Abstract: An interactive cyber security user interface is provided. The interactive cyber security user interface comprises a large language model, LLM, module configured to receive a natural language input from a user; analyze the natural language input to determine contextual information from the natural language input; determine one or more components of a cyber security system to query based on the contextual information and the natural language input; and generate a query in a software code format accepted by the one or more components of the cyber security system based on an analysis of the natural language input, the contextual information, and the determined one or more components to be queried. The interactive cyber security user interface is configured to query the determined one or more components of the cyber security system using the generated query and receive a response to the query from the one or more components of the cyber security system.

Abstract: The cyber security appliance can have at least the following components. A phishing site detector that has a segmentation module to break up an image of a page of a site under analysis into multiple segments and then analyze each segment of the image to determine visually whether a key text-like feature exists in that segment. A signature creator creates a digital signature for each segment containing a particular key text-like feature. The digital signature for that segment is indicative of a visual appearance of the particular key text-like feature. Trained AI models compare digital signatures from a set of key text-like features detected in the image of that page under analysis to digital signatures of a set of key text-like features from known bad phishing sites in order to output a likelihood of maliciousness of the unknown site under analysis.

Abstract: An autonomous email-report composer composes a type of report on cyber threats that is composed in a human-readable format with natural language prose, terminology, and level of detail on the cyber threats aimed at a target audience. The autonomous email-report composer cooperates with libraries with prewritten text templates with i) standard pre-written sentences written in the natural language prose and ii) prewritten text templates with fillable blanks that are populated with data for the cyber threats specific for a current report being composed, where a template for the type of report contains two or more sections in that template. Each section having different standard pre-written sentences written in the natural language prose.

Abstract: An open-source intelligence (OSINT) monitoring engine operating as an AI-driven system for monitoring incoming content received from an OSINT source to detect emerging cyber threats is described. The OSINT monitoring engine features a source evaluation module, a content processing engine, and a content classification engine. The source evaluation module determines a confidence level associated with a source of the incoming content and refrains from providing textual information associated with the incoming content unless the confidence level associated with the source is equal to or exceeds a prescribed threshold. The content processing engine identifies salient information from the textual information for use in identifying an emerging cyber threat.

Abstract: The cyber security appliance can have at least the following components. A phishing site detector that has a segmentation module to break up an image of a page of a site under analysis into multiple segments and then analyze each segment of the image to determine visually whether a key text-like feature exists in that segment. A signature creator creates a digital signature for each segment containing a particular key text-like feature. The digital signature for that segment is indicative of a visual appearance of the particular key text-like feature. Trained AI models compare digital signatures from a set of key text-like features detected in the image of that page under analysis to digital signatures of a set of key text-like features from known bad phishing sites in order to output a likelihood of maliciousness of the unknown site under analysis.

Abstract: A method for a cyber security appliance incorporating data from a source code repository, hosted by a software development environment, to identify cyber threats related to source code being stored and developed in that source code repository is provided. The method comprises: receiving, at one or more modules of the cyber security appliance, data indicating a network entity representing a user's interaction with the source code repository; and comparing the data, received from the one or more modules, to one or more machine learning models trained on a normal benign behavior interacting with the source code repository using a normal behavior benchmark describing parameters corresponding to a normal interaction behavior.

Abstract: A cyber threat defense system can incorporate data from an instant messaging platform with multiple other platforms in a client system to identify cyber threats across the client system. The system can have one or more instant messaging modules to collect instant messaging data from one or more network entities that utilizes one or more instant messaging platforms. A user specific profile module can identify a user of the client system associated with the user account based on a composite user profile constructed from user context data collected across multiple platforms of the client system. A risk profile module can associate the user with a user risk profile based on the composite user profile. The risk profile module can apply one or more artificial intelligence classifiers to the instant message based on the user risk profile. A cyber threat module is configured to identify whether the instant messaging data corresponds to a cyber threat partially based on the user risk profile.

Abstract: A Software as a Service (SaaS) console can retrieve data from one or more application programming interfaces (APIs) hosted by one or more SaaS platforms in order to identify cyber threats in a cyber threat defense system. The SaaS console can use customizable generic templates to provide a regular i) polling service, ii) data retrieval service, and iii) any combination of both, as well as a universal way to obtain data from the one or more APIs hosted by one or more SaaS platforms to collect event-based activity data from the one or more APIs. Data fields of the one or more customizable generic template are configured to be populated with data incorporated from a first user of a first SaaS platform for a first API for the first SaaS platform.

Abstract: The cyber security appliance can have at least the following components. A phishing site detector that has a segmentation module to break up an image of a page of a site under analysis into multiple segments and then analyze each segment of the image to determine visually whether a key text-like feature exists in that segment. A signature creator creates a digital signature for each segment containing a particular key text-like feature. The digital signature for that segment is indicative of a visual appearance of the particular key text-like feature. Trained AI models compare digital signatures from a set of key text-like features detected in the image of that page under analysis to digital signatures of a set of key text-like features from known bad phishing sites in order to output a likelihood of maliciousness of the unknown site under analysis.