SOCs and CSIRTs face increasing pressure to automate incident categorization, yet the use of cloud-based LLMs introduces costs, latency, and confidentiality risks. We investigate whether locally executed SLMs can meet this challenge. We evaluated 21 models ranging from 1B to 20B parameters, varying the temperature hyperparameter and measuring execution time and precision across two distinct architectures. The results indicate that temperature has little influence on performance, whereas the number of parameters and GPU capacity are decisive factors. Index T erms Small Language Models (SLMs), temperature hyperparameter, incident categorization, cybersecurity automation, prompt engineering, on-premises inference, model evaluation, execution time analysis, GPU architectures, local LLM deployment.

In this study, we evaluate open-source models for security incident classification, comparing them with proprietary models. We utilize a dataset of anonymized real incidents, categorized according to the NIST SP 800-61r3 taxonomy and processed using five prompt-engineering techniques (PHP, SHP, HTP, PRP, and ZSL). The results indicate that, although proprietary models still exhibit higher accuracy, locally deployed open-source models provide advantages in privacy, cost-effectiveness, and data sovereignty. According to CERT.br, Brazil reported over 516k security incidents in 2024 and more than 181k in the first half of 2025, underscoring a persistent upward trend that challenges SOCs and CSIRTs to manage high alert volumes efficiently [1]. To alleviate this overload, AI-driven solutions, particularly prompt-engineering techniques such as Progressive Hint Prompting (PHP), have demonstrated over 90% accuracy with models like GPT -4o and Gemini 2 [2].

We measure the association between generative AI (GAI) tool adoption and four metrics spanning security operations, information protection, and endpoint management: 1) number of security alerts per incident, 2) probability of security incident reopenings, 3) time to classify a data loss prevention alert, and 4) time to resolve device policy conflicts. We find that GAI is associated with robust and statistically and practically significant improvements in the four metrics. Although unobserved confounders inhibit causal identification, these results are among the first to use observational data from live operations to investigate the relationship between GAI adoption and security operations, data loss prevention, and device policy management.

The modern enterprise is facing an unprecedented surge in digital identities, with machine identities now significantly outnumbering human identities. This paper examines the cybersecurity risks emerging from what we define as the "human-machine identity blur" - the point at which human and machine identities intersect, delegate authority, and create new attack surfaces. Drawing from industry data, expert insights, and real-world incident analysis, we identify key governance gaps in current identity management models that treat human and machine entities as separate domains. To address these challenges, we propose a Unified Identity Governance Framework based on four core principles: treating identity as a continuum rather than a binary distinction, applying consistent risk evaluation across all identity types, implementing continuous verification guided by zero trust principles, and maintaining governance throughout the entire identity lifecycle. Our research shows that organizations adopting this unified approach experience a 47 percent reduction in identity-related security incidents and a 62 percent improvement in incident response time. We conclude by offering a practical implementation roadmap and outlining future research directions as AI-driven systems become increasingly autonomous.

Artificial Intelligence (AI) has made impressive progress in recent years and represents a key technology that has a crucial impact on the economy and society. However, it is clear that AI and business models based on it can only reach their full potential if AI applications are developed according to high quality standards and are effectively protected against new AI risks. For instance, AI bears the risk of unfair treatment of individuals when processing personal data e.g., to support credit lending or staff recruitment decisions. The emergence of these new risks is closely linked to the fact that the behavior of AI applications, particularly those based on Machine Learning (ML), is essentially learned from large volumes of data and is not predetermined by fixed programmed rules. Thus, the issue of the trustworthiness of AI applications is crucial and is the subject of numerous major publications by stakeholders in politics, business and society. In addition, there is mutual agreement that the requirements for trustworthy AI, which are often described in an abstract way, must now be made clear and tangible. One challenge to overcome here relates to the fact that the specific quality criteria for an AI application depend heavily on the application context and possible measures to fulfill them in turn depend heavily on the AI technology used. Lastly, practical assessment procedures are needed to evaluate whether specific AI applications have been developed according to adequate quality standards. This AI assessment catalog addresses exactly this point and is intended for two target groups: Firstly, it provides developers with a guideline for systematically making their AI applications trustworthy. Secondly, it guides assessors and auditors on how to examine AI applications for trustworthiness in a structured way.

XDR, or Extended Detection and Response, is an emerging security technology that is rapidly gaining popularity in the cybersecurity industry. It is a comprehensive security solution that offers a unified approach to threat detection, investigation, and response across multiple endpoints, networks, and cloud environments. In today's digital age, cyber threats are becoming increasingly sophisticated and diverse, making it difficult for organizations to detect and respond to them in a timely and effective manner. Traditional security solutions, such as antivirus software, firewalls, and intrusion detection systems, are no longer sufficient to protect against the complex and evolving threat landscape. It collects and correlates data from various sources, including endpoints, network devices, and cloud platforms, and applies advanced analytics and machine learning algorithms to identify suspicious activity and potential threats.

Artificial Intelligence has begun to impact industries in a big way but nowhere has the impact been as profound as it has been in the security vertical. New and innovative solutions are being released not just be established security vendors but also by smaller startups and together these solutions are adding value to the security operations of an organization. Let's discuss how AI shall impact the video surveillance industry in the near future. Initially, in the days of CCTV cameras the video used to be streamed live on the TV screens but very little effort was made to make any meaningful analysis of a possible security incident. The video surveillance solutions in those days were always reactive and continue to remain so in large parts of the world. Most agencies as for CCTV footage only when an incident has occurred or when there is a massive threat perception.

Change is constant in cybersecurity -- continual, rapid, dynamic change. It's impossible to maintain an effective defensive posture without constantly evolving. Security measures that worked in the past will not be effective today, and today's security controls will not be effective tomorrow. Many factors contribute to this rapid pace of change. Attacks are on the rise, and they are getting more advanced, persistent and stealthy each day, with some attackers even leveraging artificial intelligence (AI) to power their campaigns.

I recently got interviewed over email by one of my mentees. I thought their questions were pretty interesting and worth sharing with the community. This session focused on ClawBack and was done for a college media class assignment. I hope you enjoy the interview as much as I did giving it. ClawBack is a platform for helping organizations detect data leaks.

The Darktrace Cyber AI Analyst is a new technology that emulates human thought processes to continuously investigate cyber threats at machine speed. With transformational implications for the security industry, early adopters of the Cyber AI Analyst reported a 92% reduction in the time required to investigate threats and provide conclusions to executives. This innovation is the culmination of over three years of research at the Darktrace R&D Centre in Cambridge, UK. Using various forms of machine learning, including unsupervised, supervised and deep learning, the technology learned human intuition and trade craft from more than 100 world-class cyber analysts across thousands of customer deployments. Mike Beck, global head of Threat Analysis at Darktrace, told Information Age: "This is the latest evolution of the Darktrace Cyber AI platform, which started with autonomous identification of threats in 2013 and moved to autonomously reacting to attacks in 2016. Today we are transforming the human factor in cyber security, with autonomous expert investigation."