BSidesSF 2024 - Cybersecurity meets Generative AI: Automating Your Compliance... (Rafae Bhatti)

all right folks for our next session we have RAF who will be speaking to us about cyber security meets generative AI uh please post your questions to slido if you have it during the talk um we'll try to see if we can go over them after the session is complete and over to you RAF thank you thank you and good afternoon everybody um I appreciate all of you uh being here for the last talk on the last day of the conference and I recognize I'm standing between you and your Journeys back home so let's let's get started um quick show of hands how many here in the audience um are related to a GRC function all right and how many here

here are just because they're AI enthusiasts or just because there's AI in the title of the talk all right pretty much sums it up um okay so um let's get started here's a brief outline of what we're going to be covering um I'll give a little bit of background about myself and why the idea of co-pilot and why now uh and as part of that we'll cover the state of the audit today and then we're going to get into the architecture of a potential agentic AI approach that we could use to address some of the challenges it's still pretty much uh you know work in progress so it's not something that's ready to use right right away but it's

it's an approach and these are the building blocks that that could be leverage to get there and then the demo here is just to kind of give you a quick instantiation of what that approach might look like it's kind of like in a very early stage but just kind of give you an um understanding of like what it might look like when it's fully baked um so we'll we'll kind of cover that so that uh we can all get an appreciation for or you know what this architecture looks like when we try to implement that all right so just a little bit about myself um so I functioned in technical advisory and operational roles in various B area startups um with a

decade of experience in building compliance programs so understand a little bit of the pain points when when doing compliance audits um recently I also became an attorney so I'm licensed as an attorney in California and that kind of gives me the understanding of what Regulatory Compliance might mean from a more rigorous standpoint of you know uh being like being subject to different obligations and these days the audits are kind of getting um you know um a way for companies to attest to their compliance obligations even from a regulatory standpoint for example you have a HIPPA appendix to to an audit you could have like gdpr set of controls that are part of your your audit anyone

in the audience who has experienced that where there's a HIPPA component to your to your sock too or gdpr component yeah so I see some hands so so so that's why you know this whole regulatory like the rigor that comes from like a regulatory standpoint and adding that to the rigor that comes from an engineering standpoint to actually do the tasks that are required to perform an audit they kind of go hand inand and this um this trend is only going to increase increase with time um I'm currently also serving as a ceso uh at a f startup Silicon Valley and I have a Blog where I provide legal advice um but just a disclaimer

this is my own independent pursuit in Tau leadership and not tied to the work uh that I do uh at at my company um so let's let's talk about why we are here let's um let's talk about audits so essentially the idea of a compliance co-pilot is uh the background is that today the bad to audit ready controls goes through Professional Services and a significant amount of time is spent on manual process now a true co-pilot would reduce our dependency on that process right um and what I mean by an audit ready control is it is mapped to a specific test so for those of you who know you know what happens in an audit like there's always

a test that you have to pass and you have to provide some evidence that you passed that test and there are like you know 2s of those right so you just repeat that process 2,000 times not really but feels like it so so getting to that audit ready control is the goal here um now the path to get there right so that's that's the Nirvana but the path to get there still sucks right even if there are Billboards on 101 that tell you otherwise but um there there are two talks that happened earlier today that kind of help made it easier for me to make that case right so one is actually a talk by ver who gave a talk on GRC

engineering if you missed that you should go watch the video when when it comes out but he made the case that you know um basically we need Engineers uh to kind of uh we need to work on tooling to help Engineers hate audits less right and then that pretty much sums it up that JC still sucks and then um there's another talk like okay what's the AI component why is AI the relevant thing to solve for it uh the keynote by calib in the morning uh which basically talked about you know the top six trends that cesos should look into should be you know should be focused on and compliance was there in that list and he also talked about the

three C's and one of the three C's was context so as we go deeper we'll we'll see what how that plays a role here because this is about synthesizing the information in your organization and putting that cont context putting that context to use so how do we go forward from here well for that you have to answer one question do you want to take the red pill or the blue pill um the blue pill is blissful ignorance and we can pretend tools are going to be fine we don't have a problem and and we we don't put AI in the mix and and let it take care of itself the red pill however means that um

this is a painful reality of where the automation is today and where it needs to be to really call it automation right so what does it look like to take take the red pill so here if you if you notice here you know I have outlined the key stages in an audit and the level of automation you know think of it as the charge right this is this is the amount of charge that the automation provides us for for all these stages so the first stage is to kind of map out your controls and today the tools do provide you a tentative list of controls but that list needs you know someone to review it to provide you the canonical

list that works for your particular environment so that's like the manual process right that's a 2080 split there you you install a tool it produces a list for you but you need to make sure that is the list that you need to run with right you can you can start to implement those controls but you need to make sure that those are the right controls for you to implement similarly if you have multiple Frameworks the tools are getting much better here so if you have multiple Frameworks they're going to do the work to map you know overlapping uh tests to the you know similar controls they're going to do that however you still need to validate that the mapping has been

done correctly so I would say that's about 50/50 but there's there's still a big lift that the tool can provide you there so if you're dealing with multiple Frameworks at least you got like half of your work done but remember the remaining half is validation that needs to happen similarly with the tests the tools are getting a lot smarter so for example you could integrate your GitHub and you could integrate your you know AWS you could integrate your other repositories wherever there's an API or a plug-in opportunity available the tools will help you figure out the test and say hey grab the encryption settings grabb the password settings right grab the branch protection settings the tools

can do that but again it requires a manual pass to say that hey this is this is the correct thing that that you need to do the evidence is where it sucks again right because the tools that I mentioned earlier you know the ones that that have an API connection it's only about 20 to 25% of an audit sadly like the remaining 75% is all documents it's like your Bood meeting minute it's like your code of conduct it's it's you know your Disaster Recovery policies um they they are not you know automated today um and that's like a huge subset of of what what's required for the audit and that's part of the company State and sometimes

you kind of go into like you know the rabbit holes of like slacks emails calendar invites back and forth you know communication just to gather that kind of evidence and then lastly we run out of charge when comes to you know the the reviews right like the when when you've submitted all your evidence then you're kind of just waiting like two three weeks for the CPAs to do their due diligence and that's a CPA only work today but we can we can uh we'll talk a little bit about the AI gen opportunity here which can help automate at least the drafting process of that report it's still needs a a review by like a partner

you know U at at the audit firm but the whole process of like putting that report together there's an opportunity there um to to automate that so if we think about it right like from start to finish you know we are spending like maybe two to three weeks in control mapping two to three you know further week in in validation two to three weeks in evidence testing and maybe like a couple weeks in in in the report generation phase so we are probably at around you know uh two to 3 months uh from start to end multiply that with the number of audits you do um a year and you could be you know stuck in this cycle uh pretty much the

whole year um now the approaches you know like that the tools have you know you could you could automate a lot of the evidence collection but again the remaining part is really hard to automate um and why is that hard to automate I mean there are two things one you might say training data yes I mean training data is a problem because you are not going to find data about like an organization internal repositories that uh you know you could basically use to to tune tune the model but that is not actually the hardest one right um the the hardest problem is domain expertise so the need for domain expertise here is the barrier to entry as far as the data itself is

concerned I mean the policies there are only so many templates right the disaster recovery policy incident response policy it can only differ in so many different ways so is the evidence for you know like okay what comprises a code of conduct what comprises you know like a whether or not the board of directors met that is a you know that is something that is within a small um you know Universe of permutations that exist for that data and so it is it is manageable to be able to fine tune a model to recognize that am I looking at the correct type of evidence right so from from from my standpoint the harder problem to solve is the domain expertise

because a successful co-pilot will have to mimic how an auditor thinks how it compliance professional things so essentially I'll have to just clone myself for example if if I'm if I'm that professional now that I believe is is the hard problem to solve and then obviously the generative AI aspect which is that if you have a document that is missing the co-pilot should be able to provide you a template that this is the template that I created for you this takes into account the state of your organization just review this and make sure that there are no missing missing details so that is another big step that that needs to uh that needs to happen um

so if you compare the blue pill versus red pill right so today the process is people intensive what if you take the red pill and start putting AI into it what you'll you'll move towards it being resource intensive today it's about information gathering and and kind of gathering the documents from different repositories uh with AI it's more about knowledge retrieval because that knowledge uh as we saw in the keynote is is already there you need to synthesize that knowledge in your in your organization repos from your organization repositories and make sure that it can be retrieved that to apply to that particular test and the evidence requirement um you move from Gap identification to Gap remediation so

after like you know three weeks of Gap assessment you get a report or a spreadsheet that says hey you are missing these policies and then you kind of engage another resource just to kind of draft those policies that is is an Overkill right so this model could advise you that okay you're missing this policy but by the way here's the template for this policy that is already pre-populated based on your organizational State and then whether or not a evidence actually meets your particular test requirements that is also something that can be validated because a lot of times when you are going back and forth with your Auditors they are saying hey I see this email for

the board meeting but it doesn't have the list of attendees or I see this email for the board meeting but it it doesn't really you know mention uh whether this particular topic got discussed or not all of these are things that can be you know you could use fine tuning for and you could you could basically say that these are the kinds of things that the correct evidence should have and you could at least take the first pass of that evidence and and put that in the in the you know audit ready bucket for somebody's review versus just waiting on someone to kind of do the first pass uh manually so those are all the things that that could

happen you know through smart validation again it's not completely automated validation there's human in the loop but it's smart validation because it's assisting the human in the loop and then lastly uh you move from a world where you do audits ad hoc to a world where they are repeatable so again that two to three month cycle and then having to do that like four times a year it just gets a lot more efficient if you don't have to spend that much time and that much money every time you have to go through the audit because remember there's knowledge retrieval happening and the audit requires the kind the tests and evidence required for multiple audits often overlap and so you get the benefit

of being able to leverage that across multiple audits okay um so now that um you know um you can you know make a decision to take the red pill or the blue pill so if you take the blue pill we we accept the status quo and don't move forward or you remain in the room and we we take the red bill okay so what what does that look like um imagine that you know you are going through your sock to audit and you are asked to basically provide you you need to know what are your comp what level of compliance uh do you have with your applicable obligations given your profile right so as an input you would you would uh tell

the model just like you talked to chat GPD today right you will say hey I'm a SAS company I'm in healthcare industry in the US region with EU customers and I accept payments right so simple prompts that you use today uh with with a chatbot you provide that you know your profile and then this model will also be preloaded with your existing state that state would be you know what I was alluded to earlier the the context in the 3 C's right it knows about your policies it knows about your you know uh ticketing provider it knows about your human uh human resource vendor or the tool that you're using because those are some of the common things right your

organizational charts your uh support tickets your identity management your cloud provider these are these right there and your internal document repository these right there are the five systems that are are the key to uh Gathering evidence so it has your profile it has your state and imagine a world where you you would ask the question what is my level of compliance with the applicable obligations and the output would be these are the controls you're fully satisfying these are the controls you are partially satisfying with an explanation of why you are partially satisfying them remember the board meeting example for example your control maybe missing the number of attendees or your control may be missing like a particular like area that did not

get discussed um or the whether you are not satisfying so for example it retriev your encryption setting and it says encryption is set to false right so those are the things um so but again what makes it hard is that our criteria has to be really really high our criteria of accuracy is that it has to meet that of a compliance professional okay um so here are a couple examples I I'm running out of time so I wouldn't dwell too much on this but essentially the goal will be to retrieve an item from a particular source so for example if it's asking for information security roles and responsibilities the test would be hey retrieve your role-based Access Control

Matrix from the policy DB and the reason it knows that is because it has scanned policy DB and it knows there's something called role-based Access Control Matrix and it has been trained to state that okay it contains the information that is needed to satisfy this control and there's really no need why this cannot be you know this this piece cannot be done because every year I go through this audit I do the same thing I go to the policy DB grab the r vist Matrix and attach it that's it that's what I do every year without fail um the second example here is in you know related to Unique IDs for information systems and networks this is this is very close to

you know what existing tools can do for you however exactly what setting to retrieve is a question that is a decision that needs to be made so your auditor or or your compliance professional would have said that hey go grab the I am policy setting and then the rest the tool does so in this case the agent should be able to make that decision because it knows that in that particular file it's going to find what's needed to satisfy satisfy the evidence um and then the next step is to apply the success criteria and again remember this is about decision making which tools don't do today so let's say your control says upon termination the

axis is removed it grabs the access review ticket because it understands your your environment and then it looks for the success criteria and then it says yes the ticket has been closed with a comment that access was removed or some other way that that indicates that it has been removed same thing with you know encryption address that's an easy one all you have to do is look for a Boolean but here's an example where it automatically will validate that it it's not just like hey I retrieved it I'm going to put it in the queue for for you know for someone to look at it and and then come back to me in two weeks yeah

you're good no you you're going to get that decision right away um so the big picture these are the requirements that you need to follow right um it's you know it's it's easier said than done so I do want to emphasize that that these are the requirements that we need to follow here which which makes it which makes it challenging so you need to be able to produce a canonical control list you need to be able to produce and validate the control mapping you need to be able to produce and validate the tests for those controls and then you need to be able to retrieve the documentary evidence and then remediate the gaps so these five requirements in a

nutshell are the big challenges that potentially agentic AI could address for you but hey this is not saying this is done but this is a starting point of the discussion that we need to we could be start we could start to think think about that so in the limited time that I have left I just quickly go over you know the architecture and the demo so essentially what I've tried to do is I've tried to use the 3p framework from AWS to kind of put this in perspective right so what is our it's a play pattern and primitive what's our Play We Are displacing the service with soft Ware and we are targeting high volume high

value work what's our pattern we have a compound AI system that uses AI agents and rag which is retrieval augmented generation we perform model Innovation using fine tuning and then we have an LM wrapper for prompt engineering and our primitive in in our case I mean it says Bedrock there because it's it's AWS but our primitive is uh gp4 um I'll probably just run through this really quickly because most likely you know the majority here would already know what retrial augmented generation is but just in a nutshell you are able to load the current state of your organization uh you know through by creating embeddings and putting that in a vector storage and then at the time of

retrieval you are able to um respond to the queries that takes into account the state of your organization um in other words creating your own knowledge creating your own know knowledge base that's exactly what what that is um and so for example an HR database ticketing database email database that all comprises your knowledge base and it gets create you know you create embeddings and it gets stored in a vector DB and then runtime you can also retrieve system settings um to kind of address the encryption and other kind of questions as well uh I'll take a few seconds just to talk about the fact that we need to make sure that we are also performing What's called the

uh you know human feedback like reinforcement learning through human feedback to avoid any biases and making sure that the model is actually producing the you know leaning towards making the correct decision because again decision making is is very sensitive I mean in this case it's not as sensitive as you know profiling and you know other kinds of like situations where you are approving you know applications for like um things that affect your fundamental rights but in this case um it's still decision making so you want to make sure that you you take more correct decision more often than not right and particularly with certainty right so that that's where you want to be um just a quick thing about

you know why AI agents so essentially this is this is why everybody's excited about AI agents at least that you know we can we can picture highly proficient agents enabling important work to get done far faster than today so I just want to say that because uh to mention that because it's not just you know something that I believe is going to happen it's something that you know I think the industry generally is kind of leaning in that direction is is going to happen and so this is one of the problems that that's going to enable for us um so our components are you know for rag plus AI agents we're using Lang chain uh that consists of a model and a

repository of standard controls and descriptions of company specific documents um we are using gp4 we tried some other models but gp4 give the best results we're using F uh as our inmemory storage um zero shot inference is is what we are zero shot approach is what we're doing for prompt engineering um I really want to get to the demo so I'm kind of skipping through this a little bit um this is the agentic architecture and again remember the key things here is the rigor of our traditional compliance and the power of generative AI right so we have this agentic architecture uh so we have a compliance repository we have embeddings from the control documents that gets through the

vector DB and then we have these agents that perform Gap analysis against the different um you know uh evidence documents like the policies the vendors and and all the other kinds of evidences and then we have the uh organization's policy documents that kind of feed into that so this is kind of the architecture that that we could we could use to implement this and now you know coming back to our initial question right this is the question that we wanted an answer for that you're a SAS company in healthcare industry in US region with EU customers that accepts payments so your co-pilot should be able to recognize that SAS maps to Sock 2 Healthcare maps

to Hippa in in us having EU customers means it immediately Ms to gdpr and accepting payments means PCI so without having to go into the acronym soup just in a natural language the user says that this is my profile tell me you know my level of compliance one it should be able to understand the applicable regulations and and Frameworks and then produce a list of controls that that is relevant to your environment and then retrieve the evidence for those controls and then give you like an answer how much of these controls you're meeting fully how much you're meeting partially and how much you're not meeting at all um so for example sock 2 has somewhere around 147 different

controls right and so this is this is what you're going to be faced with if you're dealing with you know let's say a sock to audit and you need to make sure that this is the right list for you you need to make sure that list list is tailored to your environment right so that's you know that if it takes that much to scroll imagine how much it takes to actually go through um this is Hippa right we have 50 controls uh for Hippa security and

then and then we have another 75 for hipop privacy right this is not easy on the eyes I I understand that uh that's part of the motivation right and then you have PCI it has 367 I'm not even going to wait for that so so here's what we did right so your Acme Corp you upload your data um I mean you have the option to specify you know the control Frameworks but it will get that on its own even if you don't you put the systems that you're using um and then it it'll spit out the controls that you know apply to you so in doing so it already uh took into account the you know

overlaps between Hippa Saku and everything so for example this is you know these are the sock 2 controls and the remaining are Hippa controls but it already accounted for the overlaps for you and then in the next stage it's going to check the compliance for you so we only did it like partially just to give you an idea you know not not for everything but let's say that if if you are partial it will tell you okay what what is the reason that the model you know determine that you're partial um so that that is essentially where we are um I think that leaves me like 50 seconds to just show you the screens so this is

you know this is the control mapping where you know you kind of set up the tool you kind of give it the you kind of create the agent give it the prompt and then this is the evidence testing where we H where you have the different rules and you kind of give the prompt and then the agent responds by telling you that these are the reasons why certain evidence does or does not meet um particular requirements um so the next steps here could be you know you want to scale this for production use cases trying to use smaller llms that can be deployed securely uh moving from an inmemory to like a you know proper

Vector database um incorporate Advanced promper engineering methods and also incorporate you know generative techniques so that you could create policy templates but like I said this is just a start right this is just a way for us to move from what's compliance today to what compliance could be with AI um yeah and here's a link to you know here's how you could reach me on LinkedIn and here's a blog post that describes that but but that's that's what I had um happy to have any questions if you if you have all right let me question SCE um not not yet no it's not like in a in a in a a format right now where we can um

let uh people you know completely depend on it so we're still working to make it more reliable did you use um party rock or Bedrock for the control mapping and to be able to surface that or tap into the knowledge base to be able to do faster control mapping I was just curious um so is your question whether you used an AWS tool to do that yeah no so we actually used uh L chain plus uh gp4 we use that combination I I only use the 3p framework from AWS to kind of just uh provide the perspective of like the yeah like the plays The Primitives and the patterns like that's just a clean way to organize this thing

conceptually but we didn't use AWS tooling right any other questions all right yeah uh yeah the slides will be posted uh slides will be on online in a few weeks slides will be posted online and then this blog post here also kind of goes over uh basically describes the architecture and and the the the problem and the solution so it's it's a written version of what what I talked about yeah online besides yeah if you go to bsides SF uh you'll see the recording as well on YouTube yeah I'm in the Bay Area yeah yeah yes I do all right thank you so much thanks for staying all right thank you