To address data scarcity, high annotation costs, and concept drift—key challenges degrading classifier performance in security-domain machine learning—this paper proposes Nimai, a novel generative AI framework enabling fine-grained, controllable synthetic data generation. Nimai integrates few-shot learning with concept drift adaptation, leveraging six advanced generative strategies to augment training data. Evaluated across seven representative security classification tasks, it demonstrates: (i) up to 32.6% improvement in classification accuracy using only ~180 real samples; (ii) superior performance over state-of-the-art baselines under extreme few-shot settings (5–20 samples per class); and (iii) rapid adaptation to post-deployment concept drift. This work pioneers the first systematic investigation of controllable generative data augmentation for security classification, establishing both a scalable toolkit and empirical foundation for building robust models in low-resource, dynamically evolving security environments.

Machine learning-based supervised classifiers are widely used for security tasks, and their improvement has been largely focused on algorithmic advancements. We argue that data challenges that negatively impact the performance of these classifiers have received limited attention. We address the following research question: Can developments in Generative AI (GenAI) address these data challenges and improve classifier performance? We propose augmenting training datasets with synthetic data generated using GenAI techniques to improve classifier generalization. We evaluate this approach across 7 diverse security tasks using 6 state-of-the-art GenAI methods and introduce a novel GenAI scheme called Nimai that enables highly controlled data synthesis. We find that GenAI techniques can significantly improve the performance of security classifiers, achieving improvements of up to 32.6% even in severely data-constrained settings (only ~180 training samples). Furthermore, we demonstrate that GenAI can facilitate rapid adaptation to concept drift post-deployment, requiring minimal labeling in the adjustment process. Despite successes, our study finds that some GenAI schemes struggle to initialize (train and produce data) on certain security tasks. We also identify characteristics of specific tasks, such as noisy labels, overlapping class distributions, and sparse feature vectors, which hinder performance boost using GenAI. We believe that our study will drive the development of future GenAI tools designed for security tasks.