How open source LLMs are disrupting cybersecurity at scale

Open source large-language models (LLM) continue to revolutionize the cybersecurity landscape, serving as a powerful catalyst for increasing innovation and enabling both startups and established vendors to accelerate time to market.

From new generative AI applications to advanced security tools, these models underpin the future of AI-powered cybersecurity. Open source models gaining traction in cybersecurity include Meta’s LLaMA 2. LLaMA 3.2, Technology Innovation Institute’s Falcon, Stability AI’s StableLM, and Hugging Face-hosted models including BigScience’s BLOOM. All of these models are enjoying increasing adoption and use, largely due to their greater cost-effectiveness, flexibility and transparency.

Cybersecurity software providers face increasing management and licensing challenges while enabling their platforms to scale in response to the rapidly changing nature of open source LLM development. Designing an architecture that can quickly adapt and take advantage of the latest features offered by the latest open source LLM platforms is a challenge.

Itamar Sher, CEO and co-founder of Seal Security, recently sat down with VentureBeat (virtually) to discuss the fundamental but evolving role of open source LLM solutions in their operations. “Open-source LLMs enable us to scale security patching for open-source components in a way that closed-source models cannot,” he said.

The ability to scale models quickly is crucial for companies like Seal that use open source components to ensure patches can be deployed quickly across environments. He added that “open source LLM programs give us access to a community that is constantly improving models, offering a layer of intelligence and speed that would not be possible with proprietary systems.”

The growing importance of open source LLM in cybersecurity

Cybersecurity providers have long relied on proprietary applications, tools and platforms to lock customers into a solution, particularly in the areas of threat detection and mitigation. However, VentureBeat is hearing backlash against this strategy, which is making the open source LLM even more popular.

Gartner’s 2024 Open Source Hype Cycle reflects the growing importance of open source LLM solutions, placing them at the top of inflated expectations. This placement reflects what VentureBeat is hearing about increased interest and adoption across the cybersecurity vendor and enterprise landscape.

Source: Gartner, Inc. (2024, August 8). Open Source Hype Cycle, 2024 (ID: G00811366). Gartner, Inc.

The hype cycle shows that the maturity of open source LLM solutions continues to grow, with market penetration ranging from 5% to 20%. The technology is expected to plateau in the next two to five years, highlighting its rapid development and growing dominance in the cybersecurity field.

VentureBeat sees more and more cybersecurity startups benefiting from the flexibility and scale of adapting open source LLM solutions into their platforms, applications and tool strategies. A common use case is tuning models to meet domain-specific needs, from improving real-time threat detection to improving vulnerability management.

Sher said: “By integrating open-source LLM solutions, we can tailor models to specific threats and use cases, allowing us to remain agile and responsive to evolving cybersecurity challenges.”

Comparing the advantages and challenges of an open source LLM

Open source LLMs bring several benefits to the development and operation of cybersecurity systems, including:

Personalization, scale and flexibility: One of the main drivers of open-source LLM adoption, which is popular with cybersecurity companies standardizing on it, is the ability to quickly modify models for specific use cases. Seal Security’s integration of LLM into its security platforms, applications, tools and service offerings demonstrates how companies can leverage these models to streamline patch management processes across open source components. John Morello, Gutsy’s chief technology officer and co-founder, told VentureBeat in a recent interview that the open-source nature of Google’s BERT language model allows Gutsy to customize and train its model for specific security use cases while maintaining privacy and performance.

Social Collaboration: Open source LLM companies benefit from a rapidly growing community of developers who push their boundaries and scale every day to solve complex cybersecurity challenges. These communities are setting the rapid pace when it comes to continuous innovation, enabling companies, developers and universities to conduct research to benefit from shared insights and improvements. For example, Seal Security has partnered with MITRE’s CVE Numbering Authority (CNA) to improve collaboration on open source software vulnerabilities.

Reducing supplier lock-in: Open source models offer enterprises a way to avoid vendor lock-in, giving them greater control over costs and reducing their reliance on proprietary systems. VentureBeat sees this issue as crucial to the future of cybersecurity, with flexibility being the goal. Responding quickly to threats and taking a consistent approach to patching is crucial to the future of cybersecurity.

However, these benefits are not without challenges. Gartner notes in its research that open source LLM solutions often require significant infrastructure investments, which can create long-term operational challenges for companies that lack well-funded and trained internal IT and security teams.

The licensing complexities associated with open source models can also create legal and compliance risks. Sher explained that “open source models give us transparency, but managing their lifecycles and ensuring compliance is still a major concern.”

The contribution of the open source LLM to cybersecurity is growing

VentureBeat sees cybersecurity vendors adopting open-source LLM solutions as the core of their platforms, gaining a competitive advantage through improvements in threat detection and response. Seal Security was able to leverage open source models for real-time detection and management of vulnerabilities by integrating them with its security patching systems. According to Sher, “Our infrastructure is designed to quickly switch between different LLMs, depending on the threat landscape, so we can stay ahead of emerging vulnerabilities.”

Gartner predicts that small language models or edge LLMs will be increasingly used in domain-specific, cybersecurity-driven applications. Edge LLMs, by definition, are decentralized closer to the data they need to analyze, allowing for faster processing and real-time threat detection.

Edge LLM is designed to require less processing power, making it easier to manage and less expensive to train, making it ideal for cybersecurity applications that require real-time speed and accuracy. With the ability to operate at the edge, LLM networks can quickly detect threats in environments where latency is critical, such as IoT devices or remote systems.

Protection against software supply chain attacks

Despite the growing number of contributions that open source LLM programs make, they also come with risks. A serious problem is the growing number of attacks on the software supply chain. Gartner’s Hype Cycle for Open-Source Software 2024 report notes that open source components are increasingly becoming the target of state-sponsored attacks. The average age of vulnerabilities in open source code bases is approximately 2.8 years, making it important for companies to implement and update patch management and management systems.

Seal Security’s recent designation as a CVE Numbering Authority (CNA) is essential for the vendor to play a more critical role in reducing the risk of supply chain attacks. The company can now identify, document and assign vulnerabilities through the CVE program, helping to improve the security of open source code across the industry. Their partnership with MITER further enhances this capability, enabling Seal to share findings with the broader cybersecurity community.

Sher said this collaboration helps increase the security of all those using open source software, reinforcing the company’s commitment to protecting the global software ecosystem.

Looking to the future

Open source LLM companies are redefining the cybersecurity landscape by reducing reliance on legacy technologies and platforms. VentureBeat sees how quickly these models are evolving in terms of availability, quality and speed, making them a viable alternative to proprietary systems.

For companies like Seal Security, the future lies in continually developing open source LLM capabilities to stay ahead of the ever-changing threat landscape. “We are constantly evaluating new models and infrastructures to ensure we can provide our customers with the best security solutions,” Sher concluded.