Purple AI 2.0Started in August 2023
The business objective of Purple AI 2 (PAI2) is to positively impact the business continuity of both Red and Blue Teaming activities within PCSI organisations through the use of innovative applications of AI technology. The two perspectives together form the Purple AI tool offering.
Once this goal is achieved, red teams will have a tool that will allow them to benefit from (1) more operational capacity, (2) higher operational speed, and (3) a better baseline in terms of quality, reach, and depth of operational results (all while employing the same number of experts). Using the same tool, blue teams will be able to improve the overall baseline of the organisation's defences against attackers who may (or may not) be using AI tools.
- We are exploring a portion of what could be "AI-powered" in an attacker's kill chain; we have selected two steps of the MITRE ATT&CK kill chain that are paramount to the day-to-day activities of red teamers as use cases for the PoC: "initial access" and "reconnaissance".
- We are sharing these insights and tools with blue teams to help them and PCSI partner organisations better defend against AI-powered adversaries.
The solution we envisioned is the creation of a modular toolset for red teamers that also allows blue teamers to gain valuable insight into the possible attack scenarios where threat actors use AI-powered techniques.
At the end of the proof of concept phase, we expect to have created two command line tools (one for initial access and one for reconnaissance) that can be used by red and blue teamers. The reconnaissance tool should be able to output which assets, roles or people have been identified by the AI algorithm as viable attack vectors in a red team exercise. The initial access tool would ideally attempt to penetrate a target environment, and most of the proof of concept activities would consist of repeating the input and training of an AI model until the AI can gain internal access to the target environment. Bonus points (i.e. nice to have) if the AI can gain initial access undetected by the blue team. We intend to work on these tools in parallel, creating a kind of tandem that facilitates the flow of information from the reconnaissance work to the initial access work.
This project is part of the trend