By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information. View Preferences to choose specific cookie groups.
DenyAccept

CYBERSECURITY

Machine speed cybersecurity with Tulpa AI agents.

// Tulpa’s pre-trained AI agents have been shown in the lab to enhance novice penetration testers' performance by >300% in terms of their speed and accuracy with the agent operating as their co-pilot.

// Cyber-attacks are increasing globally. 2023 saw more than 343 million victims.1 Between 2021 and 2023, data breaches rose by 72%.2

The cost of attack vs. defence is vastly in favour of adversaries.

// Intruders only need to discover and exploit a single weakness, whilst defenders must invest in monitoring and securing their entire network 24/7/365.

In response, organisations engage network penetration testers. Highly skilled, these human ethical hackers are employed to discover and expose vulnerabilities on computer networks.

Penetration tester skills are scarce, expensive, and teams are often overstretched.

You are on the ‘Policy’ node with IP address 192.168.222.1
OK, what should I do next?
You could consider doing a ‘Portscan’ of the device with IP address 192.168.222.1
Why?
Portscan looks for open ports on a device. Open ports can be exploited to get access to a device.

Machine-speed attack – and defence: the potential for AI.

// Open-source AI frameworks provide bad actors and criminals with the opportunity to scale and evolve their own machine-speed offensives.

Whilst AI promises defensive capabilities, currently they are typically black box solutions, lacking explainability and auditability of their actions. It is also hard to accurately forecast their likelihood of success against target systems without a robust and scalable training and testing environment.

Generative AI suffers from explainability and hallucination issues, whilst Reinforcement Learning struggles to achieve the performance required for an autonomous agent to operate in dynamic environments which are sparse in both data and reward.

Tulpa. Automated Penetration Testing and Red Teaming with pre-trained AI agents.

// Our first AI agent has successfully been deployed on a simulated military computer network to identify and test vulnerabilities that can be exploited, and then to exploit them to progress through the network.

Using behavioural science, psychology, mathematical modelling, and data science, we successfully captured the ‘wisdom’ of 26 expert penetration testers and cyber security experts as they worked individually through a simulated network attack exercise. The resulting ‘Wisdom Model’ accurately interpreted the range of actions that experts took, and why, and we used this to train causal AI agents to emulate the decision-making behaviour of those experts in similar environments.

Remarkably our agent performed with 100% accuracy and was able to generalise, with no loss of accuracy nor reliability, to networks of different sizes and topologies. This is a significant improvement on Reinforcement Learning (RL) and Deep RL (DRL) approaches to training AI agents.

Graph showing that Tulpa Causal Neurosymbolic training is both more accurate and cheaper to train

Adaptable, auditable, customisable capabilities.

// Agent performance can be deployed across increasingly complex network environments without the need for re-training.

All agent actions can be scrutinised, providing explainability to human operators supervising the agent’s behaviour. In addition, the reward policies for agents can be adjusted to fine-tune agent behaviour without having to re-train: for example, the stealthiness of a red teaming agent can be increased or decreased by adjusting the reward value for selecting more or less risky exploits.

Tulpa’s human-machine team approach directly addresses the shortcomings (explainability, reliability) of mainstream AI techniques (foundation models, reinforcement learning), providing the cyber operator with collaborative, fully understandable autonomous cyber defence agents.

Large Language Models (LLM)
Reinforcement Learning (RL)
Human Machine Teaming (HMT)
Cost
Expensive. >$30k to train small models.
20min train time on low cost cloud. Retraining required.
< 2min train time on low cost cloud.
Performance
Untested.
Agents can be stuck repeating actions.
Tulpa’s agents complete tasks efficiently and reliably.
Explainability
Complex black box systems.
Notoriously hard to understand reward functions.
Agents can explain why & alternative actions.
Generalisability
Untested.
Agents needs to be retrained for different network configurations.
Agents are trained on simple networks so scale well.
Configurability
Prompt engineering enables configurability.
Must be retrained to update reward policy.
Reward function can be tuned without retraining.
Reliability
Prone to drift and hallucination.
Reliable, provided  consistent environment.
Predictable action, even when environment changes.

To find out more about our cybersecurity technologies, and to see our AI agents at work, contact us to arrange an exploratory video call with Tulpa’s team.

Thank you, your submission has been received.
Oops! Something went wrong while submitting the form.