We’re always looking for ways to implement new technologies into our services and solutions, particularly if that enables us to deliver a better experience to our customers.
In the area of Cyber Threat Intelligence (CTI), our focus is on helping customers understand the evolving threat landscape. This typically involves providing relevant and actionable insights based on a wide range of information, which is of course a task that Artificial Intelligence (AI) is well suited to.
Over the past year, we’ve been exploring multiple potential use cases of the latest AI technologies that are relevant to our products and customers – one being how we can improve the generation of cyber threat intelligence. So, in 2023 we released innovative new ‘AI Search’ functionality in our Cyber Threat Intelligence Portal based on OpenAI.
Enhancing search
This functionality is akin to a Query and Answer service, providing summaries of content that already exists in the portal. Users can simply ask questions related to threat intelligence and receive detailed answers supported by insights from our reports and threat actor dossiers, making it easier and faster for customers to obtain insights on today’s cyber threats. Questions can be asked in any language, with answers also given in the same language specified.
After submitting a question, the interface:
- Confirms the question
- Provides the generated answer
- Offers a way to provide feedback (i.e. ‘is the response good or bad?’)
- Offers a form to submit the question and answer to our Threat Intelligence experts for validation
- Provides links to the reports which were used to generate the answer
It uses a type of AI architecture known as Retrieval Augmented Generation (RAG) and is a way of leveraging both an existing knowledge-store and a Large Language Model (LLM). The initial AI search functionality was powered by an instance of OpenAI's GPT-3 model which we’re now upgrading to the latest GPT-4. Our approach ensures that the questions asked remain private and are not shared or used in any capacity to train or influence the model itself.
Key to enabling this innovation has been our collaboration with Microsoft, with whom we we signed a strategic agreement earlier this year. As well as giving us early access to the OpenAI API in Azure Cognitive Services, Microsoft’s team supported the development by sharing their thoughts on how the functionality could be improved.
“Our collaboration with BAE Systems is all about delivering tools that leverage advanced technologies to help users make sense of vast pools of information and use data more effectively. This Threat Intelligence search functionality is a simple yet impactful example of this mission in action. We’re proud to see BAE Systems Digital Intelligence using our Azure cloud services to help their customers defend and protect themselves against the latest cyber threats.”Angela Heise, CVP Worldwide Public Sector, Microsoft
Speaking about the innovation, Microsoft’s Angela Heise, CVP Worldwide Public Sector, said: “Our collaboration with BAE Systems is all about delivering tools that leverage advanced technologies to help users make sense of vast pools of information and use data more effectively. This Threat Intelligence search functionality is a simple yet impactful example of this mission in action. We’re proud to see BAE Systems Digital Intelligence using our Azure cloud services to help their customers defend and protect themselves against the latest cyber threats.”
Forging ahead
Developing this functionality took around four months of experimentation, followed by six sprints from our portal development team. Of course, it’s not yet perfect. The AI is still being tuned and users need to be able to ask a well-formed question to get value out of the system, so there are still improvements we can make.
But it represents a tangible step on our continuing AI journey. We’re also looking at how we can use AI to accelerate report generation as part of our teams’ standard workflows and build complex queries for our structured data. The latter is specifically related to queries that involve multiple components, such as ‘the number of instances of X attack within Y data ranges across Z regions’.
But it’s not all about us here in the cyber security area of the business. The knowledge gained by our engineers on this project is now flowing into other AI projects, both within BAE Systems Digital Intelligence and in other sectors across the wider BAE Systems Group. As a company, we will continue to build and evolve using the latest AI technologies and capabilities – always in pursuit of providing our customers with an information advantage.
We believe that strong digital defences come from security of both the Enterprise and the Nation
Understand the evolving threat landscape is a key part of maintaining robust defences. BAE Systems' Threat Intelligence team generate original insights through research and collaboration with customers and partners