Gen AI for Threat Intelligence: A 3-Step Guide to Minimizing Model-Leak Risk

Tammy Klotz, CISO at materials manufacturer Trinseo, explains how she leverages transformative tools without compromising sensitive data
By Eoin Connolly
Gen AI tools present CISOs with a powerful new set of capabilities for enhancing threat intelligence. From summarizing threat reports to detecting anomaly patterns in unstructured logs, they offer a significant opportunity for security teams to boost productivity.
“This is transformative in how people work,” says Tammy Klotz, CISO of materials manufacturer Trinseo and a speaker at Corinium’s upcoming CISO NY event. “It’s just like the internet. We’ve all learned how to use it – and now we can’t live without it.”
But most Gen AI systems aren’t designed with enterprise-grade data protection in mind. If improperly deployed, they can leak sensitive or proprietary information during inference, or –even more problematically – during retraining phases if prompts are logged.
Klotz provided her insights for the following brief guide on using Gen AI to enhance threat detection and response without compromising your organization’s data.
- Include humans in every Gen AI workflow
Security analysts are well-versed in verifying automated outputs; it’s a significant part of their day-to-day duties. That mindset should carry over to AI-assisted workflows, with an added level of urgency given the potential for LLMs and Gen AI to make mistakes and hallucinate.
It’s always best practice to assume a model might misclassify data or produce misleading summaries. And when you’re working in high-stakes threat environments, there’s simply no reason to take unnecessary risks.
“Awareness is a huge component of my program,” says Klotz. “You can’t just say, ‘We’re protecting the company.’ You have to frame it in a way that shows they – the people – are the strongest point of protection.”
Which is why education is vital at Trinseo: “We do monthly newsletters, hot topic briefings, cybersecurity awareness campaigns, all with a focus on helping people understand risks in a way that sticks.”
Keeping humans in the loop throughout automated workflows ensures that:
- No alerts are actioned purely based on Gen AI suggestions
- Summaries of threat reports undergo peer verification
- Incident response recommendations are traced to their source documents
The collaborative role of humans in the process could be expected to decrease as Gen AI models become ever more reliable and mature. But for the moment, there’s still too much at stake, and too many potential problem areas, to justify leaving humans out of the process.
Just as marketing teams A/B test Gen AI copy, security leaders should be benchmarking:
- The accuracy of LLM-summarized threat reports
- Analyst trust ratings
- False positive and negative rates versus traditional intel parsing
- Organization-specific and proprietary benchmarks
- Use RAG to keep proprietary data off the model
When working with her team, Klotz highlights the importance of keeping proprietary data off of LLMs by using examples that are close to home. “When you put it in a personal context – like asking: ‘Would you put your driver’s license or bank details into a chatbot?’ – it causes people to pause and really think.”
Retrieval-Augmented Generation (RAG) offers a key tool here. This hybrid AI architecture combines an LLM with an external data source. Instead of training the model on your proprietary threat data or allowing it to ingest sensitive intelligence, RAG allows the model to look up information at runtime from a secure database.
RAG allows you to centralize security knowledge (like threat reports, malware signatures, and SOC playbooks) without ever exposing it to the LLM’s training data. The model generates answers by querying this secure source, not by memorizing your content. As a consequence, the potential for organizational risk via data exposure decreases significantly.
A RAG-powered assistant could summarize threat intel or internal security bulletins and translate them into actionable insights for higher-tier analysts, all while leaving the underlying data safely siloed.
To implement RAG:
- Choose an open-source or enterprise-hosted RAG framework, like Haystack or LangChain.
- Integrate with private threat intel repositories such as MISP and Recorded Future APIs
- Ensure the retrieval layer is governed by role-based access controls
- Deploy Gen AI behind a firewall or in a VPC
Using public APIs for Gen AI (ChatGPT, for example, makes its API accessible via OpenAI’s public cloud) introduces exposure risk. Prompts and responses might be logged. And if those pieces of information are inadvertently retained by the provider, they could, in theory, be used to retrain models at a later stage.
CISOs should prioritize Gen AI deployments that can run in private, air-gapped, or Virtual Private Cloud (VPC) environments. These could take the form of self-hosted open models like Mistral and LLaMA, or vendor-hosted options that provide strict data isolation protocols.
You could deploy a private instance of an LLM fine-tuned to run phishing email triage or analyze incident reports, without ever needing to make an outbound call to third-party APIs.
Here are a few questions to ask your vendor to determine package suitability:
- Does your model support single-tenant or customer-dedicated deployments?
- Are prompts, responses, or logs retained in any way?
- Can we monitor and audit model inference requests?
Some cloud providers, like AWS Bedrock and Anthropic's Console, offer enterprise-grade models with stronger data handling guarantees. Still, the adoption of these choices demands a rigorous due diligence process and rock-solid data classification protocols in order to prevent potential data leakage.
To network with and hear talks from Tammy Klotz and other senior cybersecurity executives, apply to attend our CISO New York event on September 9.