- Project Overwatch
- Posts
- #024 - Cyber AI Chronicle - Agentic Workflow to Track Cyber Threats
#024 - Cyber AI Chronicle - Agentic Workflow to Track Cyber Threats
PRESENTED BY
Cyber AI Chronicle
By Simon Ganiere · 23rd June 2024
Project Overwatch is a cutting-edge newsletter at the intersection of cybersecurity, AI, technology, and resilience, designed to navigate the complexities of our rapidly evolving digital landscape. It delivers insightful analysis and actionable intelligence, empowering you to stay ahead in a world where staying informed is not just an option, but a necessity.
Table of Contents
What I learned this week
TL;DR
First, welcome to all the new subscribers! I was looking at the stats the other day and saw a nice increase in the last few weeks so appreciate it! I started this newsletter as a way to track my learning and it seems that other people are benefiting as well which is all I’m asking for!
So Apple had its big day with the WWDC 2024! I’m an Apple fan boy since the beginning of time. No big surprises in the approach Apple is taking - model on the device and a big focus on privacy. In the past, Apple has demonstrated its ability to integrate technology and provide an end-to-end experience which was a key differentiator. Let’s see if they can make it happen again. Will definitely spend some time learning more about that split between on device and OpenAI and obviously the Private Cloud Compute setup as well. Also, the play on the name is just awesome: Apple Intelligence = AI! Love it!
A huge piece on AI and the future by Leopold Aschenbrenner. Have not finished it yet, as it’s a 165 pages document! For those who don’t know him, he worked at OpenAI in the superalignment team at OpenAI and has a pretty impressive track record(to say the least). You can also find a YouTube interview here.
An interesting read on start-up hiring, where Ross Haleliuk is explaining that hiring top performers from larger cyber company is not necessarily a good thing for a start-up. You can be a start-up or a big company, you need to hire the talent that you actually need and not just jump for the top performer. This is going back to the usual story of talent shortage in cyber. I always had my opinion on this, which was more the fact that the industry is bad at identifying the skill sets it actually needs. Hint: it’s not someone with a collection of certification and 25 years of experience with a technology that is only 10 years old. This topic require a longer write up but that article from Ross should not be just read from a start-up point of view. What matters is the thought process and approach to identify what skill sets you actually need. This matter even more at the moment based on the state of the market » MORE
I’m back with some Cyber AI magic. I wanted to move to an agentic workflow to help understand incident or attack. The workflow is (still) basic but powerful:
Start with a basic request such as a threat actor name or an incident.
Identify the key elements: attack description, TTPs, actors, victims, timeline, impact and recommendations.
Write a summary with key sections including a timeline.
I’m sharing the full script and a couple of example output. Hopefully that’s helpful for someone else » MORE