1、#SECTORCA BlackHatEventsNot-So-Secret Agents:Deploying AI to Optimize Security OperationsJimmy Astle#SECTORCA BlackHatEvents cat/etc/speaker_profileDirector,Machine Learning at Red Canary(a Zscaler company)16 years of extensive experience in incident response,threat intelligence,endpoint security R&
2、D,and cyber security testing.Passion for Blue/Red Teaming and scaling security operations via ML/AINot-So-Secret AgentsNot-So-Secret AgentsDeploying AI to Optimize Security Deploying AI to Optimize Security OperationsOperations#SECTORCA BlackHatEventsAgenda The Foundation:Agentic AI vs.Automated Wor
3、kflows The Recipe:Building the Core of an AI Agent The Orchestration:Connecting Agents with LangGraph Live Demo:The AI Analyst in Action The Payoff:Measuring Speed,Accuracy&Value Conclusion&Q&ANot-So-Secret AgentsNot-So-Secret AgentsDeploying AI to Optimize Security Deploying AI to Optimize Security
4、 OperationsOperations#SECTORCA BlackHatEventsQuick Agents Intro#SECTORCA BlackHatEventsCase SummaryLessons/KBGap FinderDetection GeneratorResponseApproval OrchestrationForensics Collection&AnalysisIOC LookupsEntity/AssetExposure/Vuln AssessmentsDedup/ScoreFirst-LookQueue routingWhat are Agents?Jobs
5、to be done in the SOCCorrelate+TimelineQuery/HuntingRoot Cause“What are Agents?AI systems that can think and act like an analystusing reasoning and tools to autonomously achieve complex security goals.”Intake/TriageEnrich/ContextInvestigateRespond/Orch.Learn/ImproveBlue-Classic Automation Red-AI Aug
6、mentationNot-So-Secret AgentsNot-So-Secret AgentsDeploying AI to Optimize Security Deploying AI to Optimize Security OperationsOperations#SECTORCA BlackHatEventsAgent Operating Models#SECTORCA BlackHatEventsAgent Mode 1:The CopilotAgent Mode 1:The CopilotHuman Control Level:HIGHThe analyst is always