National Lab Makes Science and AI-Enabled Cybersecurity Move Faster

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points. Vithala praised the PNNL team, saying that working with them provided access to world-class research and development and allowed the company to build upon foundational science that would take years to develop independently. “The PNNL team provides deep domain expertise that ensures our threat intelligence knowledge substrate is robust,” he said. He added that the PNNL team helped his company navigate the rigorous federal licensing process.

Halappanavar reported that others within PNNL use the technology for government-sponsored work, and that, along with PNNL and the Department of Energy, the Defense Department has provided some funding for the research.

He outlined planned improvements from both research and operations perspectives, including tackling that missing information problem he mentioned earlier in the interview. “We are also developing tools where we can embed it in a different space and ask these questions that can still find you answers when there is missing information.”

It works by embedding entities, such as vulnerabilities and weaknesses, as well as relationships. “We can say that this attack mechanism exploits a given vulnerability. So, the exploit is the relationship, and the attack mechanism and vulnerabilities will be the entities. We take all of this information and embed it in some space where we can still ask the same question, and even though we did not have information, you can still extract good information back.”

That is for the research. For the non-research perspective, the goal is to continue integrating MERU into PNNL’s cyber operations. “The next main thing is to actually deploy it in production and have it being used on a regular basis,” Halappanavar offered.

Additionally, the PNNL team has developed a graph retrieval augmented interface, often referred to as a graph RAG, which allows more conversational questions. “You can ask questions in simple conversational style, English or a high-level language, and it would go back and convert it into these queries and come back with the information, and it will build you a structure around so you can have a conversation with the database itself,” Halappanavar added. “We have that fully working as well, and we are trying to add in new information to different sources and trying to keep it updated as we go forward.”

Asked what they would like to add at the end of the interview, Aguayo noted that AI lowers the skill level and accelerates timelines for attackers, so AI-enabled defense tools can help keep pace with the threat but do not change the need for basic cybersecurity. “You still have to manage your attack service, have an inventory, check things regularly, fix things regularly, enforce zero-trust principles. The fundamentals of cybersecurity don’t change, but this type of approach allows you to speed up and to keep pace with the rate of change.”

And Halappanavar stressed that defenders should remain aware of the various threats and address the most severe concerns. “A human could perform only so many tasks in a day, but now with AI automation, it’s becoming much broader and faster. What really helps is to know your own systems really well, what vulnerabilities we have, and know what threats are being active right now.”