A Conversation With Ariful and Jakub

I sat down with Ariful and Jakub to chat about how Exaforce uses AI agents to handle core security operations tasks like detection, triaging, and response. We also get into the weeds on why you can't just point AI agents at a massive data lake and actually expect them to defend your environment. What we talk about: Scaling Security Operations: How their platform helps organizations of any size get their security operations running in days, effectively turning a small team of analysts into "superhumans". The Four Pillars of the SOC: The ways their AI agents handle the four primary tasks in security operations: detections, triaging, investigations, and response. AI Strengths vs. Traditional ML: Why they intentionally use traditional machine learning for heavy-lifting tasks like statistical anomaly detection, and save LLMs for the human-like reasoning required in triaging. The "Data Lake" Trap: Why you can't just point an AI agent at a massive data lake and expect results, and how their "semantic data model" solves this by building historical baselines. AI Stack vs. AI Stack: The reality that attackers are already using teams of AI agents to find exploits, and why defenders need a similar infrastructure to level the playing field. 00:00 - Introduction. 01:55 - Different types of agents and SOC tasks. 03:13 - Approaching detection engineering. 06:36 - Creating custom detections using natural language. 08:02 - Transitioning from detections to triaging alerts. 11:11 - Incorporating specific business context and threat models. 13:32 - Automated learning and knowledge models. 14:41 - Overlaying agents onto various attack surfaces. 16:06 - Creating custom honeypot campaigns for insider threats. 17:53 - Agent assignments vs. the "data lake trap". 20:13 - Data ingestion and the semantic data model. 22:21 - Attackers using AI and the future of AI warfare. 24:04 - The company's future roadmap and platform vision. Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at: https://danielmiessler.com/upgrade Follow on X: https://x.com/danielmiessler Follow on LinkedIn: https://www.linkedin.com/in/danielmiessler/