How open-source LLMs are disrupting cybersecurity at scale

Open-source large language models (LLMs) continue to revolutionize the cybersecurity landscape, serving as a strong catalyst for increasing innovation and enabling startups and established vendors alike to accelerate time-to-market.

From new generative AI applications to advanced security tools, these models are proving the foundation of the future of gen AI-based cybersecurity. Open-source models gaining traction in cybersecurity include Meta’s LLaMA 2. LLaMA 3.2, Technology Innovation Institute’s Falcon, Stability AI’s StableLM, and those hosted by Hugging Face, including BigScience’s BLOOM. All of these models are seeing growing adoption and use, thanks in large part to their greater cost-effectiveness, flexibility and transparency.

Cybersecurity software providers are facing a growing set of challenges related to governance and licensing while enabling their platforms to scale in response to the fast-moving nature of open-source LLM development. Designing an architecture that can quickly adapt and capitalize on the latest features that most recent open-source LLMs are providing is challenging.

Itamar Sher, CEO and co-founder of Seal Security, recently sat down with VentureBeat (virtually) to discuss the foundational yet evolving role of open-source LLMs in their operations. “Open-source LLMs enable us to scale security patching for open-source components in ways that closed models cannot,” he said.

The ability to scale models quickly is critical for companies like Seal, which use open-source components to ensure the rapid deployment of patches across different environments. He added that “open-source LLMs give us access to a community that continuously improves models, offering a layer of intelligence and speed that wouldn’t be possible with proprietary systems.”

Open-source LLMs’ growing importance in cybersecurity

Cybersecurity vendors have long relied on making their apps, tools and platforms proprietary to lock customers into a given solution, especially in the areas of threat detection and mitigation. VentureBeat is hearing there’s an intense backlash against this strategy, however, which is further accelerating open source LLM’s popularity.

Gartner’s Hype Cycle for Open-Source Software 2024 reflects the rising prominence of open-source LLMs, placing them at the peak of inflated expectations. This placement reflects what VentureBeat is hearing about a surge in interest and adoption across the cybersecurity vendor landscape and within enterprises.

Credit: Gartner, Inc. (2024, August 8). Hype Cycle for Open-Source Software, 2024 (ID: G00811366). Gartner, Inc.

The Hype Cycle shows that the maturity of open-source LLMs is still emerging, with market penetration between 5% and 20%. The plateau for this technology is predicted to be reached within the next two to five years, emphasizing its rapid growth and growing dominance in cybersecurity.

VentureBeat is seeing more cybersecurity startups capitalize on open-source LLMs’ customization flexibility and scale in their platform, apps and tool strategies. A widespread use case is fine-tuning models to address domain-specific needs, from enhancing real-time threat detection to improving vulnerability management.

Sher said, “By integrating open-source LLMs, we can customize models for specific threats and use cases, which allows us to remain agile and responsive to evolving cybersecurity challenges.”

Comparing the advantages and challenges of open-source LLMs

Open-source LLMs bring several advantages to cybersecurity systems development and operations, including the following:

Customization, scale and flexibility: One of the main drivers for adopting open-source LLMs that’s proving popular with cybersecurity companies standardizing on them is the ability to modify the models for specific use cases quickly. Seal Security’s integration of LLMs into its security platforms, apps, tools and services offerings illustrates how companies can use these models to streamline patch management processes across open-source components. John Morello, CTO and co-founder of Gutsy told VentureBeat in a recent interview that the open-source nature of Google’s BERT open-source language model allows Gutsy to customize and train their model for specific security use cases while maintaining privacy and efficiency.

Community collaboration: Open-source LLMs benefit from the fast-growing base of developer communities pushing their boundaries and scaling daily to solve complex cybersecurity challenges. These communities are setting a fast pace when it comes to continuous innovation, enabling companies, developers and universities to research to benefit from shared insights and improvements. Seal Security, for example, has aligned itself with MITRE’s CVE Numbering Authority (CNA) to enhance collaboration around open-source vulnerabilities.

Reducing vendor lock-in: Open-source models offer enterprises a way to avoid vendor lock-in, giving them more control over costs and reducing dependency on proprietary systems. VentureBeat is seeing this issue become a pivotal one that is core to the future of cybersecurity, with flexibility being the goal. Responding to threats fast and having a consistent approach to deploying patches is vital to cybersecurity’s future.

However, these benefits are not without challenges. Gartner notes in their research that open-source LLMs often require significant infrastructure investments, which can create long-term operational challenges for companies that lack well-funded and staffed in-house IT and security teams.

The licensing complexities associated with open-source models can present legal and compliance risks as well. Sher explained that “open-source models give us transparency, but managing their life cycles and ensuring compliance is still a major concern.”

Open-source LLMs’ cybersecurity contributions are growing

VentureBeat is seeing cybersecurity providers adopting open-source LLMs as core to their platforms, gaining a competitive advantage with their improvements in threat detection and response. Seal Security has been able to leverage open-source models for real-time detection and vulnerability management by integrating them into their security patching systems. According to Sher, “Our infrastructure is designed to quickly switch between different LLMs, depending on the threat landscape, ensuring that we stay ahead of emerging vulnerabilities.”

Gartner predicts that small language models or edge LLMs will see greater adoption across domain-specific applications led by cybersecurity. Edge LLMs, by definition, are decentralized closer to the data they need to analyze, which allows for faster processing and real-time threat detection.

Edge LLMs are designed to require less computational power, making them more manageable and less costly to train, which are ideal for cybersecurity use cases that require real-time speed and accuracy. By being able to function at the edge, these LLMs can rapidly detect threats in environments where latency is critical, such as IoT devices or remote systems.

Protecting against software supply chain attacks

Despite the growing number of contributions open-source LLMs are making, they also come with risks. A significant concern is the rising number of software supply chain attacks. Gartner’s Hype Cycle for Open-Source Software 2024 notes that open-source components have increasingly become targets for state-sponsored attacks. The mean age of vulnerabilities in open-source codebases is approximately 2.8 years, making it vital for companies to implement and keep current their patch management and governance systems.

Seal Security’s recent designation as a CVE Numbering Authority (CNA) is essential for the provider to play a more crucial role in reducing the risks of supply chain attacks. The company can now identify, document, and assign vulnerabilities through the CVE Program, contributing to improving the security of open-source code across the industry. Their partnership with MITRE further enhances this capability, allowing Seal to share findings with the broader cybersecurity community.

As Sher emphasized this collaboration helps enhance security for everyone using open-source software, reinforcing the company’s commitment to the protection of the global software ecosystem.

Looking ahead

Open-source LLMs are redefining the cybersecurity landscape for the better by reducing legacy lock-in from proprietary technologies and platforms. VentureBeat is seeing how quickly these models are advancing in terms of accessibility, quality, and speed, making them a viable alternative to proprietary systems.

For companies like Seal Security, the future lies in continuously evolving their open-source LLM capabilities to stay ahead of the ever-changing threat landscape. “We’re constantly evaluating new models and infrastructures to ensure we can provide the best security solutions for our clients,” Sher concluded.