Open-source large language models (LLMs) continue to revolutionize the cybersecurity landscape, serving as a strong catalyst for increasing innovation and enabling startups and established vendors alike to accelerate time-to-market.

From new generative AI applications to advanced security tools, these models are proving the foundation of the future of gen AI-based cybersecurity. Open-source models gaining traction in cybersecurity include Meta’s LLaMA 2. LLaMA 3.2, Technology Innovation Institute’s Falcon, Stability AI’s StableLM, and those hosted by Hugging Face, including BigScience’s BLOOM. All of these models are seeing growing adoption and use, thanks in large part to their greater cost-effectiveness, flexibility and transparency.

Cybersecurity software providers are facing a growing set of challenges related to governance and licensing while enabling their platforms to scale in response to the fast-moving nature of open-source LLM development. Designing an architecture that can quickly adapt and capitalize on the latest features that most recent open-source LLMs are providing is challenging.

Itamar Sher, CEO and co-founder of Seal Security, recently sat down with VentureBeat (virtually) to discuss the foundational yet evolving role of open-source LLMs in their operations. “Open-source LLMs enable us to scale security patching for open-source components in ways that closed models cannot,” he said.

The ability to scale models quickly is critical for companies like Seal, which use open-source components to ensure the rapid deployment of patches across different environments. He added that “open-source LLMs give us access to a community that continuously improves models, offering a layer of intelligence and speed that wouldn’t be possible with proprietary systems.”

Open-source LLMs’ growing importance in cybersecurity

Cybersecurity vendors have long relied on making their apps, tools and platforms proprietary to lock customers into a given solution, especially in the areas of threat detection and mitigation. VentureBeat is hearing there’s an intense backlash against this strategy, however, which is further accelerating open source LLM’s popularity.

Gartner’s Hype Cycle for Open-Source Software 2024 reflects the rising prominence of open-source LLMs, placing them at the peak of inflated expectations. This placement reflects what VentureBeat is hearing about a surge in interest and adoption across the cybersecurity vendor landscape and within enterprises.

Credit: Gartner, Inc. (2024, August 8). Hype Cycle for Open-Source Software, 2024 (ID: G00811366). Gartner, Inc.

The Hype Cycle shows that the maturity of open-source LLMs is still emerging, with market penetration between 5% and 20%. The plateau for this technology is predicted to be reached within the next two to five years, emphasizing its rapid growth and growing dominance in cybersecurity.

VentureBeat is seeing more cybersecurity startups capitalize on open-source LLMs’ customization flexibility and scale in their platform, apps and tool strategies. A widespread use case is fine-tuning models to address domain-specific needs, from enhancing real-time threat detection to improving vulnerability management.

Sher said, “By integrating open-source LLMs, we can customize models for specific threats and use cases, which allows us to remain agile and responsive to evolving cybersecurity challenges.”

Comparing the advantages and challenges of open-source LLMs

Open-source LLMs bring several advantages to cybersecurity systems development and operations, including the following:

Customization, scale and flexibility: One of the main drivers for adopting open-source LLMs that’s proving popular with cybersecurity companies standardizing on them is the ability to modify the models for specific use cases quickly. Seal Security’s integration of LLMs into its security platforms, apps, tools and services offerings illustrates how companies can use these models to streamline patch management processes across open-source components. John Morello, CTO and co-founder of Gutsy told VentureBeat in a recent interview that the open-source nature of Google’s BERT open-source language model allows Gutsy to customize and train their model for specific security use cases while maintaining privacy and efficiency.

Community collaboration: Open-source LLMs benefit from the fast-growing base of developer communities pushing their boundaries and scaling daily to solve complex cybersecurity challenges. These communities are setting a fast pace when it comes to continuous innovation, enabling companies, developers and universities to research to benefit from shared insights and improvements. Seal Security, for example, has aligned itself with MITRE’s CVE Numbering Authority (CNA) to enhance collaboration around open-source vulnerabilities.

Reducing vendor lock-in: Open-source models offer enterprises a way to avoid vendor lock-in, giving them more control over costs and reducing dependency on proprietary systems. VentureBeat is seeing this issue become a pivotal one that is core to the future of cybersecurity, with flexibility being the goal. Responding to threats fast and having a consistent approach to deploying patches is vital to cybersecurity’s future.

However, these benefits are not without challenges. Gartner notes in their research that open-source LLMs often require significant infrastructure investments, which can create long-term operational challenges for companies that lack well-funded and staffed in-house IT and security teams.

The licensing complexities associated with open-source models can present legal and compliance risks as well. Sher explained that “open-source models give us transparency, but managing their life cycles and ensuring compliance is still a major concern.”

Open-source LLMs’ cybersecurity contributions are growing

VentureBeat is seeing cybersecurity providers adopting open-source LLMs as core to their platforms, gaining a competitive advantage with their improvements in threat detection and response. Seal Security has been able to leverage open-source models for real-time detection and vulnerability management by integrating them into their security patching systems. According to Sher, “Our infrastructure is designed to quickly switch between different LLMs, depending on the threat landscape, ensuring that we stay ahead of emerging vulnerabilities.”

Gartner predicts that small language models or edge LLMs will see greater adoption across domain-specific applications led by cybersecurity. Edge LLMs, by definition, are decentralized closer to the data they need to analyze, which allows for faster processing and real-time threat detection.

Edge LLMs are designed to require less computational power, making them more manageable and less costly to train, which are ideal for cybersecurity use cases that require real-time speed and accuracy. By being able to function at the edge, these LLMs can rapidly detect threats in environments where latency is critical, such as IoT devices or remote systems.

Protecting against software supply chain attacks

Despite the growing number of contributions open-source LLMs are making, they also come with risks. A significant concern is the rising number of software supply chain attacks. Gartner’s Hype Cycle for Open-Source Software 2024 notes that open-source components have increasingly become targets for state-sponsored attacks. The mean age of vulnerabilities in open-source codebases is approximately 2.8 years, making it vital for companies to implement and keep current their patch management and governance systems.

Seal Security’s recent designation as a CVE Numbering Authority (CNA) is essential for the provider to play a more crucial role in reducing the risks of supply chain attacks. The company can now identify, document, and assign vulnerabilities through the CVE Program, contributing to improving the security of open-source code across the industry. Their partnership with MITRE further enhances this capability, allowing Seal to share findings with the broader cybersecurity community.

As Sher emphasized this collaboration helps enhance security for everyone using open-source software, reinforcing the company’s commitment to the protection of the global software ecosystem.

Looking ahead

Open-source LLMs are redefining the cybersecurity landscape for the better by reducing legacy lock-in from proprietary technologies and platforms. VentureBeat is seeing how quickly these models are advancing in terms of accessibility, quality, and speed, making them a viable alternative to proprietary systems.

For companies like Seal Security, the future lies in continuously evolving their open-source LLM capabilities to stay ahead of the ever-changing threat landscape. “We’re constantly evaluating new models and infrastructures to ensure we can provide the best security solutions for our clients,” Sher concluded.

“As I mentioned before, Felicia and I have known Vice President Harris for over 10 years and she has been a great friend to both of us during that time,” Horowitz wrote in an email to his venture capital firm obtained by Axios. “As a result of our friendship, Felicia and I will be making a significant donation to entities who support the Harris Walz campaign.”

I… listen. Two things. First, one of the most striking things about the podcast Horowitz made with his a16z co-founder Marc Andreessen was how focused both men were on who’d take their meetings. Their political commitments, in many respects, boiled down to who would spend face time with them. Near the end of the podcast, Horowitz told what was (I think?) supposed to be a heartwarming story about hanging out with Trump’s grandkids — and how his reaction to hearing about the assassination attempt on Trump was, “Oh my god, Grandpa just got shot.”

So, you know, the whole thing where Harris has been “a great friend” to both Horowitz and his wife checks out as a political position for him. In some respects, I get it. I, too, want to see my friends succeed!

But second, that crucial Trump endorsement was made before Joe Biden dropped out of the presidential race in favor of Harris, and before the enormous outpouring of support for the new Democratic candidate. That meant a16z had already sacrificed any leverage it might have with a Harris administration — and a candidate who made Trump look like less of a sure winner. In the case of a Harris win, these boys were looking at an entire four years without important meetings, and we already know they view that as a dreadful tragedy for the entire nation.

In order to regain any possibility of leverage in a potentially Democrat-led government, someone was going to have to eat humble pie, and it sure as shit wasn’t going to be Andreessen. Horowitz, whose support for Trump was termed a “Maga U-turn” by The San Francisco Standard, has a history of donating to progressive causes; Harris, then a senator, was even a guest at a Horowitz backyard barbecue in 2018.

“I’m just wondering what they’re gonna do when Kamala wins,” one founder told The San Francisco Standard of the a16z Trump endorsement. “Like, how do you walk that back?”

Well, I guess we know now. Horowitz’s email says that he’s had several conversations with Harris and her team — crucial to note here that he got to the candidate herself, given that access is apparently one of Horowitz’s main political concerns. And so while Horowitz still thinks President Joe Biden is no-good and very bad, he is “encouraged by my belief” in Harris to do good for tech, despite the fact that she has not yet staked out any policy positions.

Harris has sort of made overtures on what Horowitz termed “probably the most emotional topic” in the election: crypto. One of her campaign aides has said, “She’s going to support policies that ensure that emerging technologies and that sort of industry can continue to grow,” in response to a question about crypto.

Good morning! Let’s play Connections, the NYT’s clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need clues.

What should you do once you’ve finished? Why, play some more word games of course. I’ve also got daily Wordle hints and answers, Strands hints and answers and Quordle hints and answers articles if you need help for those too.

With cord-cutting at an all-time high, streaming services have become more important. Netflix, Max, Amazon, Prime Video, and Hulu offer countless hours of movies to watch with the push of a button. However, these services continue to raise prices, which doesn’t bode well for bank accounts.

YouTube, however, offers a wide selection of free movies. The movies are ad-supported, but that’s a fair trade-off compared to other streamers that cost north of $10 a month. If this is your first time using YouTube to watch movies, we have curated a special guide with recommendations for various genres. Check out our selections below.

Looking for more stuff you can watch for free? Check out our guides to the best free shows on YouTube and the best sites for watching free movies online. If you’re willing to pay, read these guides on the best new movies to stream and the best movies on Netflix.