Compass' Ryan Glynn on Why LLMs Shouldn't Make Security Decisions — But Should Power Them скачать в хорошем качестве

Compass' Ryan Glynn on Why LLMs Shouldn't Make Security Decisions — But Should Power Them

Ryan Glynn, Staff Security Engineer at Compass, discusses practical AI implementation in security operations, sharing how his team achieved 95% reduction in phishing triage burden by processing 400 emails daily through custom machine learning models. Ryan explains why he tunes detection rules directly rather than prompt-engineering agentic platforms, and advocates starting with business-critical detections that prevent bankruptcy or public damage rather than chasing risk signals. Chapters: 0:00 Introduction 0:32 AI strengths in documentation and language processing 2:20 Using LLMs for feature engineering in ML models 3:22 Challenges with agentic SOC platforms 5:40 SOAR versus AI agents debate 7:22 Email phishing automation use cases 9:01 Intent classification and context understanding 10:14 Model portability and speed improvements 11:05 Business context integration challenges 14:41 Evolution of phishing attack techniques 17:09 Alleviating SOC burnout with ML automation 20:42 Company-specific versus general models 23:22 Detection philosophy and risk prioritization 26:36 Alert tagging and feedback loops 32:03 Context gathering costs and efficiency 33:44 Query language challenges across platforms