Design and Implementation of a Multi-Agent Threat Intelligence Assistant based on Generative AI
Francesco Saccone, Alessandro Manzi, Andrea Di Sorbo, Elisa Costante, and Corrado Aaron Visaggio
Cyber threat intelligence programs are systems aimed at supporting the daily activities of cybersecurity analysts. However, most of the existing tools are unable to provide accurate information. To fill this gap and provide analysts with information based on verified data, we propose an interactive assistant leveraging generative AI techniques and their large language models (LLMs) to identify and categorize information related to threat actors based on open-source intelligence (OSINT). Users can interact with the assistant through a simple chat interface, asking questions in natural language. Based on the user’s question, the assistant (i) queries a large knowledge base containing information about numerous threat actors collected from multiple OSINT sources and (ii) processes the response to make it comprehensible to the end user. The assistant, enabled with LLM capabilities, can also be used to generate summaries from reports published by cybersecurity researchers or extract specific information from them. A preliminary evaluation, conducted with experts in the field, demonstrates the effectiveness of the implemented assistant in supporting the daily activities of cyber threat analysts.
