviews/market/intrusion-prevention-systems
IRONSCALES. (2023, June 20). IRONSCALES revolutionizes email security with powerful new generative AI capabilities. https://ironscales.com/news/ironscales-announces-themis-copilot
Jovanovic, M., & Campbell, M. (2022). Generative Artificial Intelligence: Trends and prospects. Computer, 55(10), 107-112. https://doi.org/10.1109/MC.2022.3192720
Juma'h, A. H., & Alnsour, Y. (2020). The effect of data breaches on company performance. International Journal of Accounting & Information Management, 28(2), 275-301. https://doi.org/10.1108/IJAIM-01-2019-0006
Jüttner, V., Grimmer, M., & Buchmann, E. (2024). ChatIDS: Advancing explainable cybersecurity using generative AI. International Journal on Advances in Security, 17(1), 2. https://www.researchgate.net/profile/Victor-Juettner/publication/382069889_ChatIDS_Advancing_Explainable_Cybersecurity_Using_Generative_AI/links/668bd697714e0b03154c15cb/ChatIDS-Advancing-Explainable-Cybersecurity-Using-Generative-AI.pdf
Kallonas, C., Piki, A., & Stavrou, E. (2024, May). Empowering professionals: a generative AI approach to personalized cybersecurity learning. In 2024 IEEE Global Engineering Education Conference (EDUCON) (pp. 1-10). IEEE. https://doi.org/10.1109/EDUCON60312.2024.10578894
Kam, H. J., Zhong, C., & Johnston, A. (2024). The impacts of generative AI on the cybersecurity landscape. In ECIS 2024 TREOS. 9. https://aisel.aisnet.org/treos_ecis2024/9
Kaur, R., Gabrijelčič, D., & Klobučar, T. (2023). Artificial intelligence for cybersecurity: Literature review and future research directions. Information Fusion, 97, 101804. https://doi.org/10.1016/j.inffus.2023.101804
Khatun, M. A., Memon, S. F., Eising, C., & Dhirani, L. L. (2023). Machine learning for healthcare-IoT security: A review and risk mitigation. IEEE Access, 11, 145869–145896. https://doi.org/10.1109/ACCESS.2023.3346320
Kissinger, H. A., Schmidt, E., & Huttenlocher, D. (2021). The age of AI: And our human future (1st ed.). Little, Brown and Company.
Kolochenko, I., & Heiskell, M. P. (2024). Generative AI, cybersecurity and cybercrime for lawyers: Myths, risks and benefits. Mealey's litigation report: Artificial Intelligence, 1(10). https://platt.law/Generative-AI-Cybersecurity-and-Cybercrime-for-Lawyers.pdf
Lee, D. (2023, June 15). Introducing SecureFrame Comply AI: Faster, tailored cloud remediation. Secureframe. https://secureframe.com/blog/secureframe-comply-ai
Lee, N. (2024). Counterterrorism and cybersecurity: Total information awareness (3rd ed.). Springer. https://doi.org/101007/978-3-031-63126-9
Li, H., & Li, Y. (2022). Anomaly detection methods based on GAN: A survey. Applied Intelligence, 53(7), 8209–8231. https://doi.org/10.1007/s10489-022-03905-6
Lim, W., Chek, K. Y. S., Theng, L. B., & Lin, C. T. C. (2024). Future of generative adversarial networks (GAN) for anomaly detection in network security: A review. Computers & Security, 103733. https://doi.org/10.1016/j.cose.2024.103733
Loh, E. (2023). ChatGPT and generative AI chatbots: Challenges and opportunities for science, medicine and medical leaders. BMJ Leader, 0, 1–4. https://doi.org/10.1136/leader-2023-000797
Lyngaas, S. (2023, December 1). Federal investigators confirm multiple US water utilities hit by hackers. CNN. https://www.cnn.com/2023/12/01/politics/us-water-utilities-hack/index.html
Mahboubi, A., Luong, K., Aboutorab, H., Bui, H. T., Jarrad, G., Bahutair, M., Camtepe, S., Pogrebna, G., Ahmed, E., Barry, B., & Gately, H. (2024). Evolving techniques in cyber threat hunting: A systematic review. Journal of Network and Computer Applications, 232, 104004. https://doi.org/10.1016/j.jnca.2024.104004
Makridis, C. A. (2021). Do data breaches damage reputation? Evidence from 45 companies between 2002 and 2018. Journal of Cybersecurity, 7(1). https://doi.org/10.1093/cybsec/tyab021
Mamgai, A. (2023, October 16). Generative AI with cybersecurity: friend or foe of digital transformation? ISACA. https://www.isaca.org/resources/news-and-trends/industry-news/2023/generative-ai-with-cybersecurity-friend-or-foe-of-digital-transformation
Mavikumbure, H. S., Cobilean, V., Wickramasinghe, C. S., Drake, D., & Manic, M. (2024, July). Generative AI in cyber security of cyber physical systems: Benefits and threats. In 16th International Conference on Human System Interaction (HSI), 1-8. https://doi.org/10.1109/HSI61632.2024.10613562
Microsoft. (2024). National Public Data breach: What you need to know. Microsoft Support. Retrieved October 2, 2024, from https://support.microsoft.com/en-us/topic/national-public-data-breach-what-you-need-to-know-843686f7-06e2-4e91-8a3f-ae30b7213535
Microsoft. (n.d.). AI for cybersecurity: Protect with AI. https://www.microsoft.com/en-us/security/business/solutions/generative-ai-cybersecurity
Miller, K. (2024, April 18). Rural Texas towns report cyberattacks that caused one water system to overflow. AP News. https://apnews.com/article/texas-muleshoe-water-systems-cyberattacks-russia-5f388bf0d581fc8eb94b1190a7f29c3a
Munn, Z., Peters, M. D., Stern, C., Tufanaru, C., McArthur, A., & Aromataris, E. (2018). Systematic review or scoping review? Guidance for authors when choosing between a systematic or scoping review approach. BMC medical research methodology, 18, 1-7. https://doi.org/10.1186/s12874-018-0611-x
National Institute of Standards and Technology. (2024). Artificial Intelligence risk management framework: Generative Artificial Intelligence profile. In NIST.gov (NIST AI 600-1). https://doi.org/10.6028/nist.ai.600-1
NVIDIA. (n.d.). Spear Phishing Detection AI Workflow. https://www.nvidia.com/en-us/ai-data-science/ai-workflows/spear-phishing/
Palani, K., Kethar, J., Prasad, S., & Torremocha, V. (2024). Impact of AI and generative AI in transforming cybersecurity. Journal of Student Research, 13(2). https://doi.org/10.47611/jsrhs.v13i2.6710
Panchamia, V., Harchwani, A., & Momaya, T. (2024). Cybersecurity renaissance: Navigating threats, ethical hacking, and risk mitigation in the digital era. International Journal of Scientific Research in Engineering and Management (IJSREM), 08(01), 1–10. https://doi.org/10.55041/ijsrem28181
Parker, J. (2023, October). Behind the scenes of AI: How data drives the intelligence. [Professional organization presentation]. Society for Information Management Las Vegas Chapter, Las Vegas, NV, United States.
Pasupuleti, R., Vadapalli, R., & Mader, C. (2023, November). Cyber security issues and challenges related to generative AI and ChatGPT. In Tenth International Conference on Social Networks Analysis, Management and Security (SNAMS), 1-5. https://doi.org/10.1109/SNAMS60348.2023.10375472
Pattison-Gordon, J. (2024). Michael Makstman. GovTech. https://www.govtech.com/top-25/michael-makstman
Peters, M. D., Godfrey, C., McInerney, P., Munn, Z., Tricco, A. C., & Khalil, H. (2020). Chapter 11: Scoping reviews. JBI manual for evidence synthesis. https://doi.org/10.46658/jbimes-20-12
Petrosyan, A. (2024, September 26). U.S. companies at risk of cyberattacks according to CISOs 2021-2024. Statista. https://www.statista.com/statistics/1448307/companies-at-material-cyberattack-risk-us/#statisticContainer
Ponemon Institute & IBM Security. (2023). Cost of a data breach 2023. IBM Corporation.
Potti, S., & Joyce, S. (2024, May 6). Introducing Google Threat Intelligence: Actionable threat intelligence at Google Scale. Google Cloud Blog. https://cloud.google.com/blog/products/identity-security/introducing-google-threat-intelligence-actionable-threat-intelligence-at-google-scale-at-rsa/
Poulsen, K., McMillan, R., & Evans, M. (2021, September 30). A hospital hit by hackers, a baby in distress: The case of the first alleged ransomware death. Wall Street Journal. https://www.wsj.com/articles/ransomware-hackers-hospital-first-alleged-death-11633008116
PricewaterhouseCoopers. (2023). The C-suite playbook: Putting security at the epicenter of innovation. https://www.pwc.com/us/en/services/consulting/cybersecurity-risk-regulatory/library/global-digital-trust-insights.html?
Privacy Rights Clearinghouse. (2023, September). Data breach chronology. PrivacyRights.org. https://privacyrights.org/data-breaches
Quintero, B. (2023, April 24). Introducing VirusTotal Code Insight: Empowering threat analysis with generative AI. https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html
Raman, R., Calyam, P., & Achuthan, K. (2024). ChatGPT or Bard: Who is a better Certified Ethical Hacker? Computers & Security, 140, 103804. https://doi.org/10.1016/j.cose.2024.103804
Raman, R., Pattnaik, D., Hughes, L., & Nedungadi, P. (2024). Unveiling the dynamics of AI applications: A review of reviews using scientometrics and BERTopic modeling. Journal of Innovation & Knowledge, 9(3), 100517. https://doi.org/10.1016/j.jik.2024.100517
Renaud, K., Warkentin, M., & Westerman, G. (2023). From ChatGPT to HackGPT: Meeting the cybersecurity threat of generative AI. MIT Sloan Management Review.
Rundle, J., & Nash, K. S. (2024, October 16). For some companies, the real cost of a cyberattack is telling everyone about it. Wall Street Journal. https://www.wsj.com/articles/for-some-companies-the-real-cost-of-a-cyberattack-is-telling-everyone-about-it-735bee74
Russell, S. J., & Norvig, P. (2022). Artificial Intelligence: A modern approach (4th ed.). Pearson India Education Service Pvt. Ltd.
Rust, M., & Ruiz, R. (2021, May 13). Why the Colonial Pipeline shutdown is causing gas shortages. Wall Street Journal. https://www.wsj.com/articles/why-the-colonial-pipeline-shutdown-is-causing-gasoline-shortages-11620898203
Saddi, V. R., Gopal, S. K., Mohammed, A. S., Dhanasekaran, S., & Naruka, M. S. (2024, March). Examine the role of generative AI in enhancing threat intelligence and cyber security measures. In 2nd International Conference on Disruptive Technologies (ICDT), 537-542. https://doi.org/10.2209/ICDT61202.2024.10489766
Sai, S., Yashvardhan, U., Chamola, V., & Sikdar, B. (2024). Generative AI for cyber security: Analyzing the potential of chatgpt, dall-e and other models for enhancing the security space. IEEE Access. 12, 53497-53516. https://doi.org/10.1109/ACCESS.2024.3385107
Sarker, I. H. (2021). Deep cybersecurity: A comprehensive overview from neural network and deep learning perspective. SN Computer Science, 2(3), 154. https://doi.org/10.1007/s42979-021-00535-6
SentinelOne. (2023, April 26). Purple AI: Empowering cybersecurity analysts with AI-Driven threat hunting, analysis & response. https://www.sentinelone.com/blog/purple-ai-empowering-cybersecurity-analysts-with-ai-driven-threat-hunting-analysis-response/
Shahid, A. R. B., & Imteaj, A. (2024). Sticks and stones may break my bones, but words will never hurt me!—Navigating the cybersecurity risks of generative AI. AI & Society, 1-2. https://doi.org/10.1007/s00146-024-01934-y
Shipkowski, B. (2024, October 7). American Water, the largest water utility in US, is targeted by a cyberattack. AP News. https://apnews.com/article/american-water-cyberattack-36423062dbce05c9aa70ef8aa07810cb
Snyder, H. (2019). Literature review as a research methodology: An overview and guidelines. Journal of business research, 104, 333-339. https://doi.org/10.1016/j.jbusres.2019.07.039
Snyk. (n.d.). SNYK Developer Security Platform. https://snyk.io/platform/
SonicWall. (2024). 2024 SonicWall cyber threat report. In SonicWall. https://www.sonicwall.com/medialibrary/en/white-paper/2024-cyber-threat-report.pdf
Ssetimba, I. D., Kato, J., Pinyi, E. O., Twineamatsiko, E., Nakayenga, H. N., & Muhangi, E. (2024). Advancing electronic communication compliance and fraud detection through machine learning, NLP and generative AI: A pathway to enhanced cybersecurity and regulatory adherence. World Journal of Advanced Research and Reviews, 23(2), 697-707. https://doi.org/10.30574/wjarr.2024.23.2.2364
Stratton, S. J. (2019). Literature reviews: Methods and applications. Prehospital and disaster medicine, 34(4), 347-349. https://doi.org/10.1017/S1049023X19004588
Szmurlo, H., & Akhtar, Z. (2024). Digital sentinels and antagonists: The dual nature of chatbots in cybersecurity. Information, 15(8), 443. https://doi.org/10.3390/info15080443
Takale, D. G., Mahalle, P. N., & Sule, B. (2024). Cyber security challenges in Generative AI technology. Journal of Network Security Computer Networks, 10(1), 28-34.
Teig, J., & Eiken, A. (2024). Use of Generative AI in Offensive Cybersecurity: A case study using PentestGPT with GPT-4 and Dolphin2. 5 (Bachelor's thesis, NTNU). https://ntnuopen.ntnu.no/ntnu-xmlui/handle/11250/3139808
Tenable. (n.d.). Tenable ExposureAI: Harness the power of generative AI for preventive security. https://www.tenable.com/solutions/exposure-ai
Teo, Z. L., Quek, C. W. N., Wong, J. L. Y., & Ting, D. S. W. (2024). Cybersecurity in the generative Artificial Intelligence era. Asia-Pacific Journal of Ophthalmology, 13(7), 100091. https://doi.org/10.1016/j.apjo.2024.100091
Torre, D., Mesadieu, F., & Chennamaneni, A. (2023). Deep learning techniques to detect cybersecurity attacks: A systematic mapping study. Empirical Software Engineering, 28(3). https://doi.org/10.1007/s10664-023-10302-1
Truong, T. C., Zelinka, I., Plucar, J., Čandík, M., & Šulc, V. (2020). Artificial Intelligence and cybersecurity: Past, presence, and future. In Artificial intelligence and evolutionary computations in engineering systems (pp. 351-363). Singapore: Springer Singapore. https://doi.org/10.1007/978-981-15-0199-9_30
Turner Lee, N., Resnick, P., & Barton, G. (2019, May 22). Algorithmic bias detection and mitigation: Best practices and policies to reduce consumer harms. Brookings. https://www.brookings.edu/articles/algorithmic-bias-detection-and-mitigation-best-practices-and-policies-to-reduce-consumer-harms/
US Census Bureau. (2024, September 3). Population and housing unit estimates. Census.gov. https://www.census.gov/programs-surveys/popest.html
Vemuri, N., Thaneeru, N., & Tatikonda, V. M. (2024). Adaptive generative AI for dynamic cybersecurity threat detection in enterprises. International Journal of Science and Research Archive. 11(01), 2259–2265. https://doi.org/10.30574/ijsra.2024.11.1.0313
Verdejo, C., Tapia-Benavente, L., Schuller-Martínez, B., Vergara-Merino, L., Vargas-Peirano, M., & Silva-Dreyer, A. M. (2021). What you need to know about scoping reviews. Medwave, 21(02), e8144. https://doi.org/10.5867/medwave.2021.02.8144
Wang, M. (2024). Generative AI: A new challenge for cybersecurity. Journal of Computer Science and Technology Studies, 6(2), 13-18. https://doi.org/10.32996/jcsts.2024.6.2.3
World Economic Forum & Accenture. (2024). Global cybersecurity outlook 2024. World Economic Forum. https://www3.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2024.pdf
Yi, J.-K., & Yao, Y.-F. (2024). Advancing quality assessment in vertical field: Scoring calculation for text inputs to large language models. Applied Sciences, 14(16), 6955. https://doi.org/10.3390/app14166955
Zhang, Z., Ning, H., Shi, F., Farha, F., Xu, Y., Xu, J., ... & Choo, K. K. R. (2022). Artificial Intelligence in cyber security: research advances, challenges, and opportunities. Artificial Intelligence Review, 1-25. https://doi.org/10.3390/fi15090286