No content

Sr. Security Researcher at Microsoft Author of Visual Threat Intelligence https://SecurityBreak.io & https://unprotect.it @Fr0gger_

No content

Challenges in Threat Intelligence Introduction to Prompt Engineering Techniques & Common Pitfalls Case Studies & Practical Applications (with code examples) Future Insights

Leverage AI for enhanced capabilities. Time-consuming understanding Overwhelming data New analysts' learning curve Fast-evolving threats

Prompt Engineering is the the discipline and science of crafting effective prompts to guide AI models, especially LLMs, to desired outputs.

Clarity: Clearly define the task you want the model to perform. Specificity: Be as detailed as necessary to avoid ambiguous results. Iteration: Continuously refine prompts based on AI feedback.

Over-complexity: Avoid making prompts overly detailed. Ambiguity: Vague prompts can lead to generic responses. Blind Trust in the Model: Over-reliance on the model's capabilities without verification. No Examples: not providing example inputs and outputs. Misplaced Belief in Model's Understanding: Assuming the model can intuitively understand your meaning. Ignoring Obsolescence: Failing to update prompts in line with model updates or changes in data.

Precision and specificity Close ended question You are a threat intelligence analyst, analyze the provided data to identify MITRE ATT&CK techniques, and present in Markdown with columns for ID, Description, and Comments. Here are my data: Role Definition / Contextual Awareness Clear Objectives Iterative refinement

Self-Consistency Generate Knowledge Tree of Thoughts ReAct Graph Prompting Role Prompting Zero-shot Prompting Few-shot Prompting Directional Stimulus Prompting

What is Few-Shot prompting? Guides ML models using example prompts for task understanding. Zero-Shot vs Few-Shot Zero-Shot: No example prompts. Few-Shot: Uses example prompts for clarity. Why Use Few-Shot Prompting? Enhances task-specific accuracy. Ideal for complex or nuanced tasks.

Source: https://store.securitybreak.io/theintelbrief

RAG is a technique used to combine retrieval-based and generative models Two Phases: Retrieval & Generation Retrieval: Searches Database Generation: Context-Relevant Response Customize with Your Own Data! Prepare your data Tokenization Split in smaller Chunks Embeddings and Vector Model is ready for input

Source: https://otrf.github.io/GPT-Security-Adventures/experiments/ATTCK-GPT/notebook.html#generate-knowledge-base-embeddings

No content

What is ReAct? A logic framework for creating intelligent agents. Allows agents to perform complex tasks through a series of actions. Core Components Reason: The agent's thought process to decide the next action. Act: The actual action taken by the agent based on reasoning. How Does It Work? Action → Observation → Thought Cycle The agent performs an action. Observes the result. Thinks (Reasons) about the next step. https://peterroelants.github.io/posts/react-repl-agent/

No content

No content

No content

No content

No content

HTTPS://GITHUB.COM/FR0GGER/AWESOME-GPT-AGENTS

AI in Threat Intelligence Generative AI can address challenges in threat intelligence. Crafting the right prompt The importance of clearly defining objectives in prompt engineering. Mastering Techniques Understanding various methods like Few-Shot Learning, RAG, ReAct, etc.

https://hbr.org/2023/06/ai-prompt-engineering-isnt-the-future

Thomas Roccia @fr0gger_ SecurityBreak.io