07 - AI Agents: Your New Security Team Members Or Biggest Threat?

Thank you all for being here this afternoon. And um so today we're going to be talking about um AI agents. Are they our security defense or will they become our biggest threats? So um quickly I will just um do a TLDDR of um who am I? So basically by day I work as a solutions engineer specializing in uh Kubernetes networking supporting uh enterprise customers in their Kubernetes networking environment and network uh security. Um by night uh these days I try to um do some meaningful research into um AI security the trends and the evolutions that are coming through. So basically um the talk for today is going to uh surround these five topics. uh we explore the AI threat landscape

and um we'll talk about the issues that we're being faced with in um with respect to AI security and also we'll touch on the defensive uh capabilities what research um is trying to let us know about um AI security and how it can um work as a defense mechanism for um basically sock centers and then there's going to be a conceptual demo. It's not a live production environment. And uh we'll talk about implementation reality. Now we know that the threats exist. How are we going to be able to match these threats uh using defenses? Then um we'll have an open discussion. And I will try as much as possible to also learn from everyone here today

because um this is actually a research that I've been doing in the last few months and I like to understand um what has worked for you if you have actually been involved in uh AI security on the defensive side of things. So this talk is actually combining uh research and um an honest assessment of AI agents in security. Uh no vendor promises and uh there are no uh production war stories here.

So by show of hands, has anyone been subject to um AI threat uh so cyber threat attacks that are being engineered by AI? Cool. Now these are stats that I've actually pulled from basically uh different forms of research in the last uh few months and um we can actually see um Hawknot actually mentioned in one of their uh recently released articles that um u AI uh fishing uh engineered attacks have actually improved between 202 uh3 and 2025. Now they actually gathered uh their elite uh red team members and pitted them against AI fishing um engineered attacks. Now at the end of the day they realized that uh AI uh engineered attacks have improved by 55%.

And also cyber angel is actually also letting us know from a recent study that um fishing attacks uh have also been most of the fishing attacks that have actually happened in 2024 and beyond have actually been AI engineered by 67%. And the the funny thing here is that um as much as these attacks are on the rise, it's actually getting cheaper for the red teams that are being uh that that implement these attacks using AI. It's 95% cost savings for them to use uh LLM and AIS to actually um implement these attacks. So the more it rises and then the cheaper it becomes for them. food for thought. And while all these things are happening, what are these

security teams doing about this? Uh in in the heat of the moment, they're all they're all relaxed and sometimes they do get push backs from from leadership. What is leadership actually saying to the security team members? Do we hire more hands or do we just um what do we do? because AI uh attacks are surging as much as 67%. This is a study completed by Cyber Ninj.

It's not all that um it's not all that bad because these same uh cyber attacks that are being launched the same AI itself could be utilized as a combative mechanism. So it's not all that um red days ahead. There are better days ahead because according to a study by IBM, we've seen that um incident detection that are engineered by uh AI in security are actually uh contained um 98 days faster than uh normal resolution times. There's also the efficiency of um sorry this is supposed to be um ex there was a study by exab citing that uh 25% of the time that is being used by sock analysts is actually uh being wasted on false positives uh where you could have

just simply done an AI automation that could save you um 2.2 2 million uh per year and uh also if we actually implement AI in security there was a research by Wazu uh open source SIM tool we all know that uh you could get as much as 97% in detection accuracy to resolve um these issues that are coming on the rise uh from AI engineered cyber attacks. Okay. So, I'll just pause for a little bit here and um I'm just going to show you a conceptual demo.

So, this is supposed to be conceptual. This is what um like the expectation of what an AI sock should look like. So, you have real-time metrics. uh you have uh live threat detection. Now these things are already in existence. However, if you see the difference between um AI processed uh AI processed sock centers, you have over 2,000 threats responded to in about 4 seconds. I don't think that we have any sock centers responding manually to this. But this enhancement, this collaboration between human and AI could actually take us to such place and it's actually um 97% accurate. By the way, this is not production environment. This is just a conceptual demo. And you also have the an email analysis

queue here. And one uh interesting point here is you have human escalation queue. Now, even if we feel or we know that AI could actually uh do a whole lot of things, there are still some things that I feel like AI or cannot do. And these are actually novel attacks. Uh things like zero day attacks. We still need human uh intervention to combat this kind of issues when they arise because AI would actually process known patterns, not uh uh attacks like these ones that are escalated and require human intervention. And then there's also this uh network uh behavior analysis IPs block based on certain uh patterns.

Okay. Yeah, we already talked about uh human AI collaboration here where we have um AI handling uh known threats and patterns and then we have uh human beings coming in for escalations.

There is always that um constant dilemma for security professionals. And here we see one of the um security professionals pondering and saying would you can I just like you know allow AI to intervene and then triage 1,000 more than 1,000 security alerts manually or do I combine that all by myself? then this could actually uh you know result in um alert fatigue where you have most false poses and it's actually causing burnout in in time. So AI excels at handling uh high volume of routine task, freeing human experts for uh critical analysis and decision uh making on uh Nobel threads like we mentioned in initially on the um dashboard.

How many uh security professionals today have actually faced this dilemma trying to solve everything? Okay, now we um actually um talk about implementation. Now this is the reality of things. It's uh and and I feel like um one of the biggest challenges here is um the data, the quality of the data, how do we get that data to be in the right state of mind? And this is just like a timeline that could be physible or invisible based on research. Um so we start you could start as um much as just checking out uh fishing emails or signatures or any known attacks that you could actually tune to um huge amount of data before you can start

getting um accuracy and like I mentioned earlier the um biggest challenges remain um data quality integration and uh organizational resistance.

you know, we usually when we're facing deployment, this is what we expect to see. However, in reality, this is uh the chaos behind um deployment. and understanding these challenges I I believe is going to be crucial for um successful AI security integration.

The good thing is that you can actually start testing these things uh using open source like email security. You could use elastic security AI spam master sim for threat protection. Surikata for network monitoring uh wazu for uh sim.

Now I I feel like um AI actually we've seen AI actually um over the past years it's gone through uh different phases. So I try to categorize uh into these three uh brains. So um phase one we actually thought that AI is going to solve everything. Do we have anyone in the room that believe that AI is going to solve everything? I don't believe uh vendors actually promised us magic. We wanted to believe it. Now phase two is the middle brain. Now we see um wait this actually needs work. Reality sets in tuning comes and then we start to look at the quality of the data. We've seen AI actually uh come up with um hallucinations things that are

not true. That's why you always expected to, you know, fact check everything that pops up from AI false positives. Um, suddenly it wasn't magic anymore. Now phase three, uh, this is where we are now. And basically what this tells us is that uh, and this I believe is the journey or the final destination where we're heading to where AI would actually augment human beings and not replace them. That's the lesson. Um, don't chase the hype. Don't dismiss it. Uh, find truth in the middle. And, um, I do have some key points here. Um, if there's any uh, things that you're going to be taking away from this, um, there are three things that I would like you to recall. Number one,

the research is real. 97% plus accuracy is achievable. 98 days 98 days uh faster containment is also measurable processing millions of events at scale is happening right now in production environment. Point two um the path to uh perfect AI security is hard. you need adequate planning at least maybe you could say two to 3 months fix your data quality first uh because it's always going to be 80% of the problem false positives and never ever let AI make critical decisions without human oversight uh point three AI auguments analysts it does not replace them anyone selling uh you replacement is selling you snake oil.

>> Thanks. Um,

>> thank you, Michael. Anyone have any questions for Michael? >> Yes. >> Also, oh no, you go ahead. I just wanted to just say that uh if anyone has actually implemented AI security and how it has worked for them, what challenges did they face? Uh because this is kind of like an open discussion just to learn from uh what has worked and what has failed. >> AI

such as machine learning and an detent

on top of the simction but also payment.

>> Yeah. >> Yeah, that was what I was referring to. integrating AI on top of the existing SIM that you have to actually handle um the amount of incidents that do occur in sock centers.

>> Yes.

>> Yeah. >> Yeah. Where we have humans stepping in is actually where we have zero day attacks, escalations that are very critical that AI cannot handle things that are routine, things that are out of the ordinary. >> AI. >> Well, >> so the question was how would AI even know it's zero day? >> That is part of the training that we have to feed into AI once the integration is done. Yeah, >> you have time. >> Uh, sorry, I was just going to say it there was open discussion. Um, I don't know how many people here just uh went through like last week or this week for Microsoft AI tour. Um, I'm sure there were plenty of people there too just to

look at what vendors are offering. One of the big things that's come out of obviously we were talking about snake oil and a bunch of other things is Microsoft's doing a very big push for co-pilot. I think we've all seen it in in all different areas. Um, security pilot and agents are like the next thing that they're pushing through the AI tour and I got like a little bit of a demo of that like this week and a lot of what you were talking about is exactly what they're sort of pushing is that decision-m for a lot of things that are incoming is basically given off to the security agent versus the human operator is kind of sifting through some of the

more higher severity alerts and actually looking at them closely. and a lot of work that needs like you know very detailed the researcher like sort of items is being piloted off. So just because we were talking about open discussion I'm seeing a lot of that happening. I'm not sure how our security teams are kind of moving around it right now but they're in one way they're happy that they won't have to sip through so many logs like all of people here who do and in other ways they're still a little bit suspicious about the technology itself. So yeah I don't know if that helps or not but >> thanks for that. Yeah, >> appreciate Any

other questions? Yeah.

>> What's up?

>> Yeah, that was um um there was a research article that I was reading by uh IBM.

I still don't >> if I get your question correctly, you're asking how the accuracy was determined. >> Yes. >> Yes. Like I was mentioning earlier, it was an article by IBM that I was reading through and there was actually um I think there was uh there was an integration LLM integration using Wazu or open source uh SIM tool integrating LLM to be able to get that uh accuracy. I could actually send that article to you if you wanted to have a look at it as well. And the demo that I actually did was it's not a production environment. It's just conceptual. So based on that research, we're able to see that number. >> Thank you.

>> Hi. uh so I went to sector as well and uh a lot of people and even today in one of the presentations uh the investigation that was discussed on how to create a playbook for AI incidents really focuses on the logging of basically what the inputs are and the prompts and the and agents and uh so as a security person who's implemented logging security logging we're always very careful to not um to basically just focus on metadata versus logging information like uh if a user puts in a data in the prompt we wouldn't be logging that we will be logging restricted to the IPs the authentication uh failures and logging and things like that. So the lo it will be basically

like I don't see yet a very clear path on how we can do AI um sorry security logging for AI systems or agent systems so that to our seams so that the seam can actually start collecting and scoring suspicious activity. Do you have any and I know that you have uh kind of a a demo there but do you have any findings on how security logging can be done for uh for agent tech systems and what kind of elements data elements can be uh can be fed into the seams. >> Thank you for that question. Um,

if I'm going to be honest, I have not implemented this on my own yet, and this is something that I will do. Uh but this um um research here by Wazu actually talks about um it actually talks about having um

it actually talks about 97.2 to uh percent accuracy that was achieved um having this um wazu integrated with um uh LLMs to for detection response. So I feel this is still possible. So it's just um exploration of trying to get your hands dirty in um this open-source tool utilizing it for testing purposes and it's it's actually open source. It's not good. There's no administrative or cost overhead involved. And this is something I do plan to do in the coming uh weeks ahead.