hi you're listening to defend your time brought to you by anue I'm your host Chris Taylor this is the podcast where we help you get stronger security more value and fewer headaches out of your Microsoft security Investments and today I'm joined by Iris saaka to talk to us about agentic AI applied to security operations this is the second episode in a multi-episode series we're doing on agentic AI applied to se Ops leads the data science team she's the lead data scientist here at Anu she runs the AI team she's been working at the intersection of security and machine learning and AI for the past 15 years IR hold a PhD from the Swiss Federal Institute of Technology at Lan Iris thank you so much for being here today hello I'm very happy to be with you hi CHR in our last episode we spoke to toas hosman who is the chief technology officer at Anu um in that conver ation to has talked to us about the uh expanding gap between vulnerability and complexity in cyber security and the capacity of the overall security Workforce we talked about the evolution from deterministic to AI assisted all the way to agentic Ai and today irus is going to help demystify that so the topic of our conversation today is demystifying a gentic AI for SE Ops here is my first question for you you is what are AI agents yeah that's a very good question thanks okay so let's start with some definitions indeed so the adjective agentic or having agency describes a system that is able to make independent decisions in pursuit of a goal and agents it's not a New Concept in artificial intelligence they have actually appeared back in the 1960s they proliferated in the 80s and 90s and and they enjoyed quite some success in the beginning so the sys were were programmed to emulate the decision making ability of human experts by leveraging large bodies of human knowledge encoded into a series of rules they created a lot of optimism but indeed some inherent limitations and disadvantages they had those systems never allowed them to deliver the initial promise and expectations something we see maybe happening in our day so the main disadvantages of those systems were two first what we call Knowledge acquisition problem and Sally that means it is very difficult to obtain the expert knowledge in terms of rules it's very laborious a very tedious task right the second limitation of those early AI systems expert systems is their performance uh simple computational task could end up being very time and resource consuming now let's forward to recent years where we have witnessed a tremendous advancement many many aspects in the domain of AI the most prominent among those being the appearance of Transformer deep learning architecture introduced initially by Google which allowed researchers and people around the world to actually train large language mods on huge data sets and effectively encode vast amount of human knowledge with the with within only one model was a great success when we compared to what was happening back in the 80s and 90s where human experts had actually to encode all all this knowledge by hand then of course we saw the GPT models coming into the picture the the narrative pre-ra Transformer this llms introduced by open Ai and of course followed by other Foundation models like Cloud mistal llama and eventually the whole geni discipline just for some history um now today when we refer to an autonomous AI agent we refer to a system that essentially uses sophisticated reasoning and iterative planning to autonomously solve a very complex multi-step problem yeah the agents can execute staff they can tasks they can take decisions and that is all being done without requiring any direct human Intervention when we talk about sophisticated reason mean that certainly implies using foundational models in the heart of the system llms to achieve an objective but not only that as we will explain further okay so that's extremely helpful background so what are the basic properties of an AI agent yeah that's an important topic it's essential to know that AI agents have some properties that differentiate them when we compare them to Conventional generative AI applications first of all AI agent an AI agent is a system that is given an objective to achieve contrary to any classic Enterprise application where we need to gather the requirements clear clearly Define the the code and the business logic that needs to be uh created an AI agent is only given a high level objective but not a coded logic how to read this objective it will use reasoning planning and tools that it possesses as we will also uh see later we can go into deep explaining this concept a bit later in order to object to to achieve their goals second important uh property is that uh an AI agent is able to leverage sensory inputs to make sense of their environment this could be text knowledge image uh video anything really and it also has the ability to use Advanced algorith to not only Analyze This inputs but also to plan and execute AC actions towards achieving this goal third the important property to know about the assistance is that they are able to respond to Dynamic scenarios and that means essentially that when conditions around them change the AI agents can adapt their behavior they can replan again and continue their execution based on previous executed plans and they can also learn from what they observe they can also learn and optimize their behavior through feedback and reward function finally an agent can execute actions in the real time and usually it should not require any human approval for this okay this is really helpful so the the the way you would differentiate an AI agent from just a maybe what I might think of as a a generative AI model is it's got an A clear objective that can be a complicated long-term objective or or multi-step objective it takes in its different sensory inputs and that can be lots of different types of data or media and then they can apply the algorithm through reasoning planning adapting self-reflection how do you go about building an autonomous AI agent yeah of course it will take having some foundational models to use but that's not only it right generative AI has enjoyed the huge success in the past year as we saw in many companies including continue we have have been able successfully develop gen AI applications in different business functions solve some very difficult problems but despite this early success it also became obvious that when it comes to llms and gen applications there are certain limitations related to reasoning and more complex problem solving even though as we speak those limitations get more and more addressed by very recent powerful models such as 03 from open AI R1 from d and we will keep seeing llms and the foundation models become better in reasoning but just to go back at some point we all practitioners started realizing and noticing that by applying certain strategies that resemble a bit how we humans and think and function these studies could significantly improve the performance of the the basic nlms now we came up with some design principles that today we refer to as athentic AI design principles the sensory for building an AI agent applying those design principle is important and this is yeah it's very important to make sure we can create an agent that has the properties we discussed this before I have to note also here that we there are many Frameworks that appeared recently that can streamline the development on a gentic AI workflows as we also call them some of them being lra aogen crew Ai and the list grows longer every day okay that makes sense so can you walk us through some of these gent AI design principles yeah certainly so let's talk about reflection so as of today we humans are quite used to interact in one short mode with our favorite LM in the more of QA mode right so we ask a question we expect an answer and when we don't like the answer to our question we often manually prompt the model to correct and thiz on output and we have seen that this often results into better answers so I don't know Chris what is your favorite LM to use imagine you use copilot I'll use copilot yeah all right so imagine you ask copilot write the N say about your favorite topic tell me what is your favorite topic the band fish rock and roll music yeah all right okay so it is certainly capable of doing so it can start typing an essay till it finishes from the beginning till the end right but what happens most of the time you might say hey can you please sumarize the insights in the first paragraph can you maybe check your facts in the second paragraph Etc so reflection is in the end about automating this type of self-criticism to the llm this function can cause the model to spot its own problems and come up with a constructive suggestions to itself and does this help with does this help with hallucination yeah certainly does and you can also you can make sure to even reduce further hallucinations you can go beyond beyond relying on the inherent abilities of the llm to improve itself you can also provide it with tools to help it evaluate its own output for example imagine we give your favorite llm copilot a Search tool that we can prompted to use for fact taking so if I had to summarize there are three elements to remember here when we talk about reflection uh first we automate the self criticism process second we PR the model to spot its own errors third we give it access to additional resources to cor to correct its own errors and in that way the model can examine its own work and come up with a nice ways to improve it okay so this is helpful so you've talked about reflection reflection would be the first design principle what's next next is a tool user this is a pattern that we have been already applying for conventional generative AI we touched upon it already when we talked about reflection so llms can be fine tuned or even better prompted to use tools with detailed descriptions of their function so imagine some tools like a web search tool that can execute queries it can send emails or even schedule teams meeting right this tool list needs to be available included to the L we can send this every time in the context but it can also include hundreds of tools just think of all the number of apis available within an organization okay there exist humanistics how to pick up handful and relevant tools for each task like applying rag in the end tool uses about providing relevant tools and letting an llm decide on which one to use First Step provide the list of relevant tools and their descriptions second prompt model to match tasks with available tools and third enable the whole system to execute tool calling and consume tool output so it can reason and continue further it's it's a pursu of achieving a specific goal okay so it's the agent can now reflect on its own performance self-critique and make itself better and it has access to a whole host of different tools okay what's next is planning right is an essential component of how of building efficiently and effectively AI agents and planning is about enable a Model A system to come up with and execute the multi-step plan to achieve its objective okay many complex tasks can be done in a single step I think you agree with me or just using a single tool this goes to humans ourselves right we usually when we have to solve a complex problem we create iterative workflows in our minds and this is what an llm could be programmed to do so in our previous example you could think think of instead of asking Co pilot to create an essay on your favorite topic you can ask it first to create a skeleton of the essay maybe start putting some bullets but you can also prompt it to decompose this complex task into simpler and actionable steps that's what this planning coding this planning capability is about so step number one let the model autonomously decide on what steps to take to accomplish a high level objective step number two prompt it to decompose this complex task into simpler uh steps that it can use tools to actually execute now an important step an important Point here is uh the following um again for us the humans very complex tasks uh we cannot um ahead of time break decompose them into simpler steps right um in the same way we should also let the model dynamically produce the next based on in intermediate results this is what we call reflect and improve strategy and it has proven to help a lot the model to efficiently plan its own work okay this is fascinating it's a little bit scary but okay so the tool can reflect and self-correct and self-critique it has access to all of the different tools that might be available through apis and now it has planning and reasoning what's the final of your four design principles here yeah a core design principle when we talk to agentic AI is multi-agent collaboration and for explaining this pattern I will start with two key observation first um prompting an llm to play specific role can highly influence its quality output we observe it every time for example we ask an llm to respond using a specific style like a CYO or you can also make it talk like a pirate etc etc it does it very well um so the all definition certainly helps and it goes into the context through the system prompt but even if the llm can accept long context their ability to understand all of it is limited so if we start pushing too much context it will not focus so having small well-defined context make them focus on the instruction they're given and hence they can become more effective on their task so in an Nel when we talk about multi-agent collaboration is about having different models different uh agents so different parts of the same complex task we prompt its model to adopt a specific role and we also give it the tools and resources based on their role fourth we let them collaborate in that way many models can work independently on the same complex problem they split up tasks they debate ideas and they produce a better solution than a single model who do do in the end okay fascinating okay so it's I'm thinking thinking about an AI agent as one entity but it in the same way that it can split up the tasks a complex objective into discrete tasks it can also split itself up into unique roles that can focus on a specific context and then collaborate with each other to accomplish the the entire objective that's right that's how also we humans work right we don't try to solve everything at once we have different roles within an organization we have different cap and we try to solve it all together okay this is amazing so then how do you apply this agentic AI with these designed principles to uh security operations let's say security incident investigation okay so before LMS and all these agentic Frameworks if you really wanted to write to program create a program that automated the work of tier one and tier two so analyst you would essentially have to write down a huge static set of rules that is keep changing uh for the program to follow for its investigation to make back the connection with expert system of the 70s right this is a huge tedious and laborious task however security inent is not a static problem and each case is very different every customer environment is unique the th the threat landscape is constantly changing every day and one cannot simply use a boiler plate of predefined security text a runbook uh that fits all to perform an investigation we need to be flexible adaptive for each uni each unique use case but now with llms and agent Ki patterns as we saw before we can introduce this necessary flexibility and planning that is needed to conduct an n2n security incident investigation automatically and that's great news and how do we do this at antin so at anue we have built an AI agent for this purpose for automatic incident investigation we have leveraged of course powerful foundational models llm and the atic patterns we described we use the system to investigate every escaped incident this is every incident that has not been autoc closed by uh deterministic Automation and needs to be further investigated by a human so it works like that so for those incidents we let the autonomous system generate iteratively an investigation plan and we let it execute automatically all the steps of this plan at the end of this process where the system assesses what is happening the situation it summarizes into key key findings and uh into a report and it makes available this report into our Defenders workbench which is the internal tool we use ATU uh in order to help bootstrap the human Le effort and we have seen uh that it really reduces the dramatically the time to respond the time to close each unique use case can you share what is the secret sauce here how are we able to do this so well yeah okay there are three key factors here first of all we talked extensively about tool used and yeah continue we have an arsenal of those tools that we develop inhouse and can allow us to perform very fine grain Security checks on demand this is because we have deep integration into our customers EnV environment and this fact allows investigator to use a multitude of data sources and logs and get deep insights during vestigation time based on these insights it can plan replan um Pates an assessment about what is going on second important topic is that we leverage past knowledge our Security Experts so T1 T2 have three has thousands and thousands of incidents in the past this not knowledge is actually an extremely valuable data source which is unique for each customer environment we do store and process and leverage all this knowledge for the autonomous investigation to learn and get inspired on how to plan an investigation how to form a hypothesis in the same way that human analysts do how to conclude the and key findings and so on so forth last but not least I'm going back to our expert again expert feedback are security experts are providing constantly feedback on the quality on the finding findings on the planning and the overall reasoning capability of the system this is feedback we capture real time we store we operationalize and we use continuously to make the system learn and adapt and optimize Its Behavior based on this valuable human expertise that we have within on Iris thank you so much this is such a an exciting topic and I feel like you've explained this so well I feel like I got a master class in what's happening with a gentic Ai and what a great use case to apply this to solve a real problem yeah this is really exciting actually it's very exciting times to work in the domain of security operations and AI this is the first time we can see those systems actually providing value for the very difficult problem of incident Trias with this advancements we're helping more and more our sock experts to do their job faster without without having them burned out without looking over and over big amount of uh data sets uh doing repetitive jobs Etc we leave the autonomous investigator do the J for them okay something I like to ask podcast guests when you're not building a gentic AI agents to solve cyber Security's biggest challenges what do you like to do with your free time oh that's a good question before having kids I like skiing and playing tennis now most of my time I'm spending playing board games with my kids oh that's fun too okay thank you Iris I I really appreciate your time today thank you for listening this is defend your time the podcast where we try to help you get stronger security more value and fewer headaches out of your Microsoft security Investments this was the second in our multi-part series on agent AI applied to security operations Urus this was a a real pleasure thank you again so much for your time today