Rootconf 2025 Annual Conference CfP

In this talk, we will showcase how GenAI-powered security automation can revolutionize threat modeling, threat detection, incident response, and log analysis compared to traditional SIEM(Security Information & Event Management) systems. We begin by demonstrating a real-world security incident where a system logs multiple failed login attempts followed by a successful one, indicating a possible brute-force attack. In a traditional SIEM setup, an analyst would manually sift through thousands of log entries and correlate events to detect the anomaly—a process that can take hours. Using GenAI, we will show how an AI-powered security assistant can instantly analyze logs using natural language queries like, “Show all users with unusual login behavior in the past 24 hours.” This highly accelerates the detection process by being proactive and eliminates manual investigation overhead.

Next, we will introduce AI-driven SOAR (Security Orchestration, Automation, and Response) to automate incident mitigation. The demo will highlight how a GenAI-powered framework can detect the suspicious login event, correlate it with other logs, and automatically trigger an MFA(MultiFactor Authentication) enforcement or account lockdown temporarily. This process, which typically requires security engineers to manually configure response rules, will be executed within seconds using an AI-powered chatbot interface trained & fine-tuned for the enterprise network. The AI will also generate an automated security report, summarizing the attack pattern, affected users, and recommended remediation steps, reducing analysts’ workload significantly.

Finally, we will explore the drawbacks hidden within this approach in terms of limitations and challenges of GenAI in security by testing its responses to adversarial inputs in chaos monkey fashion as tested for traditional server deployments. We will demonstrate how an attacker might try to bypass AI-based detection using log obfuscation techniques and discuss countermeasures such as adversarial training and explainable AI. The session will conclude with a discussion on the possible future of AI-driven security operations, including predictive threat intelligence, AI-enhanced Zero Trust security models, and regulatory considerations. By the end of this demo, attendees will gain a practical understanding of how AI can enhance security operations, reduce response times, and optimize analyst workflows, while also recognizing the risks of over-reliance on AI in cybersecurity.

Key Takeaways:

1. Solid understanding of AI’s role in automating SIEM & SOAR operations.
2. Future work on the same for expanding to closely related functionalities.
3. Step-up in adopting latest LLMs & associated automations into legacy systems.

Audience:
Working Professionals across various domains looking for for state-of-the-art tools & techniques to be adapted into their products.

Students/Researchers with keen vision into applications of AI/ML, especially LLMs for probable AI Engineering roles.

Shruthi is an experienced software professsional with diverse experience across multiple domains of Enterprise web applications development & management. Currently on a short break to upskill herself with AI/ML technologies, looking to join back the workforce in challenging opportunities with enhanced vigour.