Abstract: A cyber security system that protects against cyber threats including a synthetic clone of a voice of a speaker can include several components. A deep learning model is trained to analyze an audio file and produce one or more embeddings of the audio file. One or more AI classifiers are trained to analyze the one or more embeddings of the audio file from the deep learning model to determine whether it is likely that the voice of the speaker engaging with a user is real or the synthetic clone of the voice of the speaker. The voice clone detection bot can be resident on a computing device of the user and can integrate with different sources of audio data on the computing device of the user in order to collect the audio file containing an attempt to synthetically clone the voice of the speaker protected by the cyber security system.

Abstract: An analyzer module determines whether a file under analysis is likely malicious or not malicious. A transformation module analyzes the file under analysis in order i) to generate a representation of the file under analysis that includes a simplified summary on information in and behavioral properties about the file under analysis and iii) then to feed the representation of the file under analysis into the LLM. The LLM is trained with MLM to create a semantic understanding of the file that creates a depiction of the file that retains multiple aspects of the information in and behavioral properties about the file as an embedding, in a space that allows the analyzer module to determine whether the file is likely malicious or not malicious via how closely the file under analysis as an embedding is related to a known malicious file or a known not malicious file with similar information and behavioral properties.

Abstract: An interactive cyber-security user-interface for cybersecurity components can receive a voice input from a user as well as ii) a text input as a user input. The interactive cyber-security user-interface works with a set of differently trained LLMs to carry out tasks on behalf of the user input. The interactive cyber-security user-interface cooperates with the set of differently trained LLMs, which are grouped together to operate as an orchestrated system to provide different tasks. The tasks can include a collection of supplementary information, a summarization of cyber security information, translating a query in the natural human speech format into the required search syntax, how to integrate with an API, acting as a first line of support to user inquiries, a suggested response to a cyber security issue, etc. The interactive cyber-security user-interface for the cybersecurity components acts as the user interface for one or more of the cybersecurity components.

Abstract: An orchestration component implemented within a cybersecurity system and operating in concert with a cybersecurity appliance to enhance cyber threat detection or a response to a cyber threat detected by the cybersecurity appliance is described. The orchestration component comprises a first landscape analysis module, a data score and an action severely configured to operate with a first large language model to (i) analyze threat landscape data received from one or more external sources and (ii) identify threat technique data associated with one or more cyber threats included within the threat landscape data. The orchestration component further comprises a data store adapted to maintain the threat technique data identified by the threat landscape analysis module; and an action severity module is configured to adjust a sensitivity of a cyber threat detection engine of the cybersecurity appliance in monitoring for the one or more cyber threats represented by the threat technique data.

Abstract: A system operating with a cybersecurity system to enhance cyber threat detection is described. The system features a first and second orchestrator modules. The first orchestrator module includes at least a first large language model and is configured to perform artificial intelligence-based simulations of cyber-attacks to determine (i) how a simulated cyber-attack might occur in a selected computing device and (ii) how to use simulated cyber-attack information to preempt possible escalations of an ongoing actual cyber-attack. The second orchestrator module includes at least a second large language model and is configured to (i) perform a remediation task to correct one or more misconfigurations in one or more components associated with the cybersecurity system and (ii) return the one or more components back to a trusted operational state.

Abstract: The cyber security training tool has a natural language processor and a large language model to be able to analyze both i) a synthetic cyberattack in a mimic network corresponding to a real world network as well as ii) a real cyberattack in the real world network. The cyber security training tool can then provide analysis and an explanation as to why machine learning identified the synthetic cyberattack and/or the real cyberattack as a cyber threat for a purpose of providing cyber security training to at least one of i) an end user of the real world network and ii) a cyber security team member for the real world network. The cyber security training tool further has a user interface component to display security awareness training for the synthetic cyberattack and/or the real cyberattack, and to show the end user and/or the cyber security team member an understanding of the machine learning of the synthetic cyberattack and/or the real cyberattack displayed in the user interface component.

Abstract: A cybersecurity system for enhancing detection of cyber threats through use of one or more Large Language Models (LLMs) is described. Herein, the LLMs are configured to generate one or more structured elements that operate as a complex filter for automatically extracting salient data from data received from one or more external sources for training of Artificial Intelligence (AI) models. Additionally, the LLMs are further configured to correlate multiple user credentials associated with different platforms to identify a common user to enhance training of the AI models and anonymize at least personally identifiable information (PII) data prior to training of the AI models.

Abstract: A cybersecurity system for adjusting content within an Artificial Intelligence (AI) model or creating a new AI model based on analysis of a model breach alert is described. The cybersecurity system features a model health analysis component and a model refinement component. The model health analysis component is configured to analyze content associated with a model breach alert. Communicatively coupled to the model health analysis component, the model refinement component is configured to receive analytic results from the model health analysis component. Based on the analytic results, the model refinement component determines adjustments to the threshold associated with the AI model or generates a new AI model in substitution of the AI model to avoid an over-breaching condition or improve cyber threat detection.

Abstract: A synthetic cyberattack tool uses a generative AI component to assist in generating a synthetic cyberattack by a cyber threat to produce one or more cybersecurity incidents and/or events. The synthetic cyberattack tool uses the generative AI component also to provide an analysis and an explanation for a purpose of providing cyber security training to at least one of an end user of a network and a cyber security team member for the network in a mimic network. The synthetic cyberattack tool orchestrates the synthetic cyberattack and derives the synthetic cyberattack from real world cyberattacks and the wargaming cyberattack exercise from real world behaviors of the end user and/or the cyber security team member as well as the architecture and policies implemented in the real world network. A user interface component displays both results of testing in the wargaming cyberattack exercise along with an explainability on the synthetic cyberattack.

Abstract: An automated sandbox generator for a cyber-attack exercise on a mimic network in a cloud environment can include various components. The cloud deployment component deploys the mimic network in a sandbox environment in the cloud environment. The mimic network can be a clone of components from a network that exists in an organization's environment and/or, predefined example components. The attack engine deploys a cyber threat to use an exploit for the wargaming cyber-attack exercise in the mimic network. The user interface displays, in real time, results of the wargaming cyber-attack exercise being conducted in the sandbox environment, to create a behavioral profile of how the cyber threat using the exploit would actually perform in that particular organization's environment as well as have human users interact with the cyber threat deployed by the attack engine during the cyber-attack on the mimic network, as it happens in real time, during the wargaming cyber-attack exercise.

Abstract: A device linking service can unify data streams from different sources of access into a network to get a composite picture of a behavior of an individual physical network device that has different device identifiers from the different sources of access into the network via cross-referencing information from the different sources of access into the network. The device linking service creates a unified network device identifier for the different device identifiers from the different sources of access into the network. The device linking service supplies the unified network device identifier and associated information with the different device identifiers from the different sources of access into the network to a prediction engine. The prediction engine runs a simulation of attack paths for the network that a cyber threat may take.

Abstract: An open-source intelligence (OSINT) monitoring engine operating as an AI-driven system for monitoring incoming content received from an OSINT source to detect emerging cyber threats is described. The OSINT monitoring engine features a source evaluation module, a content processing engine, and a content classification engine. The source evaluation module determines a confidence level associated with a source of the incoming content and refrains from providing textual information associated with the incoming content unless the confidence level associated with the source is equal to or exceeds a prescribed threshold. The content processing engine identifies salient information from the textual information for use in identifying an emerging cyber threat.

Abstract: An automated training apparatus can include an importance node module to compute and use graphs to compute an importance of a node based on factors that include a hierarchy and a job title of the user in the organization, aggregated account privileges from different network domains, and a level of shared resource access for the user. The graphs are supplied into an attack path modeling component to understand an importance of the network nodes and determine key pathways and vulnerable network nodes that a cyber-attack would use, and a grouping module to analyze the importance of the network nodes and the key pathways and the vulnerable network nodes, and to classify the nodes based on security risks and the vulnerabilities to provide reports including areas of vulnerability and known weaknesses of the network.

Abstract: A cyber security system includes an importance node module to compute and use graphs to compute an importance of a node based on factors including a hierarchy and a job title of the user, aggregated account privileges from network domains and a level of shared resource access for the user. The graphs are supplied into an attack path modeling component to understand an importance of the network nodes and determine key pathways within the network that a cyber-attack would use, via a modeling the cyber-attack on a simulated and a virtual device version of the network. The cyber security system provides an intelligent prioritization of remediation action to a remediation suggester module to analyze results of the modeling the cyber-attack for each node and suggest how to perform intelligent prioritization of remediation action on a network node in one of a report and an autonomous remediation action.

Abstract: Aspects of the invention relate to a cyber security system that may enable an end user to communicate with a cyber security appliance to identify cyber threats across the client system. The system can include one or more host devices each having a user interface and an endpoint agent for facilitating bi-directional communication between the user and a cyber security appliance. The endpoint agent may include a communication facilitation module including a user interaction module configured to communicate with the user interface and a helper module configured to communicate with the cyber security appliance. The endpoint agent is configured to enable the bi-directional communication between the user interface and the cyber security appliance on receiving a query associated with identified unusual behavior.