Building Cybersecurity AI Assistant Using LLMs

This white paper outlines the development of an AI Assistant designed for defensive cybersecurity, leveraging Large Language Models (LLMs) to enhance the efficiency of security analysts. The paper discusses the challenges posed by the evolving threat landscape and the necessity for a chatbot that aids practitioners in navigating a standardized cybersecurity framework, specifically focusing on the MITRE framework. It details the lifecycle of creating a Retrieval Augmented Generation (RAG)-based AI Assistant, which includes data collection, preprocessing, and embedding processes. The paper also emphasizes the importance of maintaining an extensive and accurate dataset sourced from the MITRE ATT&CK STIX repository to ensure the AI Assistant provides relevant and timely responses. Additionally, it describes the criteria for selecting appropriate LLMs and the evaluation process to ensure the chosen model meets the needs of cybersecurity queries. The paper concludes with a discussion on the architecture of the RAG system, which integrates advanced language models with information retrieval techniques to deliver precise answers.