Abstract: A system and method of using generative AI to maintain conversations with attacking devices to discover their adversary techniques and tactics. The method includes receiving an initial message originating from an attacking device and directed to a target device. The method includes generating, using one or more classification models, a maliciousness score for the initial message indicating that the initial message is associated with one or more types of malicious activity. The method includes providing, by a processing device, the initial message to a predictive model trained to maintain conversations with attacking devices by predicting responses to malicious messages. The method includes generating, using the predictive model, two or more responses based on the initial message and at least one subsequent message, wherein each response of the two or more responses causes the attacking device to send a respective subsequent message to the predictive model.

Abstract: A system and method of using generative AI to identify exposures of computing devices on computing networks to actual and/or potential threats. The method includes collecting a plurality of responses from a plurality of devices to a target device on a private network. The method includes providing the plurality of responses to a classification model trained to assign device descriptions for device responses based on semantic matching of the device responses to database data. The method includes assigning, by the processing device using the classification model, a plurality of device descriptions for the plurality of responses to the target device, each response is respectively associated with one or more device descriptions of the plurality of device descriptions. The method includes generating, based on the plurality of device descriptions, a status report comprising a list of network addresses associated with a group of devices having access to the target device.

Abstract: A system and method of using generative AI to recommend and validate asset and/or cloud configurations. The method includes acquiring a set of parameters associated with one or more network entities of a computing network. The method includes providing the set of parameters to a configuration model trained to generate, based on semantic matching, recommended configurations for network entities and validated configurations for the network entities. The method includes generating, by a processing device using the configuration model, one or more recommended configurations for the one or more network entities based on the set of parameters.

Abstract: A process tree embedding is generated corresponding to a process tree. The process tree comprises a plurality of processes. The process tree embedding is processed with a machine learning model to generate an identification of malware associated with the process tree. In some embodiments, processing the process tree embedding with the machine learning model to generate the identification of malware associated with the process tree includes: processing the process tree embedding with the machine learning model to generate a classification of the process tree as being associated with malware; and, responsive to the classification indicating that the process tree is associated with malware, generating the identification of a first process of the plurality of processes that is relevant to the classification of the process tree as being associated with malware.

Abstract: A system and method of scrubbing sensitive data from records using patterns and large language models (LLM). The method includes receiving a request to process a record comprising data including sensitive data. The method includes identifying, based on one or more regex rules, a first set of scrubbing candidates associated with the record. The method includes identifying, by a processing device and based on a large language model (LLM), a second set of scrubbing candidates associated with the record. The method includes generating, based on the first set of scrubbing candidates and the second set of scrubbing candidates, a scrubbed record by scrubbing the record to remove the sensitive data.

Abstract: Systems and methods of actor attribution utilizing a machine learning (ML) model, such as a large language model (LLM), are provided. The method includes generating a first ML model based on first data associated with a first cybersecurity incident of a plurality of cybersecurity incidents. The method includes training the first ML model based on actor attribution associated with the first cybersecurity incident to generate a second ML model. The method includes receiving second data that is associated with a second cybersecurity incident of the plurality of cybersecurity incidents. The method includes producing, by a processing device for the second ML model using the second data, an attribution of the second cybersecurity incident to an actor.

Abstract: Methods and systems for applying a diffusion model to adversarial purification and generating adversarial samples in malware detection are disclosed. According to an example, a malware file is inputted to a diffusion model to obtain an adversarial sample by altering content of the malware file. The adversarial sample is further tested by a malware detector. In some examples, the content of an input file may be encoded prior to be processed by the diffusion model. If the malware detector can identify the adversarial sample as a malware file, the diffusion model is updated to further alter the content until the adversarial sample successfully deceives the malware detector. According to another example, an executable file is purified using a diffusion model prior to be inputted to a malware detector. The diffusion model may remove potential malware content from the executable file, thus improving the performance of the malware detector.

Abstract: Systems and methods of authentication utilizing a large language model (LLM) are provided. The method includes accessing a knowledge base comprising user-specific data of a user device associated with a domain. In response to a request from the user device for access to a resource of the domain, the method includes generating one or more authentication challenges based on the user-specific data. The one or more authentication challenges are generated by an LLM trained on the user-specific data and contextual interactions associated with the user device. In response to determining that a response to the one or more authentication challenges matches the user-specific data of the knowledge base and the contextual interactions, the method includes providing the user device access to the resource of the domain.