AI in Cyber

Ed_Vesga_ed2ves · May 18, 2026, 9:18pm

Asking tgh general audience

I am intrested in getting someone’s ideas about how to start leaning about detection of cyber incidents using Agentic AI. Please share some ideas, training, routemap, where to go.

gent.spah · May 19, 2026, 6:59am

In the Machine Learning Specialization, an algorithm called anomaly detection is introduced. It is also widely used in areas such as cyber intrusion detection. This could be a good starting point to explore further.

hynpbus · May 19, 2026, 2:14pm

Hey Ed. I would definitely recommend you Intro to Using AI in Cybersecurity | Google Cybersecurity Certificate and
Fight Insider Threats with AI-infused SIEM on YouTube to take a look of the general perspective in the area, then with the core ideas you could start think about how you could adapt it or evolve to using an Agentic AI on your own system.

subrcsms · May 20, 2026, 12:17am

Hey Ed,
Recently I started on this path by building an Autonomous SOC (Secure Operations Center) Agent that investigated an alert and provided a high confidence severity score and generated an incident report.
I used Isolation Forest (reference Kaggle) for anomaly detection to filter the critical alerts. The user can select an alert from the list to be investigated.
The basic workflow was

Download some windows security event logs

2 . Threat enrichment using some IP blocklist and file hashes that help identify known bad executables. These can be downloaded from websites.
3. Use some risk indicator keywords to look for in the alert"
I used the MITRE ATT&CK knowledge base which can be downloaded as a STIX bundle as my RAG. Used ChromaDB to store this. The knowledge base is available from the MITRE CTI Git repo.
Created 4/5 tools to parse the alert, retrieve Indicators of Compromise (IP, file hashes), look up the blocklist enriched with risk indicator strings. calculate a threat score (you can come up with different schemes) and indicate if there is a mapping to a known MITRE ATT&CK/s and generate a report.
It’s a very basic starter agent just to plant some thoughts in your mind.
I used qwen2.5:3b hosted locally using ollama.
The following is a good reference. It’s by Omar Santos.
Agentic AI for Cybersecurity: Building Autonomous Defenders and Adversaries
Hope that helps you get a start.

Topic		Replies	Views
AI & Cybersecurity AI Discussions ai-discussions	2	167	April 1, 2024
Suggestion for AI assignment AI Discussions ai-discussions	1	64	November 15, 2024
Why is anomaly detection considered "AI" or "machine learning"? Unsupervised Learning, Recommenders, Reinforcement week-module-1	1	547	July 24, 2023
Is ML course helpful for my cybersecurity analyst journey? AI Discussions ai-discussions , careers	12	261	August 26, 2023
Cyber Security professional keen on learning AI AI Discussions introductions	0	41	October 24, 2024

AI in Cyber

Related topics