Key Findings from Cisco's Research
Cisco Talos tested AI models (ChatGPT, Claude, Gemini) to assess their ability to generate technical cybersecurity reports. The results revealed:
- Visually polished but factually flawed documents: Reports appeared professional but contained errors and contradictory recommendations.
- Inconsistent outputs: Identical input data produced varying conclusions, such as recommending full password resets versus targeted actions.
- Formatting instability: Document structure changed with each query, violating professional standards.
Why AI Fails in Cybersecurity Reporting
- Probabilistic nature of LLMs: AI predicts the next word based on statistical weights, not contextual understanding.
- Unreliable decision-making: Models may fixate on the first generated recommendation regardless of quality.
- Context window limitations: Exceeding input size causes critical data to be discarded, leading to incomplete analysis.
Industry Implications
Cisco warns that AI automation in cybersecurity requires human oversight. Generated reports often repeat irrelevant suggestions or fail practical application. This is critical in a field where errors can lead to data breaches and financial losses.
Cisco's Recommendations
- Use AI for generating specific report sections, not full documents.
- Manually verify all AI-generated recommendations.
- Develop standardized workflows for AI integration in professional environments.