Imagine asking ChatGPT how to make lasagna from scratch and getting this response:

That’s obviously not the help you'd be looking for unless you’re planning to enter next year’s farmer's market. Anyone familiar with ChatGPT would know how to fix this: either revise the original request to be more specific, like “Give me step-by-step instructions for making lasagna at home with easy-to-find ingredients,” or reply with clarifying instructions. The former method is ideal, in my experience, but either interaction serves as a real-time training exercise. Specifically, we’re talking about reinforcement learning from human feedback (RLHF) to make ChatGPT better.

Think back to what it was like in late 2022. It was like chatting with a 10-year-old who had read every book in the world...lots of knowledge, but no context. And now? It’s more like having a conversation with someone who understands exactly why adding more garlic doesn’t necessarily make your lasagna taste better.

So, what does this have to do with email security? Just as ChatGPT learns from user interactions to refine its responses and better understand context, AI in cybersecurity needs to adapt based on real-time user and expert feedback to effectively counter sophisticated cyber threats.

How ChatGPT Mirrors AI in Cybersecurity

ChatGPT improves its responses based on how users guide it, highlighting a crucial aspect of AI in cybersecurity. This AI not only scans massive data sets to detect threats quickly but also relies on human insights to refine its accuracy and adapt to new types of challenges.

In my research for the whitepaper "Why AI Alone is Not Enough," I explored how AI and machine learning are critical for detecting known cyber threats, particularly in email security. These systems excel at identifying patterns within large volumes of data. However, their ability to spot new threats they haven't previously encountered is limited.

A Real-World Example: The PayPal Phishing Incident

Consider the sophisticated phishing scheme that masqueraded as a legitimate PayPal invoice request.

This attack circumvented all standard AI detections because it was actually sent from PayPal using a merchant account. It's perfectly formatted, passes all authentication and reputation checks, the sender address and return path are correct, and the links were genuine. It was an alert employee who reported the subtle, but dangerous anomaly—an international phone number that was a direct line to bad guy headquarters. This incident led us to refine our AI models to better detect such sophisticated threats in the future.

Why Both AI and Human Insight Are Necessary

The PayPal example calls out a fundamental truth—while AI and machine learning provide the speed and scalability necessary for modern cybersecurity, it does not possess the nuanced understanding that humans bring to the table. Integrating AI with human insights not only improves our ability to detect threats but also reduces false positives and negatives, optimizing our security measures.

So, as we face an evolving landscape of cybersecurity threats, a combined approach of AI and human insights is essential. With attackers increasingly using generative AI to enhance their tactics, our defense strategies must also advance.

I invite you to explore these concepts further and discover practical implementations by downloading the full whitepaper, "Why AI Alone is Not Enough."