Upcoming Pandora FMS Workshop: July 16. More information →

Generative AI in IT: what it is, types, use cases, and applications in cybersecurity

Today we’re tackling a hot topic that most people have more opinions than actual knowledge about: Generative artificial intelligence and its use in IT management and cybersecurity.
Like it or not, generative AI has leapt from the pages of science fiction into our daily lives, with promises such as boosting productivity, handling tedious tasks, and helping manage an increasingly complex technological and security context.
That’s why we’ll go over the essentials: what it is, the types of AI you may find, its applications in IT management, and its potential benefits… But we’ll also analyze the risks and limitations hidden beneath all the marketing and noise around the topic.

Why is generative AI transforming IT management?

Even though Skynet remains fiction (for now), it’s undeniable that generative AI is changing the daily routines of CISOs, IT managers, and service managers.
Its relevance, moreover, cuts across many areas:

  • In ITSM, for instance, it may automate and customize user interactions.
  • In cybersecurity, it may simulate attacks, analyze patterns, and proactively detect threats.
  • In general IT infrastructure management (on-premise and cloud), it may optimize resources and predict failures, for example.

So, whether we like it or not, the AI train has arrived at the station—and while not everything that glitters is gold (a sensible stance), ignoring a train coming our way is never a good strategy.
Let’s begin by understanding the foundations of the house.

What is generative AI and how does it work?

Generative AI is a branch of artificial intelligence that specializes in content creation in the form of text, images, code, audio… This is possible thanks to learning from large volumes of data during its training.
It represents another step toward the eternal Trekkie promise of a world where machines do the heavy lifting while we paint and write poetry—except now the AI writes and paints, while we keep clocking in.
This marks another evolutionary stage within the main types of AI, which are:

  • Traditional AI (or Analytic AI): Focused on analyzing and classifying data, identifying patterns to make decisions (for example: a recommendation system or a spam classifier). The advantage is a greater analytical capacity compared to what humans can do by other means, being able to handle much more data and detect patterns that would go unnoticed.
  • Predictive AI: Uses history data to predict future outcomes or possible events (for example: predicting server load or an imminent hard drive failure).
  • Generative AI: Goes a step further by using acquired knowledge to generate new artifacts based on its training data (for example: drafting a ticket response, generating a mitigation script, or creating code to interact with an API).

This generative AI works based on several key principles:

  • LLM (Large Language Models): These are large-scale language models, like GPT-4 or LLaMA, trained on massive amounts of data. Thanks to this, they may generate contextually relevant language and code (e.g., chatting with a user based on their input).
  • RAG (Retrieval-Augmented Generation): This technique allows Large Language Models to search new information beyond what they were trained on. For example, we can provide them with private company documentation or allow them to search the web to enrich their knowledge and provide better answers.
  • Multimodality: The ability of a generative model to understand and create content across different modalities, such as text, images, and/or audio. For instance: a multimodal model could analyze a provided image to mimic its style or examine a performance chart and generate an explanatory text report.

What are the main types of generative AI and what are their applications in IT management?

Not all generative AIs are the same, nor do they work in the same way. Similarly, what they generate does not have the same usefulness when it comes to potentially helping us in IT management.
Let’s take a look at the multiple types and their usefulness in our daily work.

Transformer Models (GPT and other LLMs)

When on August 31, 2017 Google researchers published their paper on Transformer (a novel neural network architecture for “understanding” language), they probably didn’t anticipate the whirlwind that would be unleashed by the flap of that butterfly’s wings.
Since then, the “understanding” (note the quotation marks) of language by these models is not only written language but also extends to audio and images.
To do this, they analyze input segments in parallel through mechanisms called attention, assigning importance based on mathematical similarity calculations (or attention weights). From there, they provide a response according to the request.

How can it help us in IT?

In many ways, as this type of AI is the one with the most direct applications in an IT manager’s job.
It can help us with:

  • Automating responses to ITSM tickets.
  • Using chatbots as a first line of support for simple questions. That way, we avoid repeating the classic “turn it off and on again,” without interrupting our Battlefield session during work hours.
  • Helping with code creation, if we have a specific doubt about how to do it. Maybe we forgot some CSS or a basic syntax. For complex or large-scale code… Well, at the time of writing this (because no one can predict this kind of evolution), it depends on how much you enjoy the purgatory of endless debugging.
  • Generating synthetic data for internal applications or to fill the web design we’ll present to management, since they said it wasn’t professional to use Chiquito Ipsum…
  • Designing and improving architectures, giving us clues on how to optimize our IT infrastructure.
  • Analyzing logs and large data volumes. This can lead to possible optimizations and predictions such as network usage, CPU spikes… However, they’re not the best tool, and it’s better to use more classic machine learning and SIEMs like Pandora, which feature specialized AI for these tasks that is not generative.

As many readers may have already noticed, some of the most interesting applications are in cybersecurity, such as:

GAN (Generative Adversarial Networks)

These use two neural networks that compete against each other. One is a generator that creates fake data, and the other is a discriminator that tries to distinguish between real and fake data.
This competition enables improvement.

How can it help us in IT?

In several ways, with interesting applications in cybersecurity:

  • For example, with synthetic data to train intrusion detection systems without risking real sensitive data. The generator creates fake malicious network traffic indistinguishable from the real thing, training and improving the detection system (which here would be the discriminator). This is complex in practice and probably not worth the effort in many cases, but it’s not technically impossible.
  • Creating synthetic malware, although differently from how an LLM would do it. With its adversarial approach and good data, it could create malware variants that try to trick the system—helping us vaccinate against such attacks.

VAE (Variational Autoencoders)

These are models that learn a compressed and possible representation of input data. With that, they may generate new instances that are variations of the original data.

How could it help us in IT?

Here we are stretching it and trying to use tools in IT management that aren’t the most appropriate.
Still, a VAE could learn the normal representation of a server’s CPU usage. Based on that, any significant deviation from this representation could be marked as a potential anomaly, indicating a DDoS or hardware failure.
However, I insist, this is not the right tool, and classic Machine Learning will perform much better here.

Diffusion Models

These are often known for image generation (like Stable Diffusion), and they work by gradually adding noise to training data. Then they learn to reverse the process and generate new data from the noise.

How could it help us in IT?

Again, diffusion models are not the most useful for the daily Sisyphus grind of IT management, but they could help generate synthetic data to test SIEMs, for example.
However, other types of AIs, like LLMs, are far more suitable for these tasks.

What benefits does generative AI bring to IT management?

Considering the above, it’s clear that if AI can be correctly integrated into our work processes, we could obtain potential benefits such as:

  • Operational efficiency and lower costs: Automating repetitive tasks frees IT teams to focus on higher-value challenges. It also has potential to reduce resolution times (MTTR) and operating costs.
  • Possible improvement in Support processes: Thanks to 24/7 availability and faster response. If AI is competent at solving simple issues, it could increase user satisfaction and support productivity.
  • Better decision-making: If AI may perform solid analysis of complex data, it could help make better decisions regarding infrastructure optimization, for example.

What risks and limitations does generative AI have in IT?

The previous section is filled with conditionals and terms like “possible” or “potential” for a reason. Because at the time of writing, generative AI still has significant limitations and risks.
Anyone who has deeply used this technology, or truly understands how it works, knows that in the complex day-to-day of real-world work, managing these risks is essential.
Otherwise, we’ll soon realize that not everything that glitters is gold, causing serious issues with severe consequences, due to…

Bias and hallucinations

This is crucial and must be well understood, rather than blindly following marketing or the countless self-proclaimed gurus popping up like mushrooms.
Language models often generate incorrect or fabricated information (commonly referred to as “hallucinations”) and can perpetuate biases found in their training data.
And this is not solved by newer versions or “better” training.
Even OpenAI itself, creator of the famous ChatGPT, has finally admitted what any knowledgeable user already knew:
Hallucinations are mathematically unavoidable and a key feature of language models.
Therefore, they’re not engineering flaws — they are an essential and inevitable trait. A language model is like your overly confident uncle at Christmas: it cannot remain silent or say “I don’t know,” and you must be cautious about what it says or does.
For that reason, you may not assign it critical tasks without expert human oversight.
Here are a couple of serious IT risk examples:

  • A faulty automation script could cause a critical outage.
  • An audit or regulatory compliance report is generated with errors. This results in two dreaded papers: the massive fine for non-compliance and your severance package.

Privacy and compliance

Let me repeat: absolutely never assign a language model anything related to regulatory compliance without a review by an expert human.
Additionally, using public models may involve sending sensitive corporate data to an external environment, violating regulations like the GDPR.
It is critical to use private models or otherwise ensure data privacy.

Deepfakes and security

As often happens with powerful technologies, malicious actors are early adopters.
Thus, language models pose cybersecurity risks, such as:

  • Enhanced phishing attacks with more elaborate and persuasive messages.
  • Creation of new malware, evasion mechanisms, or the design of sophisticated attacks.
  • Image or audio deepfakes for crimes like impersonating employees or CEOs in social engineering attacks.

How to adopt generative AI in an IT company?

Given the above, how do we integrate generative AI to “not fall behind” without triggering disasters?
Three basic principles:

  • Be gradual, starting with limited pilot projects.
  • Be strategic. That is, aligned with our goals and how we achieve them (our culture), instead of forcing AI in just because it’s trendy or FOMO gets the better of us.
  • Apply expert human oversight.

So, some best practices for implementation would be:

  • Start with a pilot project: Choosing a specific use case, such as automating a particular type of ticket.
  • Apply RAG: Model training may not be enough. That’s why we should implement Retrieval Augmented Generation architectures as explained earlier, to base responses on the company’s internal and up-to-date knowledge base.
  • Human-in-the-Loop Validation: Ensure that AI outputs, especially in critical environments, are reviewed and approved by a human expert before execution.
  • Governance and Security: Define which models are used, for what purposes, and how we handle data.
  • Performance evaluation: Measure results with metrics such as: percentage of tickets automatically resolved, MTTR reduction, accuracy of generated alerts, etc.
  • Integration with ITSM and monitoring: Integrate generative AI with ITSM or monitoring systems like Pandora FMS to act as an intelligence layer over existing operations.

Use cases with Pandora FMS and Pandora SIEM

The AI capabilities of Pandora FMS and Pandora SIEM are specialized in analysis and correlation. However, it is true that when coordinated with generative AI, their native capabilities could be enhanced in ways such as:

  • Monitoring and observability: Since Pandora FMS collects millions of metrics, generative AI can be used to create narrative summaries of system states, making the IT manager’s job easier.
  • Event correlation in security: During a cyberattack, Pandora SIEM receives hundreds of alerts. A generative AI engine could generate a consolidated narrative report clearly specifying the actions to taken.
  • Automation in ITSM: By connecting with the ITSM module, an error ticket makes possible for the user to try a possible solution, without human intervention. Generative AI can handle user interaction and even request ticket closure if it verifies the issue is solved. It can also assist the technician with possible solutions to try if the issue persists.

What is the future of generative AI in IT?

We all love to play fortune-teller, but true experts in this field, when asked to predict the future of AI, often reply: “I don’t know.”
That’s the honest answer, and it should be said more often.
But these days that attitude is punished, and emerging trends point to a deeper and more autonomous integration through:

  • Specialized autonomous agents: Not only generating responses, but planning and executing complex sequences of actions (e.g., completely solving an incident autonomously).
  • Multimodality in operations: A model analyzing an error log (text), a performance chart (image), and a latency metric (time series) simultaneously could provide a unified diagnosis.
  • Integration with AIOps: Generative AI will become the narrative and operational brain of AIOps platforms, explaining root causes of incidents and automating context-aware responses. Like the computer on the Enterprise.

Regardless of the future, generative AI is not just another productivity tool, but (pardon the cliché) a paradigm shift.
Its future lies in more efficient operations, proactive security, and optimized, resilient services.
For IT leaders, the challenge is no longer whether to adopt it, but how to do so in a safe, controlled, and strategic manner.
Starting with pilot projects, prioritizing integration with corporate knowledge, and ensuring human oversight of critical processes are key to leveraging its potential without generating unmanageable risks.

FAQs

Let’s summarize the key points we’ve seen through common questions.

What’s the difference between generative AI and predictive AI?

Predictive AI analyzes past data to predict future outcomes or probabilities (e.g., Server X has an 80% chance of failing within 72 hours).
Generative AI uses its training knowledge to create new content that didn’t exist before (e.g., Write a Python script to monitor Server X and prevent failure).

What are the main generative AI models?

The most relevant are:

  • Large Language Models (LLM) like GPT-4 for text and code generation. The most versatile for day-to-day IT use.
  • GANs (Generative Adversarial Networks) for generating synthetic data and images.
  • Diffusion Models mostly used for visual creation.
  • VAEs (Variational Autoencoders), potentially useful for generating synthetic data.

What risks does generative AI pose in cybersecurity?

Several, such as its potential to craft more convincing phishing attacks, deepfakes, new malicious code, or even design complex attacks.
Additionally, there’s a risk of sensitive data leaks if public models are used.

What benefits does it bring to ITSM and cloud?

In ITSM, it can automate and streamline ticket resolution, enhance user experience, and free teams for higher-value tasks.
In cloud environments, it can enable intelligent autoscaling, predict failures, and optimize costs and resources.

Pandora ITSM is a balance between flexibility, simplicity and power

And above all, it adapts to your needs.