Compare and Contrast Various AI Types Used in Cybersecurity

This table maps the major concepts and learning objectives of this lab to the corresponding CompTIA SecAI+ (CY0-001) exam objectives.

Lab Concept/TaskCompTIA SecAI+ (CY0-001) Objective
Compare and Contrast ML, DL, and GenAI Types1.1: Compare and contrast various types of AI used in cybersecurity
Analyzing Supervised, Unsupervised, and RL Techniques1.1: Compare and contrast various types of AI used in cybersecurity
Understanding Data Poisoning and Adversarial Examples2.6: Given a scenario, analyze an attack and implement compensating controls
Evaluating Prompt Engineering for Security Task Automation3.1: Given a scenario, utilize AI tools for security tasks
Understanding Defensive Prompt Engineering (System Prompts, Sandboxing)2.2: Given a scenario, implement security controls for AI systems
Analyzing Model Inversion and Model Extraction Attacks4.2: Explain risks associated with AI

Overview

The rapid evolution of cyber threats necessitates equally advanced defensive mechanisms. Artificial intelligence (AI) has emerged as the cornerstone of modern cybersecurity, offering capabilities for automated threat detection, behavioral analysis, and proactive defense that far surpass traditional methods. This lab provides a comprehensive overview of the AI landscape within cybersecurity, focusing on the distinct types of AI, the critical techniques used to train them, and the emerging discipline of prompt engineering. By the end of this lab, the student will be able to:

  • Compare and contrast the core AI types—machine learning (ML), deep learning (DL), and generative AI (GenAI)—and their specific applications in cybersecurity.
  • Analyze the security implications of various model training techniques, including supervised, unsupervised, and reinforcement learning, and understand the risks of adversarial attacks like data poisoning and adversarial examples.
  • Evaluate the dual role of prompt engineering as both a defensive measure (secure prompting) and an offensive tool (security task automation) in the context of large language models (LLMs), specifically noting the efficiency of the SmolLM2 family of models.

VM Credentials

Username: student

Password: student

Courses

Key terms and descriptions

Artificial Intelligence (AI)
A broad field of computer science concerned with building smart machines capable of performing tasks that typically require human intelligence, such as learning, problem-solving, and decision-making
Machine Learning (ML)
A subset of AI that provides systems with the ability to automatically learn and improve from experience without being explicitly programmed, often used for pattern recognition in security data
Deep Learning (DL)
A specialized sub-field of ML that uses artificial neural networks with multiple layers (deep neural networks) to analyze complex, unstructured data like raw network traffic or system logs
Generative AI (GenAI)
A type of AI that can create new content, such as text, images, or code, often powered by models like large language models (LLMs) and used for both defensive simulation and offensive social engineering
Supervised Learning
An ML technique where the model is trained on a labeled dataset, meaning the input data is paired with the correct output, commonly used for malware classification
Unsupervised Learning
An ML technique where the model is trained on unlabeled data, tasked with finding hidden patterns or intrinsic structures, primarily used for anomaly detection
Reinforcement Learning (RL)
An ML technique where an agent learns to make decisions by interacting with an environment, receiving rewards for desired actions and penalties for undesired ones, often applied to autonomous defense systems
Data Drift
The phenomenon where the statistical properties of the target data change over time, causing a trained ML model's predictions to become less accurate, a critical challenge in dynamic threat environments
Zero-Day Threat Detection
The process of identifying and mitigating a vulnerability or threat that is unknown to security vendors and has no existing patch or signature, often relying on unsupervised learning for anomaly detection
False Positives
A security alert or detection that incorrectly identifies a benign or legitimate activity as malicious, a common issue with anomaly detection systems that can lead to operational disruption
Data Poisoning Attacks
An adversarial attack where an attacker injects malicious, mislabeled data into the training set of an ML model, causing the model to learn incorrect associations and potentially creating a backdoor
Adversarial Examples
Subtly modified inputs designed to intentionally fool a trained ML model, causing it to misclassify the input (e.g., classifying malicious code as benign) while remaining imperceptible to humans
Model Inversion Attacks
A type of attack where an adversary probes a deployed ML model to reconstruct or infer sensitive information about the data used to train the model
Model Extraction Attacks
A type of attack where an adversary attempts to steal the intellectual property of a deployed ML model by querying it repeatedly to reconstruct its parameters and logic
Prompt Engineering
The discipline of crafting precise, structured input (prompts) to guide a GenAI model to produce a desired, relevant, and safe output, especially in security-related tasks
Prompt Injection
A significant threat where an attacker attempts to override the original instructions or safety guidelines of a large language model by injecting a malicious or manipulative prompt
System Prompts
Hidden, high-level instructions provided to a GenAI model that define its persona, constraints, and safety guidelines, acting as a defense layer against prompt injection
Chain-of-Thought (CoT) Prompting
An advanced prompting technique that instructs a model to break down a complex problem into intermediate, logical steps before providing the final answer, improving accuracy and transparency in security analysis
Behavioral Analytics
The use of AI and ML to monitor and analyze user and entity activity patterns to establish a baseline of "normal" behavior, allowing for the detection of deviations that may indicate a security threat
Convolutional Neural Networks (CNNs)
A class of deep neural networks primarily used for image processing, but applied in cybersecurity for analyzing visual representations of malware code or network traffic flow data