IriusRisk has announced the launch of ‘Jeff: AI Assistant’
October 2024 by Marc Jacob
IriusRisk has announced the launch of ‘Jeff: AI Assistant’, a new AI-powered tool which can help developers and architects to generate threat models from images.
‘Jeff’ is a world first in that it is the only automated secure-by-design tool that fully leverages the latest advancements in AI to produce fully functioning threat models prompted by image or text description inputs.
‘Jeff’ differs from other large language models (LLMs) as it is able to focus on extracting the most useful information from that input to generate an outline for a specific threat model. This new tool works by harnessing AI to analyse inputs, which can range from images to transcriptions of conversations discussing an idea for a new product, and create the first draft of a tailored threat model.
This represents a landmark moment for the cybersecurity industry in that it will make the threat modeling process significantly more accessible for architects and security teams, enabling model creation and implementation at a speed and scale not seen before.
Getting started with anything is often the hardest part. ’Jeff’ gets you threat modeling from a standing sprint. With the AI-powered technology it takes just two to three minutes to process an input and generate a preliminary threat model - which is then complete with threats, weaknesses, and countermeasures.
With ‘Jeff’ users can skip several steps in the threat modeling process, significantly reducing time and making it more streamlined by helping architects and security teams to create a refined threat model quicker. This can then be run through the IriusRisk platform to build it out further.
‘Jeff’ is currently available to paying customers as well as through its free Community Edition platform, and will be constantly improved and refined as it is integrated into all IriusRisk products over the coming years.
For context, the IriusRisk platform uses threat modeling to help organisations understand the security flaws and risks in software design, automatically generating potential threats and the countermeasures to address them before a line of code is written.
The ‘Jeff’ announcement is IriusRisk’s latest AI offering, and follows reports of more than 50% growth in Annual Recurring Revenue (ARR) from December 2022 to December 2023, largely driven by the company’s strategic moves into AI.
The company has ambitious plans to power the development of advanced AI-driven threat modeling solutions, transforming how it can help customers design secure software and systems. This comes after warnings earlier this year from the National Cyber Security Centre (NCSC, part of GCHQ) about how new AI tools will lead to an increase in cyberattacks and lower the barrier of entry for less sophisticated hackers to do digital harm.
Last year, IriusRisk also published its AI & ML Security Library, which allows organisations to model their planned ML software, and quickly understand what the security risks are, as well as understand what they need to do to mitigate each of those risks before they build AI systems.
This ability to threat model machine learning and AI systems - as well as embedding Gen AI into its own product - has enabled IriusRisk to solve one of the key points of friction with threat modeling - the time it takes for data flow diagrams to be drawn.