Plex.AI Demo - PlexTrac

Transcript

Hey everyone, I’m Dan DeCloss, founder and CTO of PlexTrac. Today I am really excited to share with you the launch of our new AI module called Plex AI. We’re very excited about this as it begins our journey into AI. We’ve always had a big vision around AI, and this is the foundation that starts everything from here we are going to be the first and only vendor currently in the pentest reporting and management space to offer AI as part of the report writing experience and the ability to help automate the writing of reports. And with this, excuse me, and with this, it only allows us to further our AI vision, where we can start to provide AI around other aspects of the security workflow, automation lifecycle, and being able to provide deeper insights into the findings within your organization and the risk posture therein. Without further ado, I’d love to show off the platform to you with respect to AI and just show off what we have today and why we’re really excited about it. So within Plex AI, you have the ability to now automatically generate and adjust finding descriptions and finding recommendations.

So you see here that I’m in a report and I’ve been writing up this report, and then let’s say I had created a finding where I found a finding related to a specific CVE. And I just said, hey, I gotta write this up later. Well now with Plex AI, we can actually come in here and use the AI module to automatically generate a description based on the CVE. So you’ll see here that it generated the description of the CVE allows us to quickly start being able to write this finding from scratch and immediately replace it, insert it into the, into the finding description. With that we can also provide finding recommendations. So this is just another enhancement to the report writing experience at the finding level. And you’ll see we get a nice overview and a bulleted list of recommendations.

From here. Your testers or yourself can come in and add the screenshots as you always would, and update the content as necessary. But it really gives you a foundation from which to start. And it’s drawing from security knowledge and security databases that are open source and public information that this model has been trained on. And so it really provides a good value for you in the findings write up capabilities as well. What the Plex AI module also supports is editing current and existing findings. So if you come into a finding where you have already had a writeup from your writeups database, or you’ve put in your own description, it can enhance that for you.

So we can come in here and we can add additional vulnerability data from the database, the AI module as well. And so it really can enforce and speed up the finding, report writing and everything around the information that you would want to put into a finding and just continue to enhance your report writing experience. So you’ll see in this report we have about 36 findings. And so typically in our report writing process, we would actually come in and need to now start writing the narratives around what we did get the executive summary. And this is another really exciting aspect of Plex AI, is the ability to summarize data based on the findings in the report. So we have a blank narrative section here. You’ll notice that we had 36 findings.

Let’s go ahead and use the Plex AI module to actually generate an executive summary. What’s unique and exciting about this is that it takes the narrative database content and automatic writing of reports to the next level. Now we can actually get a holistic executive summary based on the existing findings. Whereas today within PlexTrac, you have the content database and the narratives database, which brings in templated narratives for all the sections of the report that you might be writing. But you still have to come in and manually add the data relevant to the specific engagement with Plex AI. We can now summarize all that data and bring it in unique to this context. And if we don’t like what we see, we can always regenerate within this new module.

And once we get what we like, we can actually insert it into the report, which again saves time from copying and pasting and really helps speed up the entire report writing process. So you see here we have an executive summary that kind of generated some ideas around the report, let’s say. We also wanted to say, hey, what are the top five issues in this report? We can use the AI module to also help summarize that data and distill it down for us as well. And so this really provides a huge amount of value from the data that exists in the report. So this is really nice. We have the top five issues, and then let’s go ahead and also say, like, hey, out of these findings, what are the key recommendations that we should be drawing from or recommending to our customers? And the module will also help take that data and provide the appropriate recommendations as well. Today, the Plex AI module is helping testers and report writers help writing their findings in a quicker and more automated fashion, helping write their executive summaries and their narrative sections more rapidly.

And so it really helps continue to speed up the time for the engagement. So one big question that we have is around AI, and obviously we took our diligence around this is the security and privacy of the AI module. What’s important is that we built this from a secure by design concept and that we keep security at the forefront of this module as we move forward. So with that, all of the modules and everything around the AI engine is private. It’s not a public model, and it’s, it’s isolated to your tenancy. So it adheres to the current RBAC controls that you have within PlexTrac. And it is only trained on public data.

It’s publicly trained on data related to CBEs, Mitre, ATT and CK, NIST, CSF, all the public sources of vulnerability data and information, and is not trained on any client data today and won’t be. And so all the results generated private. Nothing gets put into training the model. And so this is why we’re really excited about being the first vendor to support a secure by design AI module for automated report writing process. And this is only the beginning of our AI journey. So if you have, if you’re interested, please check us out@PlexTrac.com. Dot really excited to get this into the market and help everybody improve their security reporting process and their security posture through this module.

Thank you.