Basic AI Concepts
Related to Cybersecurity

This is the core vocabulary of the exam — expect scenario questions that describe a behavior and ask you to name the technique.

Core Types

• Generative AI — creates new content (text, images, code, audio) by learning patterns from training data.
• Machine learning / statistical learning — algorithms that learn patterns from data; statistical learning emphasizes probability-based models.
• Deep learning — ML using multi-layer neural networks to model complex, non-linear patterns.
• Transformers — the neural network architecture using "attention" to weigh relationships between tokens; the foundation of modern LLMs.
• NLP, LLMs & SLMs — Natural Language Processing lets systems understand/generate language; Large Language Models are massive transformer-based models; Small Language Models are lighter-weight, efficiency-tuned versions.
• GANs — Generative Adversarial Networks: a generator and discriminator compete to produce realistic synthetic data (and deepfakes).

Learning Paradigms

• Supervised learning — trains on labeled data.
• Unsupervised learning — finds patterns in unlabeled data.
• Reinforcement learning — improves via reward/penalty feedback.

Model Tuning Vocabulary

• Validation — testing performance on held-out data.
• Fine-tuning — further training a pre-trained model on specific data.
• Epoch — one full pass through the training dataset.
• Pruning — removing unnecessary parameters to shrink a model.
• Quantization — reducing numeric precision to speed up / shrink a model.

• Roles — system prompts set behavior/boundaries; user prompts are the actual request; assistant is the model's reply.
• Zero-shot — no examples given, model responds from instructions alone.
• One-shot / multi-shot (few-shot) — one or several examples are provided to guide format and quality.
• Prompt templates — standardized, reusable prompt structures that ensure consistent output and reduce prompt-injection risk.

• Cleansing — removing errors/noise from data.
• Verification — confirming data accuracy.
• Lineage — tracking a dataset's origin and transformations.
• Integrity — ensuring data hasn't been tampered with.
• Provenance — documented history/source of the data.
• Augmentation & balancing — expanding/adjusting training data to reduce bias and cover edge cases.
• Structured / semi-structured / unstructured data — tables/databases, JSON/XML, vs. free text/images/audio.
• Watermarking — embedding identifiable markers in AI-generated content or training data to track origin.
• RAG (Retrieval-Augmented Generation) — combines an LLM with an external knowledge source using embeddings (numeric meaning vectors) stored in a vector database for retrieval at query time.

Know this sequence — sequencing questions are common:

• 1. Align to use case & corporate objectives — define the problem and acceptable risk first.
• 2. Secure collection & preparation — apply the data security concepts above.
• 3. Model selection & evaluation — choose and test models against requirements.
• 4. Deployment & validation — release with controls in place; validate production behavior.
• 5. Monitoring & maintenance — ongoing observability (expanded heavily in Domain 2).
• 6. Feedback & iteration — human-in-the-loop review, oversight, and continuous validation.

Where AI Helps (previewed here, expanded in Domain 3)

• Threat detection, anomaly detection, and automating repetitive security analysis.

AI-Driven Threats to Know

• Automated / AI-generated phishing — highly personalized, grammatically flawless phishing at scale.
• Polymorphic malware — AI-generated malware variants that constantly change signatures to evade detection.
• Adversarial machine learning — deliberately crafted inputs designed to fool ML models.
• Malicious use of generative AI — deepfakes, synthetic identities, automated social-engineering content.