CyCognito announces AI features to enhance attack surface asset discovery and testing

May 13, 2024
CyCognito’s new AI Search enables users to conduct plain language searches across any aspect of a customer’s attack surface without needing to learn and use proprietary query languages.

CyCognito today announced a major expansion of its leading Exposure Management platform. The latest enhancements introduce new AI search, enabling plain language queries across any customer's attack surface, as well as the ability to process financial information from multiple countries in multiple languages to extract and analyze organizational data. CyCognito now also translates machine-readable signals into human-readable statistics and labels.

“Our goal with this release is to put AI in the hands of our customers so they can accelerate assessments and reduce their time to remediation,” said Ansh Patnaik, Chief Product Officer, CyCognito. “Each of these features builds on CyCognito’s expansive AI foundation and reflects the company’s years of expertise applying AI to cybersecurity.”

AI Search: Simplifying Cyber Exposure Analysis

CyCognito’s new AI Search enables users to conduct plain language searches across any aspect of a customer’s attack surface without needing to learn and use proprietary query languages.

By integrating Large Language Models (LLMs) with Generative Pre-trained Transformers (GPT), AI Search translates simple, plain language queries into the CyCognito CyQL query language, making advanced data interrogation accessible to all users. For instance, a user could simply ask, “show me all of my exploitable e-commerce servers with personally identifiable information” and the system would show all of the corresponding assets.

The feature simplifies cybersecurity exposure management by allowing users to query data about their assets without needing prior knowledge of CyCognito CyQL query syntax, maximizing both simplicity and accessibility. It also handles a wide range of security inquiries.

Financial Evidence Collection: Enhancing Data Interpretation

CyCognito can now process financial information sources from multiple countries in various languages to automatically extract and analyze data about organizations and their interconnections.

By leveraging a large language model (LLM), the new capability gathers insights from financial reports, news sources and websites to provide greater context on any given entity, and its relationships to other organizations.

This feature enhances CyCognito’s seedless asset discovery and organization mapping capability by improving the accuracy of information security teams receive about the organization, which ultimately reduces administrative workload for human analysts.

Translation to Human-Readable: Expanding Contextual Understanding

CyCognito now uses AI to translate machine-readable signals into human-readable labels and statistics. This provides even more context into an organization’s assets in order to better understand their environment.

Building an attack surface map for an organization requires scanning thousands of different types of devices and interpreting the signals they send back. These signals are long strings that contain binary data and symbols that are hard for humans to interpret. Cycognito’s AI capabilities automatically produce insights into the business use and ownership, replacing the tedious, manual inspection process previously required to translate this data. Device information is also used to configure device security tests for CyCognito’s automated black box pentesting service.

"Security analysts often have to sift through noise and mountains of inaccurate information to get the answers and context they need to mitigate risk,” said Dima Potekhin, CTO and co-founder, CyCognito. “The issue is that the internet is full of contradictory information, which Generative AI amplifies, which leads to hallucinations, and later to making ill-formed decisions. Using advanced techniques like Bayesian ML models, our platform is able to rigorously test and verify data, allowing us to deliver accurate information to customers. This new release significantly elevates cybersecurity intelligence standards for organizations."

Since its founding, CyCognito has leveraged AI to power robust and accurate attack surface discovery and testing. In addition to the techniques above, the platform uses Bayesian machine learning, natural language processing (NLP), and graph data models. For more details on how CyCognito uses AI, please visit www.cycognito.com/ai