AWS re:Invent 2025 - Climbing the AI Mountain With Your Security Team (SEC319)

Climbing the AI Mountain With Your Security Team

Generative AI and Its Impact on Security

• Generative AI models, such as ChatGPT, have rapidly advanced in capabilities, disrupting various industries, including security.
• These models can generate content, code, and solutions based on prompts, posing both opportunities and challenges for security teams.
• The speaker, a distinguished engineer at Amazon's security team, shares insights on how they have adapted to the rise of generative AI and how security teams can leverage these technologies.

The Hype Cycle and Lessons Learned

• The speaker draws parallels between the hype around generative AI and previous technology trends, such as blockchain and the dot-com bubble.
• Lessons learned from these past experiences highlight the importance of separating hype from reality and being cautious about unproven claims.
• However, the speaker emphasizes that generative AI is fundamentally different and presents compelling value for security teams.

Accessibility and Ease of Use

• One of the key advantages of generative AI is its accessibility and ease of use, allowing non-experts to leverage these tools effectively.
• The speaker shares personal experiences, such as his wife using a language model to solve a book categorization problem in minutes, and the speaker using a model to generate G-code for a CNC router, demonstrating the transformative potential of these technologies.
• These examples highlight how generative AI can dramatically improve productivity and enable security teams to focus on more strategic and creative tasks.

Incident Response and Automation

• Incident response is a critical security function that often involves tedious and time-consuming tasks, such as log analysis and timeline reconstruction.
• The speaker introduces a prototype called "Cloudhound," developed during a hackathon, which was able to perform incident response tasks significantly faster and more efficiently than human security engineers.
• By leveraging generative AI to automate and streamline incident response workflows, security teams can free up valuable resources and focus on higher-level analysis and problem-solving.

Addressing Challenges and Risks

• The speaker acknowledges the key challenges associated with generative AI, such as non-determinism, hallucinations, and the potential for models to bypass guardrails.
• To mitigate these risks, the speaker emphasizes the importance of working in loops, where the model's outputs are continuously validated and refined, rather than treating the model's responses as definitive.
• This approach, combined with the use of deterministic validation steps and human oversight, helps security teams leverage the strengths of generative AI while managing its limitations.

Integrating Generative AI into Security Workflows

• The speaker highlights how security teams can integrate generative AI into their software development and deployment processes, enabling them to make code changes and updates more efficiently.
• By using models to generate and validate code, security teams can reduce the burden on software developers and increase the pace of security-related changes.
• The speaker also discusses the concept of "agents," which are narrow, focused AI-powered tools that can be orchestrated to automate various security tasks.

Embracing the Transformation

• The speaker emphasizes the urgency for security teams to embrace generative AI, as their service teams and adversaries are rapidly adopting these technologies.
• Failing to leverage generative AI can lead to security teams falling behind in their ability to keep up with the pace of change and the evolving threat landscape.
• The speaker encourages security teams to start small, experiment, and iterate, as the benefits of even minor automations and augmentations can compound over time.

Conclusion

• The speaker concludes by highlighting the excitement and potential of generative AI for security teams, and the importance of being proactive in adopting and integrating these technologies.
• Security teams that embrace the transformation and learn to effectively leverage generative AI will be better positioned to support their organizations, stay ahead of adversaries, and deliver more value.