AI Types and Techniques for Cybersecurity

Welcome to Day 1 of your CompTIA SecAI+ preparation. Before you can defend AI systems or leverage them for security operations, you need a solid understanding of what these systems actually are, how they work, and where their vulnerabilities originate. This lesson maps directly to CY0-001 Objective 1.1 and establishes the foundational vocabulary and concepts you will use throughout the rest of this course. Every attack technique, every defense strategy, and every governance framework you encounter later builds on the distinctions we draw today between different types of AI, their training methods, and the architectural choices that shape their risk profiles.

Understanding the AI taxonomy is critical for the SecAI+ exam because different categories of AI carry fundamentally different risk profiles. At the broadest level, Artificial Intelligence (AI) refers to any system designed to perform tasks that typically require human intelligence. This umbrella term covers everything from simple rule-based expert systems to the most advanced generative models.

Machine Learning (ML) is a subset of AI in which systems learn patterns from data rather than following explicitly programmed rules. ML models improve their performance on a task as they are exposed to more data. From a security standpoint, this data dependency is the single most important characteristic of ML — it means that whoever controls the training data has significant influence over the model's behavior.

Deep Learning (DL) is a further subset of ML that uses neural networks with multiple layers (hence "deep") to learn hierarchical representations of data. Deep learning enables models to process raw inputs like images, audio, and text without extensive manual feature engineering. The complexity of deep learning models makes them powerful but also more opaque, creating challenges for explainability and auditability — two properties that security teams increasingly require.

Natural Language Processing (NLP) is the branch of AI focused on enabling machines to understand, interpret, and generate human language. NLP powers chatbots, sentiment analysis, document classification, and the large language models that have transformed cybersecurity operations. For security professionals, NLP is both a tool (for analyzing threat intelligence reports, parsing logs, and detecting phishing) and an attack surface (through prompt injection, social engineering augmentation, and data exfiltration via conversational interfaces).

Generative AI refers to models that create new content — text, images, code, audio, or video — rather than simply classifying or predicting. Generative AI includes Large Language Models (LLMs) like GPT and Claude, image generators like Stable Diffusion, and code generators like Copilot. The security implications of generative AI are profound: these systems can produce convincing phishing emails, generate malware, create deepfakes, and synthesize realistic but entirely fabricated data.

Transformers are the neural network architecture that underpins virtually all modern LLMs. Introduced in the 2017 paper "Attention Is All You Need," transformers use a mechanism called self-attention to weigh the importance of different parts of the input when producing each part of the output. This architecture processes input in parallel rather than sequentially, enabling the training of models on massive datasets. Understanding transformers matters for security because the attention mechanism determines what information the model focuses on — and attackers exploit this by crafting inputs that manipulate attention patterns.

Generative Adversarial Networks (GANs) consist of two neural networks — a generator and a discriminator — that are trained in opposition to each other. The generator creates synthetic data while the discriminator tries to distinguish real data from generated data. Over time, the generator produces increasingly convincing outputs. GANs are the technology behind many deepfake tools and can also be used to generate adversarial examples that fool other ML models. Security teams must understand GANs both as a threat vector and as a defensive tool (for example, using GANs to generate synthetic training data for anomaly detection systems).

The distinction between Large Language Models (LLMs) and Small Language Models (SLMs) is a high-priority exam topic because the choice between them has direct security consequences. LLMs like GPT-4 and Claude contain hundreds of billions of parameters and are trained on vast, diverse datasets scraped from across the internet. SLMs typically contain fewer than 10 billion parameters and are often trained on more focused, domain-specific datasets.

LLMs offer superior performance on general tasks and can handle a wide range of queries without fine-tuning. However, their size creates several security concerns. First, the breadth of their training data means they may have memorized sensitive information — API keys, personal data, proprietary code — that can potentially be extracted through careful prompting. Second, their massive computational requirements typically mean they run on cloud infrastructure, introducing third-party risk and data sovereignty concerns. Third, their general-purpose nature makes them harder to constrain, increasing the attack surface for prompt injection and jailbreaking.

SLMs trade general capability for efficiency and control. Because they are smaller, they can run on-premises or even on edge devices, reducing data exposure to third parties. Their narrower training data means less risk of memorized sensitive information leaking. Their focused nature makes it easier to define and enforce behavioral boundaries. However, SLMs are more prone to hallucinations on topics outside their training domain and may require more careful fine-tuning to achieve acceptable performance.

From a data exfiltration perspective, SLMs have a significantly reduced risk compared to LLMs. An SLM trained only on internal HR documents cannot leak information about your network architecture because it simply does not have that knowledge. An LLM with broad training data and access to multiple organizational systems presents a much larger exfiltration surface. This distinction is critical for the exam — the scope of potential data exposure is directly proportional to the scope of the model's training data and connected systems.

The way a model is trained determines its capabilities, its biases, and its vulnerabilities. The SecAI+ exam expects you to understand the core training paradigms and their security implications.

Supervised learning trains models on labeled datasets — each input is paired with the correct output. The model learns to map inputs to outputs by minimizing the error between its predictions and the known labels. Security relevance: supervised learning is only as trustworthy as its labels. If an attacker compromises the labeling process (a form of data poisoning), the model will learn incorrect mappings. For example, a supervised malware classifier trained on data where certain malware samples are mislabeled as benign will fail to detect those malware families in production.

Unsupervised learning trains models on unlabeled data, asking them to discover patterns, clusters, or structures on their own. Common applications include anomaly detection, clustering, and dimensionality reduction. Security relevance: unsupervised models are particularly vulnerable to data distribution attacks where an adversary gradually shifts the statistical properties of the input data so that malicious behavior falls within the "normal" cluster. Because there are no labels to serve as ground truth, detecting this drift is more challenging.

Reinforcement learning (RL) trains models through trial and error, rewarding desired behaviors and penalizing undesired ones. The model (called an agent) interacts with an environment and learns a policy that maximizes cumulative reward. Security relevance: RL is used in Reinforcement Learning from Human Feedback (RLHF), a key technique for aligning LLMs with human values and safety guidelines. If the reward model is compromised — through biased feedback, corrupted reward signals, or adversarial manipulation of the feedback loop — the resulting model may behave unpredictably or dangerously.

Fine-tuning takes a pre-trained model and continues training it on a smaller, task-specific dataset. Fine-tuning is how organizations customize general-purpose models for their specific use cases. Security relevance: fine-tuning is both a security control (you can fine-tune a model to refuse harmful requests) and an attack vector (an attacker who gains access to the fine-tuning pipeline can inject malicious behaviors that persist through subsequent updates).

Transfer learning is the broader concept of applying knowledge gained from one task to a different but related task. Fine-tuning is the most common form of transfer learning. The security implication is that vulnerabilities in the base model can transfer to all downstream fine-tuned variants. A poisoned foundation model compromises every application built on top of it — a supply chain risk that is difficult to detect and remediate.

Several technical training concepts appear on the SecAI+ exam because they affect model security, reliability, and deployment characteristics.

An epoch is one complete pass through the entire training dataset. Models are typically trained for multiple epochs, with each pass refining the model's parameters. Too few epochs result in underfitting — the model has not learned the patterns in the data adequately. Too many epochs cause overfitting — the model memorizes the training data rather than learning generalizable patterns. Overfitting is a security concern because an overfit model may memorize sensitive training data (such as PII or credentials) and reproduce it verbatim when prompted in a specific way. The number of epochs is a hyperparameter that must be carefully tuned.

Pruning is the process of removing unnecessary parameters (weights or neurons) from a trained model without significantly degrading performance. Pruning reduces model size, inference time, and computational cost. From a security perspective, pruning can actually improve robustness in some cases by removing redundant pathways that adversarial inputs exploit. However, aggressive pruning can reduce a model's ability to handle edge cases, potentially creating blind spots that attackers can exploit. Pruning is essential for deploying models on resource-constrained devices (edge computing, mobile), where the smaller attack surface of an on-device model may outweigh the performance trade-offs.

Quantization reduces the numerical precision of a model's parameters — for example, converting 32-bit floating-point weights to 8-bit integers. Like pruning, quantization makes models smaller and faster, enabling deployment on edge devices and reducing infrastructure costs. The security trade-off is that quantization introduces small numerical errors that can change model behavior in subtle ways. In safety-critical applications, these subtle changes could cause a model to misclassify inputs near decision boundaries. For the exam, remember that both pruning and quantization are model compression techniques that enable edge deployment but may alter the model's security properties.

These concepts matter for security professionals because they determine where and how a model can be deployed. A model that requires a large GPU cluster must run in the cloud, introducing cloud security considerations. A pruned and quantized model can run on a laptop or embedded device, changing the threat model entirely — it may be more susceptible to physical access attacks but less susceptible to network-based data exfiltration.

The transformer architecture deserves special attention because it is the foundation of every major LLM and, by extension, the foundation of most AI-related security threats and defenses in the current landscape. Understanding how transformers work helps you understand why certain attacks succeed and how to defend against them.

At the core of the transformer is the self-attention mechanism. When processing a sequence of tokens (words or sub-words), self-attention allows each token to "attend to" every other token in the sequence. The model learns which tokens are most relevant to each other, assigning higher attention weights to more relevant relationships. For example, in the sentence "The server crashed because it ran out of memory," the attention mechanism helps the model understand that "it" refers to "the server" and that "memory" relates to "crashed."

The context window is the maximum number of tokens a transformer can process at once. This is a fixed architectural limit — a model with a 128,000-token context window cannot consider information beyond that boundary. Security implications of context windows include: sensitive information placed within the context window is accessible to the model and could be leaked; context window limits affect how much organizational data can be processed in a single request; and attackers can craft inputs that fill the context window with adversarial content, pushing legitimate instructions out of the model's attention.

Multi-head attention allows the model to attend to information from different representation subspaces simultaneously. Think of it as multiple attention mechanisms running in parallel, each focusing on different types of relationships in the data. This parallelism is what gives transformers their remarkable ability to understand complex language — and what makes them difficult to interpret and audit from a security standpoint.

The key takeaway for security professionals is that the attention mechanism determines what information the model considers most important. Prompt injection attacks work by inserting content that attracts disproportionate attention, overriding legitimate instructions. Understanding this mechanism is essential for designing effective prompt-level defenses and for evaluating the robustness of AI systems against adversarial inputs.