AI-powered System: Cybersecurity Report Generation and Risk Mitigation

Our client specializes in developing, manufacturing, and distributing healthcare systems, both devices and software, for people with diabetes. Due to the sensitive nature of patient data and the stringent cybersecurity requirements imposed by regulatory bodies, the company prioritizes data protection and maintains rigorous security protocols like HIPAA, FDA, GDPR, etc.

To safeguard information transfer, each product release undergoes multiple cybersecurity checks, from bend testing to code review. Security architects have to analyze the results and prepare a specific software security report as part of the bureaucracy. This ongoing responsibility prevented them from performing more advanced tasks that required their professional knowledge and reduced their productivity.

To remedy the situation, the client decided to develop a system that would automate the process of creating vulnerability and threat reports and reduce the work of security specialists to just reviewing. The company turned to NIX with this request, choosing us for our proven cybersecurity background and vast experience in healthcare development.

Our team developed an LLM-based system with a function-driven architecture that automates repetitive documentation tasks and streamlines cybersecurity administrative workflows, helping meet the client’s high data protection requirements. Deployed in the Google Cloud Platform (GCP), this solution consists of a complex multi-agent application integrated and orchestrated in both Vertex AI Agent Builder and LangGraph.

To provide the platform with proper threat modeling capabilities, we integrated it with the IriusRisk API as a key agentic tool. Our team also integrated it with the necessary enterprise-level systems, including the Oracle database as the final storage for reports. This two-way data synchronization united all interconnected operations and ensured the correct extraction and processing of information for generating reports.

System’s Functionality

The complex project architecture and high system workload required a Google Kubernetes Engine integration and a custom reports UI, which was developed in Vue.js. This allowed us to implement a sophisticated system with advanced functionality.

• Intellectual Report Generation. The system collects information from various sources and converts it into government-level reports for regulatory organizations. It uses Google’s AI engine to check the reports and fill in missing fields, freeing security architects from performing these tasks manually.
• AI-powered Predictions. By leveraging Vertex AI Agent Builder, we designed and deployed conversational agents capable of generating contextually relevant mitigation recommendations directly within the report generation process.
• Smart Search. We also used Vertex AI’s Agent Builder to create a smart search in the company’s documentation, which allows security architects to look for relevant information for report generation and analysis.
• Accuracy Reports. NIX equipped the system with special reports to help the company’s management and security engineers understand how accurate the AI ​​is in its forecasts, further improving its operation.

Outcome

With this LLM-powered AI Agent system, the client boosted the company’s performance and achieved all of their goals:

• Significantly enhanced accuracy and efficiency of vulnerability and threat reports, resulting in streamlined security administrative workflows.
• Automation of repetitive documentation tasks allowed cybersecurity professionals to dedicate their expertise to more strategic and critical endeavors.
• Analysis of potential risk attack vectors for product releases and post-market activities
• Access to AI-powered security mitigation strategies for new and existing threats and vulnerabilities