AI Shaping the Frontlines of Cybersecurity: Rachel James’ Insights on Embedding Ethics at Scale
The realm of cybersecurity is currently embroiled in a significant evolution, with artificial intelligence (AI) serving as the primary armament in this modern conflict. AI presents a formidable duality: a robust defensive barrier for safeguards and a potent new weapon for malicious actors. Navigating this intricate battlefield demands a steady hand and an intimate knowledge of both technology and the individuals who may exploit it.
To gain insight from the front lines, we spoke with Rachel James, Principal AI Machine Learning Threat Intelligence Engineer at global biopharmaceutical company AbbVie.
“Beyond the integrated AI enhancements that our current tools offer, we also employ large language models to analyze our detections, observations, correlations, and associated rules,” James elucidates.
James’ team utilizes large language models to comb through a colossal volume of security alerts, identifying patterns, eliminating duplicates, and exposing vulnerabilities in their defenses before an attacker can exploit them.
“We utilize this for determining similarity, duplication, and providing gap analysis,” she adds, noting that the next phase involves integrating even more external threat data. “Our goal is to strengthen this with the incorporation of threat intelligence in our subsequent phase.”
At the heart of this operation lies a specialized threat intelligence platform called OpenCTI, which assists them in constructing a cohesive understanding of threats amidst a cacophony of digital noise.
AI serves as the catalyst that enables this comprehensive cybersecurity initiative, transforming disparate, unstructured text into a standard format known as STIX. The overarching vision, James says, is to leverage language models to connect this core intelligence with all facets of their security operation, from vulnerability management to third-party risk.
Harnessing this power, however, necessitates caution. As a key contributor to a major industry initiative, James is acutely cognizant of the potential pitfalls.
“I would be remiss if I didn’t mention the work of a remarkable group of individuals I am affiliated with – the ‘OWASP Top 10 for GenAI’ as a foundational means of understanding vulnerabilities that GenAI can introduce,” she states.
Beyond specific vulnerabilities, James highlights three fundamental trade-offs that business leaders must grapple with:
To bolster a robust cybersecurity posture in the AI era, one must comprehend one’s adversary. This is where James’ extensive expertise lies.
“This is actually my area of expertise – I have a cyber threat intelligence background and have conducted extensive research into threat actor’s interest, use, and development of AI,” she underscores.
James monitors adversary dialogue and tool development through open-source channels and her own automated collections from the dark web, sharing her findings on her cybershujin GitHub. Her work also encompasses hands-on experimentation.
“As the lead for the Prompt Injection entry for OWASP, and co-author of the Guide to Red Teaming GenAI, I also devote time to developing adversarial input techniques myself and maintain a network of experts in this field,” James explains.
These insights offer intriguing implications for the industry’s future. For James, the path forward is clear. She points to a striking parallel she discovered years ago: “The cyber threat intelligence lifecycle bears a striking resemblance to the data science lifecycle foundational to AI ML systems.”
This synergy presents a significant opportunity. “Without question, in terms of the datasets we can work with, defenders have an unprecedented chance to leverage the power of intelligence data sharing and AI,” she affirms.
Her final message offers both encouragement and a warning for her peers in the cybersecurity community: “Data science and AI will be an integral part of every cybersecurity professional’s future; embrace it.”
Rachel James will share her insights at this year’s AI & Big Data Expo Europe in Amsterdam on 24-25 September 2025. Be sure to attend her day two presentation on ‘From Principle to Practice – Embedding AI Ethics at Scale’.
Additional reading: Google Cloud introduces an AI ally for security teams
