Applying Generative AI for CVE Analysis at an Enterprise Scale

Introduction

• The software development process involves complex dependencies creating an interconnected web.
• This complexity has increased security challenges, with a record number of vulnerabilities reported in 2022.
• Traditional methods for addressing vulnerabilities are becoming unmanageable.
• Generative AI is being explored to automate and improve the CVE analysis process.

AI Agents and Retrieval-Augmented Generation for CVE Analysis

• Initial Steps:
  • Detection involves scanning software for known CVE signatures.
  • Upgrading every package for each CVE is not feasible, especially at enterprise scale.
• Challenges:
  • Complex dependencies make upgrading difficult.
  • Manual investigation is labor-intensive.
• Generative AI Solution:
  • Can expedite research and investigation of CVEs.
  • Determines vulnerability existence and exploitability.
  • Example: Agent Morpheus reduces analyst time and improves efficiency.

Differentiating Vulnerable vs. Exploitable

• Not all CVEs require immediate action.
• A CVE might not be exploitable due to:
  • False positives in vulnerability scans.
  • Missing dependencies required for execution.
  • Unused or inaccessible vulnerable code.
• Assessing exploitability involves synthesizing information from various sources.

Agent Morpheus Workflow

• Combines Retrieval-Augmented Generation (RAG) with AI agents.
• Workflow Components:
  • Connects to vulnerability databases and threat intelligence sources.
  • Uses four Llama3 models for planning, agent execution, summarization, and standardizing justifications.
• Process:
  • Generates and executes a checklist for each CVE.
  • AI agent autonomously performs tasks and makes decisions.
  • Results are summarized for human analysts.

Efficiency and Automation

• Reduces vulnerability triage time significantly.
• Automation is achieved without constant human oversight.
• Includes feedback loops for continuous improvement of AI models.

Deployment and Integration

• Fully integrated with NVIDIA's container registry and security tools.
• Steps in the Process:
  1. Triggered by container upload.
  2. Initial CVE scan followed by Agent Morpheus analysis.
  3. Intelligence retrieval and tool preparation.
  4. Final summary and classification sent to analysts.
  5. Analyst review and peer review.
  6. Final document published with the container.
  7. Continuous model retraining based on analyst feedback.

Technical Infrastructure

• Utilizes NVIDIA NIM inference microservices for deployment and speed.
• LLMs handle high volume of requests effectively.
• Uses parallel processing to improve analysis speed.
• Morpheus framework enables event-driven, automated workflows.

Conclusion

• Event-driven RAG with Agent Morpheus significantly accelerates CVE analysis.
• Provides a scalable solution for enterprise-level security management.

Learn More

• Opportunities to explore more about the application of generative AI in cybersecurity through NVIDIA's offerings and sessions.