| CPC H04L 63/1441 (2013.01) [G06F 16/345 (2019.01); G06F 21/552 (2013.01); G06F 21/554 (2013.01); G06F 21/566 (2013.01); G06F 40/103 (2020.01); G06F 40/154 (2020.01); G06F 40/56 (2020.01); G06N 3/0475 (2023.01); H04L 41/16 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); G06F 2221/034 (2013.01)] | 18 Claims |
|
1. A threat mitigation platform comprising:
an agent subsystem, comprising at least one processor coupled with a memory device, including one or more agents executed on one or more security-relevant subsystems, wherein the one or more agents are configured to generate an initial notification concerning a security event within a computing platform;
a generative AI-based planner subsystem including a plurality of generative AI models, wherein one or more of the plurality of generative AI models are configured to receive the initial notification and generate a mitigation plan to address, in whole or in part, the security event within the computing platform, including selecting a generative AI model from the plurality of generative AI models within a model repository based upon, at least in part, operation requirements;
an executor subsystem including the selected generative AI model, wherein the selected generative AI model is configured to iteratively process the mitigation plan to generate an output, wherein the selected generative AI model is further configured to utilize one or more tools to process the mitigation plan, wherein the one or more tools include:
a decompression tool to decompress a compressed initial notification; and
an identification tool to identify an owner of a domain associated with the initial notification; and
an output formatter subsystem including a large language model, wherein the large language model is configured to format the output and generate a summarized human-readable report for the initial notification.
|