AI Model PoC for Pentesting Automation

About Our Customer

The Customer is a North American provider of penetration testing services.

Need for AI Capabilities to Automate Network Penetration Testing

To provide penetration testing services, the Customer uses a proprietary tool that scans the client’s network and devices (e.g., PCs, laptops, printers) and identifies common vulnerabilities and exposures (CVEs). The cybersecurity team used the acquired data to exploit the vulnerabilities and outline remediation measures. As the Customer started gaining more clients, it decided to automate attack vector creation and simulation via AI capabilities. The Customer turned to ScienceSoft as a vendor with 35 years of experience in AI software development and 20+ years in penetration testing services.

Eliciting Requirements for the AI Model

To elicit the requirements for the AI model, ScienceSoft’s business analysts conducted requirements workshops with the Customer’s stakeholders and subject matter experts.

The Customer wanted the AI model that would automate network penetration testing to the fullest by generating and simulating attack vectors based on CVEs identified by the testing tool.

Considering the complexity of the AI model and its innovative character, it was agreed to start with a Proof of Concept (PoC) that would cover basic attack vector generation and simulation functionality. Based on the results, a full-scale version of the model would be planned.

Developing the PoC of the AI Model

ScienceSoft’s data scientists decided to build a custom large language model (LLM) as it demonstrates excellent self-learning results. The model was built, trained, fine-tuned, and deployed using Python programming language and PyTorch machine learning library. The dataset was based on the free and paid libraries of CVEs, exploits, payloads, and remediation measures. Our team integrated the model into the Customer’s pentesting tool, performed attack simulations, evaluated the accuracy of the generated attack vectors, and adjusted the model based on the results (tuned hyperparameters and updated model weights). Then, the team performed multiple rounds of attack simulations and the corresponding model updates until the model reached sufficient accuracy.

Since the model was trained on a large amount of data and was fine-tuned based on real-world attack simulation results, it is now able to self-learn with each new iteration and will be able to generalize to unseen scenarios in the future.

The AI-enhanced pentesting tool works as follows:

The tool identifies network infrastructure components and CVEs and sends relevant data to the AI model that generates optimal attack vectors. The pentesting tool simulates the suggested attacks and provides the model with information on how network endpoints reacted to them. The AI model uses this data to generate new attack series. The iterations continue until all weak points of the network are identified. If the network has no vulnerabilities, the model triggers the relevant notification. The full-scale version of the AI model will be trained enough to perform complete network testing within a few iterations.

AI Model PoC Ready in 12 Weeks

In 12 weeks, the Customer received a PoC of a self-learning LLM model for automated attack vector generation. The model enables the simulation of cybersecurity attacks relevant to the network components and CVEs identified by the Customer’s pentesting tool.

Integrated into the Customer’s penetration testing tool, the model will allow the Customer to serve multiple clients simultaneously and detect network vulnerabilities faster and with more precision.

Technologies and Tools

Python, PyTorch.