🔒

Agentic AI Impact on Cybersecurity (part 2 of 3)

May 12, 2025

Defend Your Time Podcast: Agentic AI in Security Operations

Introduction

  • Host: Chris Taylor
  • Guest: Iris Saaka, Lead Data Scientist at Anue
  • Topic: Agentic AI in Security Operations
  • Objective: Understand the application of agentic AI in enhancing security operations

Background on AI Agents

Definition

  • Agentic AI: Systems capable of making independent decisions to achieve a goal.
  • Historical Context:
    • Originated in the 1960s, gained popularity in the 80s and 90s.
    • Initially programmed to emulate human decision-making using rules.

Limitations of Early Systems

  • Knowledge Acquisition Problem: Difficult and labor-intensive to encode expert knowledge.
  • Performance Issues: Computational tasks were time and resource-consuming.

Modern Advances

  • Introduction of Transformer deep learning architectures by Google.
  • Development of large language models (LLMs) like GPT models, enabling vast knowledge encoding.
  • Emergence of AI agents capable of sophisticated reasoning and iterative planning.

Properties of AI Agents

  • Objective-Oriented: Unlike classic applications, AI agents are given objectives rather than detailed coded instructions.
  • Sensory Input Utilization: Can analyze diverse inputs like text, image, video, etc.
  • Adaptive Response: Capable of dynamic re-planning and learning from feedback.
  • Autonomous Action: Execute actions without human intervention.

Building AI Agents

Design Principles

  1. Reflection:

    • Automate self-criticism.
    • Enable models to spot and correct their own errors.

  2. Tool Use:

    • Provide models access to tools (e.g., web search, email).
    • Prompt models to use appropriate tools for tasks.

  3. Planning:

    • Enable models to create and execute multi-step plans.
    • Allow models to decompose complex tasks into simpler steps.

  4. Multi-Agent Collaboration:

    • Assign specific roles to models for task specialization.
    • Facilitate collaboration among models to enhance problem-solving.

Application in Security Operations

  • Challenge: Automating work of tier one and tier two security analysts.
  • Flexible and Adaptive Systems: Unique incidents require dynamic and adaptable responses.

Anue’s Implementation

  • AI Agent for Incident Investigation: Uses LLMs and design principles to plan and execute investigations.
  • Reduces Time to Respond: Automates investigation, reducing manual effort and enhancing efficiency.

Key Success Factors

  • Integration with Customer Environments: Access to diverse data sources and logs.
  • Leveraging Past Knowledge: Utilize historical incident data for learning and planning.
  • Expert Feedback: Continuous feedback from security experts to improve system performance.

Conclusion

  • Future Prospects: Exciting advancements in security operations utilizing AI.
  • Benefits: Enhances efficiency, reduces analyst burnout, and improves incident response.

Personal Note

  • Iris Saaka: Enjoys skiing and playing tennis, now spends time playing board games with her children.

This episode highlights the evolution and application of agentic AI in security operations, focusing on how these systems can enhance efficiency and effectiveness in dealing with complex security challenges.

Full transcript