Generative AI is everywhere these days \u2013 in the media, at the RSA conference, in vendor announcements. It seems like everyone associated with the supply side of cybersecurity is talking about generative AI, but not the demand side. Cybersecurity pros remain skeptical and most CISOs I speak to have no immediate plans for implementation.\n\nWhat\u2019s going on here? Cynical cybersecurity professionals have heard similar \u201csilver bullet\u201d stories before. Remember the \u201cIDS is dead, IPS is the new standard,\u201d prediction in the early 2000s? How about the big push for network access control (NAC) around 2006 or the buzz around user and entity behavior analysis (UEBA) in the 2015-2016 timeframe? Heck, even recent XDR gaga has created more end-user confusion than a new robust market.\n\nTo be fair, generative AI is in its infancy and a lot of announcements referred to products that remain in beta. Given this, it\u2019s understandable that many CISOs are taking a wait-and-see approach, but I do notice some CISOs sorting through the rhetoric and thinking about use cases where generative AI can lead to real improvement.\n\nGenerative AI\u2019s threat intelligence potential\n\nAllow me to add my two cents to this thought process. Generative AI has real potential to help organizations improve the efficacy and efficiency of their threat intelligence programs.\n\nWhy focus on cyber-threat intelligence (CTI)? Because more and more organizations realize they need a threat intelligence program, but establishing, managing, and gaining benefits from threat intelligence can be difficult. For example, ESG research reveals that 72% of enterprise organizations (i.e., more than 1,000 employees) find it hard to sort through CTI noise to find relevant information while 63% of firms admit they don\u2019t have the right staff size or skills to develop an appropriate CTI program. Little wonder then that 82% of organizations assert that their CTI program is often treated as an academic exercise where intel reports don\u2019t provide value or help guide risk mitigation decisions.\n\nCan generative AI help here? Yes. In another research question, ESG asked 380 cybersecurity professionals to identify their top threat intelligence program challenges. Here are some of the top challenges identified along with some analysis on how generative AI could help:\n\nSeveral threat intelligence providers including Cybersixgill, Mandiant, Microsoft, and Recorded Future have announced generative AI support for their CTI products and services. Many, many others will follow soon.\n\nGenerative AI myths\n\nIn closing, let me sort through some myths about generative AI. It won\u2019t replace threat analysts or make automation decisions on its own, but it can act as a helper app for understaffed and overworked threat intelligence analysts or those lacking advanced skills. This should be welcome news to CISOs. ESG research indicates that 98% of enterprises plan to increase spending on threat intelligence in 2024, so clearly, they need help. Therefore, CISOs should figure out how generative AI fits into their CTI program investments as a means toward helping them gain tactical, operational, and strategic CTI benefits.