One common topic I’m pulled into meetings to explain is prompt engineering. Artificial intelligence is a great asset however, WORDS MATTER!!!! For example, if you ask an AI system that has access to various security tools “tell me where I’m vulnerable”, a vulnerability could be anything from an expired certificate to host system weakness. It could even be a weak password policy. Also, the same data points could be in multiple tools. Let’s say you are a little more specific about host vulnerabilities. Tools such as SIEMs/XDR, endpoint detection and response (EDR), agent vulnerability scanners, network vulnerability scanners, and asset management tools could all have that data.
The point is, there is a learning curve everybody will face as they adopt AI into their lives … and specifically security practice. The transparency of the AI solution is a good indicator of how well your prompting is being received meaning are you able to be specific enough to instruct the AI to go to the desired resource(s) for your data, and is the data the right type of data you are looking for. A good AI solution will tell you the path it took to find your answer based on your prompting.
Microsoft blog posted an introduction to prompt engineering, which is a good starting point to better understanding prompt engineering fundamentals. That post can be found HERE.
The blog post includes references to top security related prompts as well as introduce the idea of prompt books. Prompt books are really cool as they are a prerecording of multiple questions, so you don’t have to continue to ask the same thing. Instead, you can just pull up a prompt book that lists all of the questions you would want to ask for a specific topic and quickly get going. I predict a marketplace and other sources of popular prompting and prompt books to explode in growth online in the near future.