Using NLP & LLMs to classify security findings

Barak Bercovitz


Director of Innovation


When we founded Dazz, we knew that creating a technology capable of truly understanding the significance of cloud security findings was crucial. Traditional remediation approaches, which were manual and time consuming, wouldn’t be enough to tackle the complex and evolving nature of cyber threats and cloud development environments. Our goal was to build a system that could grasp the real meaning behind security detections. This meant harnessing advanced technologies like machine learning and AI to analyze and interpret the data in more intelligent and insightful ways.

Classifying security findingsᅠ is one of the most important and time-consuming steps in the triage process. To help security teams be faster and more efficient in understanding how and why a vulnerability happened, we focused on creating an automated tool based on Natural Language Processing (NLP). This tool categorizes the findings based on their meaning, making the analysis faster and more accurate. By using NLP, the Dazz Remediation Cloud helps security teams understand the context of security alerts, ensuring precise and consistent classification.

We started this work before the AI and Large Language Models (LLMs) explosion and can take advantage of the improved language capabilities of modern LLMs to increase performance significantly. We are able to discern nuanced details and identify subtle patterns within alert descriptions and metadata. The substantial increase in resolution, thanks to LLMs, has led to a notable improvement in the overall accuracy of our solution.

Dazz takes advantage of LLMs in two main ways. They play a central role in data enrichment and automatic integration. With our automatic classification of security findings, we have all the necessary information readily available to ingest new alerts into our platform. This enrichment process helps streamlining the data processing, allowing our platform to categorize alerts from all security detection tools automatically.

We also use AI as a force multiplier for our own manual R&D efforts, as well as to triage and understand the statistical breakdown of our customers’  risks more efficiently. With its fine-grained understanding of language, our NLP tool allows us to delve into the intricacies of security alerts and explore emerging security trends. By conducting more in-depth analysis, we can gain valuable insights into potential vulnerabilities and devise proactive measures to strengthen our customers’’ security posture.

Developing this NLP functionality into our platform continues to be a major focus for us today. During the past two years, we’ve analyzed a huge variety of different types of security findings, covering the entire software development lifecycle. We are continuing to  fine-tune LLMs on this task using our unique proprietary datasets to create more context-aware models that are better tailored to each of our customers' needs.

See Dazz for  yourself.

Get a demo