I've seen presentations that prove this, and the AI does a better job at crafting phishing urls with a higher success rates than most humans do. This is where we start thinking of the larger AI frameworks as layers..
The real problem we're trying to solve here is context. We're lifting a bunch of "tokens", that usually have more than 3 characters, surrounding them with context and applying a probability value to them. All this with the express purpose of taking the high value indicators and applying them to our defenses in real-time. Not trivial, but not hard either. I'm not an SKLearn or NLTK expert- but I do know what it feels like to block accidentally netflix.com at the border….
Ten years from now, it wouldn't surprise me if, instead of trading threat intel, we were trading data models (reads: 'glorified patterns and/or TTPs). It also wouldn't surprise me if the need for traditional threat intel platforms, went away…
Applied research, content and tools to help you solve real problems.
Did you learn something new? How much is that worth to you?