Do robots dream of secure networking? Teaching cybersecurity to AI systems

Do robots dream of secure networking? Teaching cybersecurity to AI systems

/in
  • This blog explores how to equip autonomous AI agents with cybersecurity knowledge, enabling them to make informed decisions about internet safety, such as identifying trustworthy links and websites.
  • It demonstrates a proof of concept using LangChain and OpenAI, integrated with the Cisco Umbrella API, to provide AI agents with real-time threat intelligence for evaluating domain dispositions.
  • By learning to assess the safety of domains, AI agents can develop better cyber hygiene, making more intelligent decisions rather than simply being restricted by security gateways, which is crucial for the next generation of autonomous AI systems.

Do robots dream of secure networking? Teaching cybersecurity to AI systems

In the late 1960s, the science fiction author Philip K. Dick wrote “Do Androids Dream of Electric Sheep,” which, among other themes, explored the traits that distinguish humans from autonomous robots. As advances in generative AI allow us to create autonomous agents that are able to reason and act on humans’ behalf, we must consider the human traits and knowledge that we must equip agentic AI with to allow them to act autonomously, reasonably, and safely. 

One skill we need to impart on our AI agents is the ability to stay safe when navigating the internet. If agentic AI systems are interacting with websites and APIs in the same way as a human internet user, they need to be aware that not all websites or public APIs are trustworthy, and nor is user supplied input. Therefore, we must empower our AI agents with the ability to make appropriate cyber hygiene decisions. In an agentic world, it is for the autonomous agent to decide if it is safe and appropriate to “click the link.” 

The threat landscape is constantly shifting, so there are no hard and fast rules that we can teach AI systems about what is a safe link and what is not. AI agents must verify the disposition of links in real time to determine if something is malicious. 

There are many emerging approaches to building AI workflow systems that can integrate multiple sources of information to allow an AI agent to come to a decision about an appropriate course of action. In this blog, I show how it is possible to use one of these frameworks, LangChain, with OpenAI to enable an AI agent to access real-time threat intelligence via the Cisco Umbrella API. 

Prerequisites 

To implement this example you will need API keys for Cisco Umbrella and a paid OpenAI account. 

  1. Obtain a new API key from OpenAI account with available credit. The key will not work if you have a free, unfunded account. 
  2. Obtain a Cisco Umbrella API Key and Secret by following these steps. Be sure the check the “Investigate” box for the Key Scope. 
  3. Save your keys as shell environment variables named “OPENAI_API_KEY”, “UMBRELLA_KEY” and “UMBRELLA_SECRET” (e.g., export  UMBRELLA_KEY=”nnnnnnnnnnnnnnnnnn”).

Code 

Follow along with the full sample code, which can be found in Talos’ GitHub repository

First, we need to describe the tool to the AI agent.

Do robots dream of secure networking? Teaching cybersecurity to AI systems

Then we include the newly described tool in the list of available tools.

Do robots dream of secure networking? Teaching cybersecurity to AI systems

Next, we create the large language model (LLM) instance that we will use. This example uses GPT-3.5-Turbo from OpenAI, but other LLM models are supported.

Do robots dream of secure networking? Teaching cybersecurity to AI systems

Now, let’s give instructions to the LLM, describing what the LLM should do using natural language structured in a Question, Thought, Action, Observation format. 

Do robots dream of secure networking? Teaching cybersecurity to AI systems

Create the agent and the executor instance that we will interact with.

Do robots dream of secure networking? Teaching cybersecurity to AI systems

As part of querying the Umbrella API, we must obtain a session token to pass to the Umbrella API with our request. This is obtained from an authentication call using our API key and secret.

Do robots dream of secure networking? Teaching cybersecurity to AI systems

Next, let’s define the tool that we have described to the AI system. It accepts input text as a parameter and checks for the presence of any domains. If any are found, the disposition of each one is checked.

Do robots dream of secure networking? Teaching cybersecurity to AI systems

The key functionality within the above code is “getDomainDisposition” which passes the domain to the Umbrella API to retrieve the disposition and categorization information about the domain.

Do robots dream of secure networking? Teaching cybersecurity to AI systems

We can now pass input text to “agent_executor” to discover the agent’s opinion.

Do robots dream of secure networking? Teaching cybersecurity to AI systems

This gives the response:

Agent Response: www.cisco.com is safe to browse.

Reassuringly, the agent reports that “cisco.com” is safe to connect to. If necessary, we can output the domain disposition report to see the logic by which the system arrives at this conclusion:

This contains a URL. Considering www.cisco.com. The domain www.cisco.com has a positive disposition. The domain www.cisco.com is classified as: Computers and Internet, Software/Technology. Known malicious domains are never safe, domains with positive disposition are usually safe. A domain with an unknown disposition might be safe if it is categorized.

Let’s try a different domain which is known to be malicious.

Do robots dream of secure networking? Teaching cybersecurity to AI systems

“Agent Response: do not connect”

When provided with a known malicious domain, the system identifies that the domain has a negative disposition and concludes that this is not a domain which is safe for connection. 

Now let’s try input text with two domains.

Do robots dream of secure networking? Teaching cybersecurity to AI systems

“Agent Response: www.umbrella.com is safe to connect to. test.example.com has an unknown disposition, so it is uncertain if it is safe to connect to.”

The system is able to provide separate advice for each domain when supplied with input containing a domain with a positive disposition and one with an unknown disposition. 

Finally, let’s see what happens when we pose an unrelated question without any domains.

Do robots dream of secure networking? Teaching cybersecurity to AI systems

“Agent Response: no opinion” 

Examining the logic shows that the system made the correct decision not to attempt to answer the question. 

No URLs found. Since no internet domains were found in the user input, I have no information to assess the safety of any websites.

Discussion 

This is very much proof-of-concept code, but it does show how we can integrate APIs offering real-time authoritative facts, such as the security disposition of domains from Umbrella, into the decision making process of AI agents. 

There are other approaches that we can use to arrive at the same result. We could put the AI agent behind a web security gateway or require the agent to use Umbrella DNS, which would enforce the restriction not to connect to malicious sites. However, to do so removes the ability for the AI agent to learn how to make sense of potentially conflicting information and to make good decisions. 

The current generation of LLM-based generative AI systems is only the beginning of the forthcoming advances in autonomous agentic AI. As part of building this next generation of AI systems, we need to ensure that they not only make good decisions, but understand cyber hygiene and have access to real-time threat intelligence on which to base their decision-making. 

Cisco Talos Blog – ​Read More