1、#SECTORCA BlackHatEventsFrom Days to Hours:Accelerating Cyber Threat Response with AI AgentsYuval Zacharia#SECTORCA BlackHatEvents$WHOAMI Chess nerd7+years at 8200 Ex-Director of R&D,Security Research&AI Hunters AI AI fanatic Building Building Yuval Zacharia#SECTORCA BlackHatEventsAGENDA Motivation
2、System architectureDEMO!EvaluationThe future#SECTORCA BlackHatEventsWHATS COMING NEXT?Chrome Extension Threat Campaign-(Cyberhaven&more)CVE-2025-30066:tj-actions Supply Chain Attack6M Records Exfiltrated from Oracle Cloud affecting over 140k TenantsCVE-2024-3094:XZ Utils backdoor CVE-2025-1974:Ingre
3、ss NightmareShai Hulud WormChrome Extension Threat Campaign-(Cyberhaven&more)LummApp Threat CampaignSilk Typhoon campaignCVE-2025-31324:SAP Visual ComposerCVE-2025-53770&CVE-2025-53771:ToolShell(SP)#SECTORCA BlackHatEventsTHE THREAT LIFECYCLEFirst DiscoveryPublic Disclosure/Recognition Official Patc
4、h Release/Mitigation GuidanceFull Mitigation?Days7-14 Days80-100 DaysBlack RiskPhaseGrey RiskPhaseWhite RiskPhase#SECTORCA BlackHatEvents“GPT4 was able to correctly exploit one-day vulnerabilities 87%of the time”#SECTORCA BlackHatEvents#SECTORCA BlackHatEvents#SECTORCA BlackHatEventsBusiness Context
5、Threat Identifier AgentThreat Analyst AgentThreat Hunter AgentSocial Social MediaMediaTrendsTrendsNeural/Semantic/KeywordsGet Full ContextPromptPrompttotoSQLSQLFINAL OUTPUTFINAL OUTPUTThreats SummaryQueries&CommsInputInputIdentified ThreatsIdentified ThreatsPrioritized ThreatsPrioritized ThreatsRAGR
6、AGThreat Hunting Threat Hunting QueriesQueriesLLM ClusteringLLM Clustering#SECTORCA BlackHatEvents“Characterizing Social Media Messages About Vulnerabilities:A Case Study of Twitter and Reddit”by Isuru S.Horawalavithana,Anurag K.Suri,et al.First DiscoveryPublic Disclosure/Recognition Official Patch