Balbix introduced its BIX conversational AI assistant at Blackhat USA 2024. The BIX AI assistant is already in use at many Fortune 1000 companies as part of an early access program. 

Today, managing cyber risks requires identifying key vulnerabilities and understanding related threats, analyzing attack paths, evaluating the potential impact on business, and assessing how well security controls will work. Each of these tasks requires specific tools, integrations, dashboards, reports, and tickets with remediation steps, as well as dedicated personnel to oversee and manage these activities. However, with vast amounts of data from different sources, it is very challenging to understand and prioritize these risks and act quickly. Communicating cyber risks to those outside the security team is particularly difficult, as they often don't grasp the technical details or the consequences of potential security breaches.

Imagine if managing cyber risk was as easy as asking a colleague a question and getting a clear, actionable answer. What if you could also instruct your assistant to keep relevant stakeholders informed about their responsibilities and deadlines, and to provide you with periodic updates? Picture every key player in cybersecurity- from the CISO, CIO, VM teams and security operations to IT staff and legal teams-having their own AI assistants to help manage their part of the cyber risk and exposure management puzzle, conversing in role-appropriate language. Today we are taking a huge step forward towards this vision.             

BIX has the following key capabilities:

1. Personalization: BIX customizes its choice of words, detail level, recommendations, and interactions according to the user's role, preferences, and past conversations. For example, BIX can explain the financial impact of a threat like "Log4j" in monetary terms to executives while also identifying specific cases and suggesting mitigating actions when interacting with IT staff.
2. Context Awareness: From time to time, we all use Google, ChatGPT and other tools to understand risk concepts on a generic level. BIX integrates with your cybersecurity, IT, and business systems and understands details about your assets, apps, software versions, users, and their roles in your business, specific threats facing your organization, your security measures, who's responsible for what, who works fast and who does not, acceptable risk levels, and your target SLAs. By querying BIX, you can leverage this knowledge to help understand specific security risks and recommended mitigation tasks in context.
3. Mobile Experience: BIX is available on your smartphone and provides answers when you need them, greatly improving your situational awareness. BIX streamlines cybersecurity decision-making by eliminating the need to consult multiple widgets and dashboards across different tools, saving you hours or even days of gathering analytics.
4. Recommendations: In cybersecurity, it's common to get sidetracked by irrelevant tasks or overwhelmed by endless research on complex topics, especially for less experienced IT and security staff. BIX acts like an executive assistant, guiding stakeholders by suggesting key questions to ask. This helps organizations move from a focus on threats to a more effective, risk-based approach to cybersecurity.
   

Ed Amoroso, Founder and CEO of research and advisory firm TAG Cyber, stated, "Managing enterprise cyber risk at acceptable levels is an extremely challenging job. Unfortunately, organizations across the industry face deep cybersecurity challenges due to tools sprawl, skills gaps, and budget limitations. Further, failure to comply with regulatory requirements on materiality, patching, and timely software updates has sharply increased organizations' financial and reputational risk". Ed also added, "Balbix's new AI assistant can improve overall enterprise understanding of material risks as well as operational efficiency, speeding up response times. This benefits organizations new to security and those with established large teams."

Under the hood, BIX utilizes RAG-based Large Language Models (LLMs) running on specialized NVIDIA hardware. However, even the most advanced standalone LLMs struggle with multi-step tasks that require navigating different contexts and managing dependencies and privacy constraints. This is where BIX's multi-agent architecture comes in, breaking down complex problems into discrete subtasks handled by specialized agents, often operating in different privacy domains. This enables BIX to offer a safe, accurate, and extensible approach to cybersecurity conversations and automate tasks previously considered beyond reach.

Early users of BIX have seen a dramatic improvement in their overall cyber risk and exposure management experience. Understanding risk, making decisions, and risk response times have gone down from days and weeks to minutes. Combined with the rest of Balbix's capabilities, this has translated into sharply reduced risk and savings from productivity improvements.     

"Cybersecurity is inherently complex, demanding not only extensive automation but also simplification and streamlined communication," stated Gaurav Banga, founder and CEO of Balbix. "Until now, Balbix has used AI primarily for computational tasks in cyber risk management. We are pioneering its use to demystify the complexities of cyber risk for all stakeholders and enhance communication between them. This release of BIX is a step forward in managing risk and exposures more effectively. It marks a significant development in our ability to be proactive, rather than reactive, in our cybersecurity efforts."