Sysdig Sage brings power of generative AI to cloud security with an LLM controller approach

Sysdig has been growing its open source-based cloud monitoring and security platform for the past decade.

While machine learning (ML) has been part of the Sysdig platform for several years, like many other vendors in 2023, the company is now jumping into the generative AI and large language model (LLM) space.

Today, Sysdig announced its Sage AI technology, as an effort to bring the power of LLMs to its cloud monitoring and security platform. The basic goal is to make it easier for organizations to better manage cloud security and respond faster when incidents occur.

The new Sage AI technology is designed to be an assistant that can employ advanced multi-step reasoning, multi-domain correlation and actions. Sysdig Sage AI is currently in early testing.

>>Don’t miss our special issue: The Future of the data center: Handling greater and greater demands.<<

“Sage AI is our attempt to put together our domain and open source expertise in the field of cloud security, with an advanced architecture that integrates security with an LLM,” Sysdig founder and CTO Loris Degioanni told VentureBeat.

There is no one LLM to rule them all (but there is one controller)

The Sage AI technology is not just some kind of ‘wrapper’ that simply calls an LLM API — like one from OpenAI — that is trained on a company’s data. Rather, Degioanni emphasized that the Sysdig approach is significantly more involved.

While declining to name the specific LLMs used by Sage AI, Degioanni explained that his team has built an “LLM controller” which orchestrates requests to different LLMs. The controller also filters and sanitizes data in a way designed to improve accuracy and reduce the risk of any potential AI hallucination.

“We’re trying to force multi-step reasoning, which forces the LLM to really take multiple steps before coming to the answer,” he said.

The LLM Controller makes use of the open source LangChain technology, a popular approach to chaining LLM requests together. Degioanni said that LangChain is designed as a generalist tool and Sysdig has adapted it.

“We’ve taken parts of it [LangChain], and put it together with a bunch of our secret sauce to be able to do something that works particularly well in cybersecurity and in particular in cloud security,” he said.

AI doesn’t replace security analysts, but it does fill a gap

With Sage AI, Degioanni said that the goal is to have an AI that is situationally aware of an organization’s cloud security context.

Sage AI will sit near the user and is capable of understanding what the user is doing and will help them to interpret the data. For example, if the Sysdig platform shows an alert for a security violation in a container, Sage AI can help the user understand precisely what the issue is all about. Users can query the AI to get details and the system will also be empowered to take actions to help users remediate issues.

Overall, the goal with Sage AI is to help fill a critical skills and talent shortage in the cybersecurity industry. Degioanni noted that cloud security is a complex domain.

“In general, what we’re seeing is a chronic lack of skills and manpower in cybersecurity and especially in cloud security,” said Degioanni. “Hopefully, AI can help organizations become more efficient, more effective, and therefore use resources in a more efficient way to detect more threats and have more secure infrastructure.”