August 21, 2024 at 11:00AM
LinkedIn, responsible for a billion global users and a large hardware estate, seeks an effective vulnerability management system to counter cybersecurity threats. By developing the Security Posture Platform (SPP) AI project, it aims to harness the power of AI to create a single source of truth for its assets and streamline security processes, achieving 85%-90% accuracy with GPT-4 models.
After reviewing the meeting notes, the key takeaways include:
1. LinkedIn has taken on the responsibility of managing a billion global users across a vast hardware estate in the face of increasing cybersecurity threats, emphasizing the need for an effective vulnerability management system to mitigate potential disasters.
2. To address these challenges, LinkedIn decided to develop the Security Posture Platform (SPP) AI project, leveraging AI to create a comprehensive real-time repository of data for identifying vulnerabilities and predicting attack paths, as well as providing natural language responses to security-related queries.
3. The SPP AI project makes use of a Security Knowledge Graph to centralize data from multiple sources and uses gen-AI models to navigate and mitigate vulnerabilities, maximizing the efficiency of mapping security engineers’ queries to the knowledge graph.
4. LinkedIn’s approach to AI emphasizes the symbiotic relationship between AI and human engineers, aiming to enhance the productivity and insights of the security team rather than replacing human involvement.
5. The project has shown significant improvement in accuracy, with the current generation of GPT-4 models achieving 85%-90% accuracy, and emphasizes the importance of continuous fine tuning to reduce errors and misinterpretations.
6. The development philosophy is DIY AI, facilitating LinkedIn’s ownership of the entire project, including the knowledge graph, gen-AI models, and prompts, to enable effective correction of errors and interpretations.
7. The resulting vulnerability management system allows the security team to access a single source of truth for real-time data and receive immediate natural language responses to security queries, significantly enhancing their ability to protect the global user base and infrastructure.
For further details, LinkedIn’s Sagar Shah and Amir Jalali have published a blog providing additional information on the SPP AI project.