Purple AI 2.0

Started in August 2023

The business objective of Purple AI 2 (PAI2) is to positively impact the business continuity and effectiveness of both Red and Blue Teaming activities within the PCSI core partner organizations through innovative applications of AI technology.

https://pcsi.nl/uploads/projects/Purple-AI2.png

The initial goal of the project team was to create a Proof of Concept tool that would allow red teams to benefit from increased operational capacity, higher operational speed, and improved quality, reach, and depth of results, all while employing the same number of experts. Additionally, by using the same tool, blue teams would be able to enhance the overall baseline of the organization's defenses against attackers who may or may not be using AI tools.

When the project started in September 2023, there were hardly any comparable AI applications on the market. However, rapid developments in AI and LLMs throughout 2024 quickly caught up with the research efforts of Purple AI2. Consequently, the initial plan of delivering a piece of software for tech transfer purposes was abandoned. In the final phase of the project, the team decided to scientifically validate the PAI2 tool and organize a workshop with experts from the core PCSI partners.

The PAI2 team plans to compare the performance of the PAI2 tool with other existing tools and research in a scientific article. The focus if the scientific experiment will be on Windows platforms and avoiding detection. The result will be a research paper intended for dissemination via a scientific journal or conference proceedings.

The Purple AI 2 (PAI2) tool can autonomously execute commands in a Command Line Interface (CLI) terminal to perform a red-teaming exercise. This tool was inspired by the paper “LLMs Killed the Script Kiddie: How Agents Supported by Large Language Models Change the Landscape of Network Threat Testing” by Moskal et al. (2023), which used LLMs to perform autonomous penetration testing on vulnerable docker containers.

Currently, we have infrastructure set up to connect to our lab machines – or use the HackTheBox infrastructure – where the PAI2 tool can connect to a machine using SSH, download necessary tools, and execute commands autonomously to try and retrieve sensitive information from folders, files and emails.

 And retrieve sensitive information from folders, files and emails...

Beeldmerk PCSI
PCSI is een samenwerking van
    ABN-AMRO Achmea ASML Belastingdienst ING TNO