Note: This blog post is the second in a series on AI and how to leverage it managing and measuring your Security Awareness, Culture and Human Risk efforts. This post introduces you to Generative AI. In this post I use ChatGPT as the example but similar Generative AI solutions include Google Bard and Microsoft Bing. To learn more about AI, Generative AI and the different sub-fields, I recommend you first read this blog post which provides an overview.
What is Generative AI?
Generative AI is the type of AI you are most likely going to use, it is what creates new resources for you. Examples of Generative AI include solutions that create imagery, videos, sound, documentation, project plans and business cases; answer questions, translate content or, in many ways, process and respond to information just like a human. It is this capability that exponentially increases the impact of your actions and accelerates your career, while saving you time and money.
Generative AI works by you providing an input and it provides an output. The key to leveraging Generative AI is knowing how to ask or tell it what you want, that is called the prompt. Prompt engineering is your ability to ask effective prompts. Here is how the company OpenAI describes prompts:
OpenAI's GPT (generative pre-trained transformer) models have been trained to understand natural language and code. GPTs provide text outputs in response to their inputs. The inputs to GPTs are also referred to as "prompts". Designing a prompt is essentially how you "program" a GPT model, usually by providing instructions or some examples of how to successfully complete a task.
The first thing you need to understand is Generative AI is not a search engine. Instead, it’s like talking to a trusted subject matter expert (SME), just like you would to another person. How I often leverage Generative AI is not for it to create the content I want, but to have it help give me ideas or options I did not think of, review content I’ve created, or explain concepts to me that I do not understand. For example, one of the best ways to better understand AI is ask it with this very simple prompt:
What is Artificial Intelligence and the sub-fields that make it up?
For this blog post I’m going to start with the Generative AI known as ChatGPT, owned by the company OpenAI. There are hundreds of other Generative AI solutions, and I’ll be covering some of those in future blog posts. However, ChatGPT is one of the most well-known, easiest to use and, in many cases, one of the most versatile and useful. If you do not have an account with ChatGPT, I suggest you create a free account and start playing with it.
Now, back to prompt engineering. As covered, prompt engineering is the art of asking Generative AI what you want. The better you formulate your prompt, the more useful the response.
Let’s start with a simple example. Say you need to create a script for a short video explaining what Vishing is and demonstrating how your workforce can easily identify Vishing attacks. What you would NOT want to do is enter this as a prompt:
Create me a script on how to detect Vishing attacks.
While that is what you are looking for, ChatGPT will have very little guidance or context. The same could be said if you asked a cybersecurity SME the same question; they would not have enough context to truly help you. ChatGPT will do it, but the script may not be the length you want, it may not include the action items you are looking for, or use the voice or tone you want. These are the key elements you need in any prompt:
Context + The Ask + Output Format = Effective Prompt
Context: Provide ChatGPT context, just like you would any SME you are dealing with. In the case of writing this video script, perhaps something like this:
I’m a security awareness officer for my company. We are in the financial industry and concerned that we are becoming more and more targeted with Vishing attacks. I need your help in creating a script for a short video that explains Vishing to my workforce.
The Ask: Provide details on what you are looking for. The more specific you are the better the results. The nice thing here is you can be very specific. AI is very patient; you are not going to bore or irritate them with all your specific asks.
In this video be sure to explain what Vishing is, what makes the attack so dangerous and the top five most common ways you can detect it. Make sure one of the ways to detect includes a strong sense of urgency.
Output Format: This is the real power of ChatGPT. You can then explain how you want the output. Do you want to limit the words, limit the time? Do you want the output as bullet points or as a table? Do you want it detailed or overviewed? Do you want highly technical language or simplified? You can be as demanding as you want, ChatGPT will never get frustrated with you.
Be sure to keep the script simple to understand and write it at a 9th grade level. Ensure that the video is no longer than 2 minutes long.
This is what your final prompt could look like.
I’m a security awareness officer for my company. We are in the financial industry and concerned that we are becoming more and more targeted with Vishing attacks. I need your help in creating a script for a short video on Vishing. In this video be sure to explain what Vishing is, what makes the attack so dangerous and the top five most common ways you can detect it. Make sure one of the ways to detect includes sense of urgency. Also, be sure to keep the script simple to understand and write it at a 9th grade level. Ensure that the video is no longer than 2 minutes long.
Go ahead, try it out! Pretty cool, huh? Now this is where things get really interesting. For your next prompt, type something like this:
Okay, do it all over again but in Japanese.
This follow-on prompt demonstrates several powerful features of Generative AI solutions like ChatGTP. Just like a real person, AI can remember context. It remembers the previous query you had and the resulting output, which you can follow-up on. This is just like a normal conversation with a real person. The second thing is ChatGPT is not limited to just English but understands and translates into almost any language, and it does it surprisingly well. Remember, Generative AI solutions like ChatGPT learn from billions of conversations of regular people, so it can translate and replicate normal conversations.
Some Additional Tips
As you begin your path in prompt engineering, here are a few more tips.
- Spelling: Try to keep your spelling as accurate as possible. While AI solutions are good at inferring what you mean, the more spelling mistakes you make the more likely the output will be distorted or wrong. Many AI solutions have auto-correct solutions built in to help you.
- Be Specific: Treat ChatGPT as a trusted and very patient friend. The more detailed and explicit you are, the more likely you will get useful results that you can act on.
- Follow-up: If you don’t find the output helpful, follow-up with more questions and more detailed prompts. Remember, AI maintains context of the discussion.
- Emotionless: At times I feel like I’m interacting with a real human, and I hold back, not wanting to overwhelm the AI solution (especially when creating long or demanding prompts). I have to remind myself that I’m working with technology and not a person; I can be as demanding as I want in my prompts.
The folks at OpenAI have a fantastic tutorial on the six strategies (with detailed examples) of how to create more effective prompts. If you are a more visual person, Microsoft Bing has a list of examples for prompts.
In future posts I’ll go into far greater detail with examples of prompts you can use in accelerating your Security Awareness, Culture and Human Risk Management programs, including how to create, review, and improve newsletters and infographics, generate engagement plans leveraging marketing frameworks, identify key behaviors and mapping them to behavior models, create full-blown project plans and business cases, analyze slides, graphs or images, etc. However, before all of that, in the next post I would like to first cover the gotchas of Generative AI, to include legal, security, and reliability issues.