Nexusflow, a new AI application developed by two University of California, Berkeley professors and an AI developer, is aiming to enhance cybersecurity automation by incorporating natural language queries and improving automated responses. The company, founded by UC Berkeley professors Jiantao Jiao and Kurt Keutzer from the Berkeley AI Research (BAIR) Lab, along with Jian Zhang, formerly of the Stanford AI Lab, is positioning itself as a valuable tool for security operations centers (SOCs) to identify and automate decision-making and workflows.
Traditionally, AI applications have been limited by their existing knowledge when responding to new data. However, Nexusflow takes a different approach by allowing the decision-making function to identify situations where it lacks existing experience. It can then query external databases for answers or request instructions from human experts on how to proceed. This approach enables the software to make decisions intuitively based on examples and postulation, rather than solely relying on known data.
To train the AI application, the software learns about various APIs and applications by effectively reading manuals and synthesizing fragmented information from different sources. Analysts can also teach the software how to solve specific problems, and the application learns from those examples. Multiple samples of solutions to problems are provided to the application, allowing it to incorporate that data and learn how to solve new problems based on how similar problems were resolved in the past.
The ultimate goal of Nexusflow is to enable the program to carry out extensive analytic work across multiple networks based on a simple request from a security analyst. For example, the program could accept a natural language request like “Review my cloud configuration and make sure I have no bit buckets exposed” and perform the necessary functions.
Nexusflow leverages its own open-source large language model (LLM) called NexusRaven-13B. The company claims that this model achieves a 95% success rate on CVE/CPE search tools and VirusTotal, surpassing the performance of GPT-4, which achieves only a 64% success rate.
The application of Nexusflow extends beyond traditional security orchestration and automation (SOAR) tools. While existing SOAR tools improve decision response in SOCs, they often struggle when faced with unknown situations, requiring human analysts to handle mundane functions. Nexusflow aims to further automate these responses by utilizing natural language queries and databases, with the support of human experts when needed to clarify a response or provide training to the application.
From a cybersecurity perspective, Nexusflow offers an advantage over consumer-class ChatGPT products that rely on public clouds. Nexusflow is self-contained, allowing corporations to ensure that confidential data remains protected and inaccessible to potential competitors or unauthorized individuals. This is particularly important for organizations that require highly confidential data to remain in on-premises data centers. Nexusflow can be deployed in either a local data center or a private cloud, providing flexibility to suit different organizational needs.
Nexusflow recently emerged from stealth mode and has secured $10.6 million in seed funding led by Point72 Ventures, with participation from Fusion Fund and several AI industry executives from Silicon Valley. The funding will be utilized for software development, acquisition of test equipment and software testing infrastructure, and overall company growth.
In summary, Nexusflow is demonstrating the practical application of large language models in enhancing cybersecurity automation. By incorporating natural language queries, databases, and the ability to learn from examples, Nexusflow aims to improve decision-making and automate workflows in security operations centers. With its self-contained architecture, Nexusflow offers a secure solution for organizations looking to leverage advanced AI functionality while protecting their confidential data.