November 7, 2024

The Story of BIX, a Specialized AI Agent for Cybersecurity, Built with NVIDIA AI

 BIX isn’t just an AI assistant—it’s a game-changer in cybersecurity. With BIX, organizations can instantly get clear, actionable answers on everything from vulnerabilities to threat analysis and risk mitigation, transforming massive data into precise insights, risk reduction strategies with quantifiable ROI.

But how did this revolutionary AI come to life?

It all started back in 2017 when Balbix turned to NVIDIA accelerated computing to reshape the cybersecurity landscape. Showcased at the Gartner Security and Risk Conference, Balbix’s early AI models could answer critical questions like:

  • “Where will the attack start?”
  • “What will they go after?”
  • “How will the attack propagate?”
  • “What mitigations will stop the attack?”
  • “What impact will the attack have?”

Balbix Value Prop, Circa 2017

While this was a significant advancement at the time, the AI technology wasn’t yet mature enough to support the dynamic, conversational experience that BIX offers today.

The Evolution of AI Technology

Creating BIX required more than small improvements—it needed a complete evolution in AI technology. While our early models offered insights, they lacked the deep enterprise context and interactive capabilities essential for a seamless experience. With the help of NVIDIA AI, we transformed the AI technology stack behind BIX:

Developing Specialized AI Models

Given the complexity of cybersecurity, we built over 100 specialized AI models, each tackling a specific area of cyber risk management:

  • Asset Inventory Models: Automatically discover and catalog assets, systems, applications, and their relationships for a comprehensive view of the attack surface.
  • Vulnerability Assessment Models: Infer vulnerabilities in assets based on software inventories to address gaps in traditional scan data.
  • Vulnerability Prioritization Models: Evaluate vulnerabilities by risk, factoring in severity, threats, exploitability, and business impact to prioritize remediation.
  • Risk Quantification Models: Estimate the financial and operational impact of cyber-attacks, enabling data-driven decision-making.
  • Threat Propagation Models: Map vulnerabilities to MITRE ATT&CK TTPs, modeling control effectiveness against TTPs, identifying critical attack paths and simulating threat spread.
  • Mitigation Recommendation Models: Suggest effective risk-reducing actions, considering cost, resources, and business impact.

Orchestrating Multiple AI Models

Building specialized models was just the start; the real challenge was integrating them seamlessly. We developed an AI orchestration layer that unifies these models, combining their outputs to deliver holistic insights. The multi-model architecture of the Balbix Core (Figure 1) processes data from ingestion and categorization through risk assessment, providing actionable insights, mitigation options, and reporting for stakeholders like CISOs and executives.

Figure 1: Balbix’s multi-model core architecture for calculating cyber risk

The orchestration layer manages dependencies, ensuring models share data efficiently without redundancy. It also balances computational loads for real-time responses, maintaining accuracy.

Figure 2: Inferring Asset Category in Balbix

Figure 2 illustrates how Balbix infers Asset Category using an ensemble of AI sub-models. Each model evaluates attributes, and the final output is a consensus. Transformer Models, Tensor2Tensor, and Seq2Seq are some of the earlier technologies in our model evolution journey.

The hierarchical orchestration shown in Figures 1 and 2 ensures BIX has the accurate context needed to answer complex, multi-faceted questions by leveraging the collective intelligence of all specialized models.

Advancements in Natural Language Processing with Large Language Models

A significant breakthrough came with advancements in Natural Language Processing (NLP) with the adoption of Large Language Models (LLMs):

  • Enhanced Understanding: LLMs allowed BIX to better comprehend user queries, including context, intent, and nuances in language.
  • Contextual Awareness: BIX can maintain context over multiple interactions, supporting back-and-forth conversations that mirror human dialogue.
  • Knowledge Integration: LLMs enabled BIX to incorporate vast amounts of cybersecurity knowledge, staying updated with the latest threats and best practices.
  • Improved Response Generation: The use of LLMs for NLP enhanced BIX’s ability to generate coherent, contextually appropriate responses.
  • Personalization: These advancements allowed BIX to tailor interactions based on user roles, preferences, and organizational policies.
  • Multilingual Support: Expanded language capabilities enable BIX to assist users in different regions, accommodating global enterprises.
NLP enhancements enabled by LLMs
Integration of Agent-Based AI Systems

To emulate human-like reasoning, we incorporated agent-based AI:

  • Autonomous Agents: These agents can perform tasks independently, such as data gathering, analysis, and reporting.
  • Collaborative Problem-Solving: Agents work together, sharing information to solve complex problems more effectively.
  • Dynamic Planning: They can adjust strategies in real-time based on new data or changing circumstances.

We optimized BIX for specific reasoning tasks like math, logic, and problem-solving, using prompt engineering and architectural tweaks to enhance its consistency and logical accuracy. This approach enhances the BIX’s adaptability and responsiveness, closely mirroring human decision-making processes. 

Figure 3: The BIX Architecture
Achieving a Conversational Experience

BIX integrates with your cybersecurity, IT, and business systems to provide tailored insights on assets, software, threats, and security measures. Its context awareness enables precise advice and mitigation strategies.

Bringing all these elements together, BIX transformed into a conversational AI assistant that:

  • Understands Complex Queries: BIX can interpret and respond to intricate questions, considering context and user intent.
  • Provides Actionable Insights: Beyond answering questions, BIX offers recommendations and next steps tailored to the organization’s needs.
  • Adapts to User Roles: Whether interacting with executives, analysts, or IT professionals, BIX delivers information in the most relevant format.

Designed as a mobile-first solution, BIX offers access to critical information anytime, enhancing situational awareness and streamlining decision-making, saving hours of effort.

Hallucinations, where AI generates inaccurate information, were a key challenge. We reduced them to near zero by integrating external knowledge, using reinforcement learning, and fine-tuning models with domain-specific data. Post-processing mechanisms and prompt engineering further ensured accuracy.

Figure 3 shows how the whole system is put together.

Performance Improvements in User Query Response Time

We knew speed was essential for BIX’s effectiveness, so reducing response times was a top priority. Initially, complex queries could take over a minute, slowing the flow and limiting real-time decision-making. By harnessing the NVIDIA accelerated computing platform, with optimized software including NVIDIA TensorRT-LLM, we slashed processing times for the specialized models. Today, BIX responds in seconds, empowering users with fast, dynamic insights and seamless, back-and-forth interactions—perfect for making quick, informed decisions.

Accelerated Development and Deployment of New Models

Using the NVIDIA CUDA software platform, cuDNN with other optimized libraries and pre-trained models, Balbix significantly cut down the time required to develop, train, and deploy new AI models. This allowed us to streamline our AI development pipeline efficiently.

With NVIDIA Triton Inference Server and NVIDIA NIM microservices, part of the NVIDIA AI Enterprise software platform, deploying and managing models in production became faster and more efficient. This agility lets us quickly adapt to new threats, integrate fresh data sources, and continually improve BIX’s capabilities to meet the evolving demands of cybersecurity professionals.

The Collaborative Edge

NVIDIA’s AI platform provided the power to process massive amounts of data—from inventory and vulnerabilities to threat landscapes and business contexts. NVIDIA technologies like GPUs, Triton Inference Server, and TensorRT-LLM deliver the computational strength, scalability, and low-latency needed for BIX’s AI models. NVIDIA NIM further enhances BIX’s real-time analysis capabilities.

NVIDIA NIM powers BIX’s advanced capabilities, transforming the way we tackle cybersecurity:

  • It delivers a modular, scalable architecture for flexible AI model deployment, adapting effortlessly to evolving needs.
  • Low-latency inference ensures lightning-fast, real-time responses-crucial for critical cybersecurity operations where every second counts.
  • It scales seamlessly across GPUs, ensuring performance keeps pace as data volumes surge.

This collaboration between Balbix’s AI models and NVIDIA’s cutting-edge technology showcases the power of innovation in solving complex cybersecurity challenges. It’s this synergy that makes BIX a high-speed, enterprise-grade AI solution, delivering real value to security professionals.

 Real-World Feedback and Continuous Learning

Our collaboration with customer design partners was instrumental in shaping BIX into the powerful tool it is today:

  • Direct user feedback refined BIX’s design, making it intuitive and user-friendly. Real-world insights helped our engineers sharpen model accuracy, cutting down false positives and ensuring more relevant outcomes.
  • Through Reinforcement Learning from Human Feedback (RLHF), we fine-tuned BIX’s responses, enhancing logical consistency and clarity. Human evaluators guided the model to prioritize structured, well-reasoned outputs, making every response count.

BIX evolves with each user interaction, learning and adapting to individual preferences—whether it’s delivering concise answers or diving into technical details. These enhancements ensure BIX becomes smarter and more effective over time, providing tailored, precise insights that fit seamlessly into each user’s workflow.

It’s important to note that customer data is never used to train Balbix’s models. When design partners choose to collaborate, their data is fully anonymized, ensuring privacy, and they maintain complete oversight and transparency throughout the training process.

ROI of BIX

This article would be incomplete without walking through real-world scenarios showing BIX’s impact. 

Empowering CISOs: Before BIX, Emma, a CISO, spent weeks compiling risk reports from various systems, making strategic planning a slow, manual process. Now, she can ask BIX for an updated risk assessment, and in seconds, receive a comprehensive, actionable report. BIX breaks down queries, verifies data securely, and delivers precise insights, letting Emma focus on strategy, not data gathering.

Accelerating Vulnerability Management: Alex, head of threat management, once faced the daunting task of prioritizing thousands of alerts. With BIX, he can instantly get a list of critical vulnerabilities based on threat intelligence and business impact, streamlining remediation. Alex’s IT colleagues, Michael and Sarah, use BIX to manage patch cycles, reducing their timeline from months to days by receiving optimized schedules tailored to their systems.

Streamlining Compliance Reporting: Samantha, a compliance officer, used to spend weeks preparing for audits. Now, she asks BIX for a compliance readiness report, and within seconds, she receives a detailed gap analysis. This efficiency allows her to stay audit-ready and minimize compliance risks continuously.

Beyond these examples, BIX’s value extends further—helping incident responders contain breaches, aiding threat hunters in detecting anomalies, and enabling SOC teams to monitor and respond in real time. BIX optimizes each role, delivering measurable ROI through enhanced efficiency and security posture. More on the ROI of BIX here.

The Future of Cybersecurity with BIX

BIX transforms enterprise cybersecurity by drastically cutting down the time needed for analysis, decision-making, and action. Balbix AI streamlines complex computations and automates data processing for faster, more accurate responses. BIX also improves team communication, ensuring critical insights are shared and acted upon, optimizing workflows across the board.

The orchestration of multiple specialized AI models allows BIX to provide meaningful insights and answer specific questions accurately. Balbix’s collaboration with NVIDIA showcases how combining expertise in AI and cybersecurity leads to innovative solutions that address today’s complex challenges. As we reflect on this journey, we’re excited about the future and the continued evolution of BIX. We invite you to experience BIX firsthand and join us in shaping the future of cybersecurity.