The Growing Use of AI and LLMs (Part 1)

The increasing complexity of cyber threats and the current trend of AI adoption by threat groups are key indicators that cybersecurity needs to keep pace by fighting fire with fire. We’re seeing many organizations implement AI and LLMs to enhance their overall cybersecurity mechanisms.

With more persistent and sophisticated cybersecurity threats, traditional methods are no longer up to the task. Businesses need systems that can counter both the agility and complexity of current and future threats.

Large Language Models (LLM) AI and Machine Learning (ML) have emerged as powerful tools enabling advanced threat detection methods. Recently, Eron Howard, Novacoast’s Chief Operating Officer, and Carlos Bello, an Analyst and Developer at Novacoast, met to discuss AI and LLMs, automation, and other tools businesses can embrace and develop for a more comprehensive security posture. This is part one of their conversation.

Building AI Solutions

Eron Howard: On the AI front, let’s say I’m at a company today where I want to have a use case to build an AI solution. There are some easy options, such as Microsoft CoPilot Studio, a wizard that lets me upload some Word docs and point them at a SharePoint site. You can even integrate some actions.

It’s using their old chat agent framework, so it’s already similar to a sales chat engine. I’ve also logged into what Google has, and it seems more underdeveloped, like it’s missing half of the terminology. I wouldn’t understand it unless I read up on how to configure and train a large language model to do these things.

What are your thoughts on these tools and whether companies should or shouldn’t use them?  

Carlos Bello: I haven’t played with those tools, but the way I see it, it’s a good way for a company to see the potential of how AI can help them out. Based on what you’re describing, there’s not too much granularity on how you can do things.

You’ll require custom development when you need custom integrations that these platforms don’t support by default. I find that I need more controls over the types of output the AI produces and the kinds of actions it can do. When you reach that point, a developer needs to create those more complex workflows. That’s how I describe it.

EH: You had referred to workflows and chaining these. Maybe chaining isn’t the correct word, but it’s where you’re chaining these large language models together to get the required responses. Can you give an overview of this? What are all the pieces and parts of an AI solution?

CB: I would probably group it into a few things—the brains of it is where I’d start, that’s the LLM itself. The Large Language Model LLM is like an auto-complete, that’s the best way to describe it. If you give it one word, like “hello,” it will come up with the next most likely word.

The way that the modern LLM works is, for example let’s use a chatbot—all it does is append your prompt with, say, the word “user” immediately before it. So, it’s user:<your prompt>, and at the end of it, it appends the word assistant:, and it knows that this is likely a call and response portion, so it will fill up what it thinks an assistant would fill up.

Starting from there gives you a good idea of what kind of workflows you can build around these LLMs. If that’s how a chatbot begins, you can modify this structure to get the desired output.

LLMs Workflows and Orchestrations

CB: Next, you’d have something called a workflow, orchestrator, framework, or something similar. These are usually the terms they’re using, and they all format whatever input you give it so that when you feed it to the LLM, you get the output you expect.

If you wanted something more complex, you could append it to the end of the prompt, like, “Return to me in JSON format with these keys and values, and the values should be of type whatever,” whether it’s string or int or something like that.

At this point, the workflow or orchestrator, or whatever you’re calling it, connects to the designated database or file system, and that’s where all the custom integrations will come in.

You can create a system that is as complex as required. For example, the big thing that came out recently was deep research. Google, Perplexity, and OpenAI each released one. All of that exists at the orchestrator level, from the inputs that the user gives. It’s passed to the LLM, saying basically: based on these, give me a few things, like prerequisite information that I need to be able to answer this question, and then it formats it like Google searches, document searches in JSON format and passes that back to the orchestrator.

The orchestrator will fetch all of this information and feed it back into the LLM using the initial prompt, so much of this is very complicated prompt engineering.

EH: A layperson’s view would be like this: It’s easy. I pick my LLM, send in some prompts, and get something back. But if you’re saying the LLM is the starting point if you’re building a detailed use case—the orchestration to get you the best results might involve pre-modifying the prompt and then coming back and doing something else with that.

CB: Yes, that’s precisely how it works. But you can see that as the use case becomes more complex, you’d want more control over how it does things. For example, if you’re asking a question about your internal data, you wouldn’t want it to make Google searches about your internal data.

That’s when you reach more complex parts, where you must format the LLM to route the questions correctly. Sometimes, that’s accomplished through fine-tuning, where you teach it to identify such classifications: “Oh, this is an internal question!”—it knows to forward it to an internal database instead of a Google search.

It gets really complex depending on the use case. The more complex your data sets are, the more complicated your types of queries are, and the more complex the workflows and controls need to be.

How Many LLMs Are Required

EH: Each AI use case may contain multiple layers of splitting out to different LLMs. And the big “a-ha” moment is you’ll likely need multiple LLMs for any less-than-basic solution.

CB: The answer to that is use case dependent. For example, we have one big LLM and one small LLM for a project I’m working on now. The big LLM does all of the reasoning, like text generation. It needs another smaller LLM, probably 100th of the size of the larger one, for stuff like context retrieval. But, honestly, you could run it with only one LLM.

EH: Is the idea of the small LLM that you want a distinct LLM because you want to have only that specific data set considered, and not poisoned by data from the outside world?

CB: The small LLM I’ve referred to is called an embedding LLM. It works since LLMs are so good at searching and you can use it with LLMs, matrices, or vectors.

It’s a long list of numbers, so each word has an associated number. This way, it splits each document up into chunks. Then, it passes it to the LLM, the smaller LLM, and says, “For each chunk of work, give a number to signify the content of each chunk.” When you ask a question like “what are the quarterly earnings for this company?” the LLM creates a number for your question. The number is a big vector for your question, and then it tries to find the closest vector among your documents for that.

The smaller LLM does nothing but help you find relevant files or documents related to your question. After that, when it fetches the data, it passes it to the bigger LLM, which generates all of the tokens of the text generation. So, traditionally, you’d need at least two LLMs. But these are for more complex solutions.

Meta released an LLM called Llama Guard, and it’s a middleman between the final user and the LLM since the LLM might start saying things it’s not supposed to say. All Llama Guard does is filter what the LLM says to ensure it doesn’t spew things the LLM shouldn’t. So, you can begin creating layers of different LLMS to do different things.

CB: Some LLMs are distinctly trained in certain things. Some are more general and only do token generation. There are specific ones that do embedding, and some that check the content they generate to make sure there isn’t anything they shouldn’t be saying.

You could start with as little as one LLM. Some use the ChatGPT API, specifically OpenAI GPT4.0, to build entire applications. The moment you need drag, you’d use a second API for the embedding. If you need to check the actual load, you’d need a third API for that other LLM. So, it can be as small or complex as required.

EH: Right—It is easier to follow use cases. For example, I imagine if you’re doing something that includes text, voice, and video, each one would need its own.

CB: Yeah, there’s that. Some LLM sets combine them into one. Llama 3.1, for example, has a hex video and audio LLM with the image processing part built into it.

EH: Oh, it’s all in one.

CB: Exactly. It really depends on the use case and its complexity. The hard part is figuring out how complex it should be to serve the requirements.

What Skillsets are Required in LLMs

EH: It seems that some DevOps skills are required here, as well as some coding skills. Which is the most important skill set?

CB: Yes, from the prompt engineering aspect, because you are making many custom prompts that get appended to other things, having a good idea of how to communicate with the other lens is critical. For example, one of my system prompts contains stuff the LLM shouldn’t forget.

One of my system prompts was you’re, you are.

Let’s say I tell AI you are internal AI. Respond as a helpful assistant. That’s typically how system prompts work. If you ask it, “Who are you?” it won’t be able to answer. If you ask it, “What are you?” it will be able to answer.

So, I am internal AI, and the formatting in the initial prompts is complex because AI doesn’t quite understand exactly what is being said.

The Future of LLMs

EH: Right. But, yeah, I’m kind of dovetailing into a few more topics I want to hit, such as security. Topics jumping out at me are both the future of work and the future, like if I’m in school right now.

How do I prepare for this new world? Is learning some type of coding essential?

I think it’s vital for everybody, but I would also imagine that computer classes that teach prompt engineering are important and probably under a computer major with psychology and sociology majors.

CB: I agree. Yeah.

Eron and Carlos continue their conversation in The Growing Use of AI and LLMs (Part 2).