<— Back

GPT vs Malware Analysis: Pitfalls and Mitigations

For what fundamental reasons does The Big Promise of AI fail in domains that require deep expertise such as malware analysis, and what can we do to mitigate that failure? What do we do when GPT-4 casually suggests an analyst should take a course of action that multiplies the project’s time cost by a factor of three thousand? In this talk we will probe, characterize, name and give examples of the limiting principles that together constitute the ‘hard ceiling’ we encountered trying to apply GPT-4 to malware analysis, and other problem domains that require expertise. We will then show a variety of techniques that we used to break free of these limitations.

Ben Herzog – Check Point Software

Ben is a security researcher. His technical work includes reverse engineering of Rust PL features and cryptanalysis of targeted ransomware. He has also published technical profiles of various malware strains, as well as many introductory texts and detailed reviews on the subjects of malware, cryptography and vulnerability research.