East Michigan News

Jonathan Gregory, an undergraduate student in computer science at Central Michigan University, is collaborating with Dr. Qi Liao on a project aimed at simplifying cybersecurity through artificial intelligence (AI). Their research focuses on automating penetration testing, which involves simulating cyberattacks to identify and address vulnerabilities in computer systems before they can be exploited by malicious hackers.

Rather than relying on AI models from large corporations such as OpenAI, Gregory and Dr. Liao have opted for the open-source model Mistral 7B. This model operates on a standard laptop using free software. By integrating specific security knowledge into the AI, they were able to successfully identify vulnerabilities within a test system. This demonstrates that sophisticated equipment is not necessary for AI to contribute effectively to cybersecurity.

The primary objective of their work is to make penetration testing more accessible, especially for those new to the field, which traditionally requires extensive experience. Automating aspects of this process with AI could potentially accelerate learning and simplify security testing for beginners.

While the initial results are encouraging—showing that weaknesses can be detected using just a laptop—the technology is still far from being able to fully automate penetration testing. Additionally, there are concerns about the potential misuse of this technology by hackers.

Their findings are documented in their research paper titled “Autonomous Cyberattack with Security-Augmented Generative Artificial Intelligence,” published in the proceedings of the 2024 IEEE International Conference on Cyber Security and Resilience.

Looking ahead, Jonathan Gregory and his team plan to experiment with more advanced AI models. They aim to enhance their system further with the ultimate goal of achieving fully automated penetration testing, thereby improving efficiency and effectiveness in cybersecurity.