Introduction
A stealth-mode startup specializing in multi-cloud security partnered with Akaike Technologies to address the escalating complexity of threat detection and remediation across Google Cloud Platform (GCP) and Microsoft Azure. The collaboration resulted in Radar Bot, an AI-driven threat intelligence feature that simulates adversarial thinking, automates root cause analysis (RCA), and generates remediation commands. Designed for cloud security teams, the solution combines LLM-powered reasoning, multi-tenant data pipelines, and a unified compliance dashboard to transform reactive security operations into proactive risk mitigation.
The Challenge
The client faced critical hurdles in securing hybrid cloud environments:
- Complex Data Overload: Thousands of JSON-structured logs with misconfigurations, overprivileged identities, and unpatched vulnerabilities.
- Siloed Multi-Cloud Visibility: Fragmented insights across GCP and Azure led to delayed threat detection.
- Manual Remediation: Time-consuming RCA processes and KQL/Python scripting for mitigations.
- Risk of Live Testing: Simulating attack paths in production environments risks operational stability.
- Operational Gaps: There is a lack of clarity on VM authentication protocols and SPOC (Single Point of Contact) escalation paths during outages.
The Solution
Akaike designed Radar Bot, an AI-powered platform that integrates Large Language Models (LLMs), attack path simulation, and automated remediation. Below is a breakdown of the technical approach:
Step 1: Adversarial Threat Modeling with LLMs
- Hacker-Style Reasoning Engine:
- Fine-tuned an LLM on the MITRE ATT&CK Framework and historical cloud breach patterns (e.g., misconfigured S3 buckets, Azure Key Vault leaks).
- Trained the model to “think” like an attacker, identifying risks such as excessive IAM permissions or unencrypted VM disks.
- Natural Language RCA: Enabled security teams to ask questions like, “How could a hacker exploit this VM?” and receive step-by-step attack narratives.
Step 2: AI-Driven Remediation Automation
- KQL Command Generation:
- Integrated context-aware LLM modules to auto-generate KQL queries for Azure Sentinel and Google Chronicle. Example: “Isolate compromised VMs with open SSH ports.”
- Simulation Sandbox:
- Built a mirrored test environment to safely model attack paths (e.g., “What if this service account’s key is leaked?”) without impacting production.
Step 3: Unified Incident Management Dashboard
- Real-Time Threat Metrics:
- Aggregated data into a custom JavaScript-based frontend dashboard tracking vulnerabilities, attack paths, connected devices, and remediation status.
- Role-based access controls ensured compliance with multi-tenant data isolation.
- Multi-Cloud Compliance Mapping:
- Visualized gaps in container security, IAM policies, and encryption standards across GCP/Azure.
- Integrated UML diagrams within the chat interface to visualize potential attack paths, helping security teams understand the precise routes an attacker might exploit.
Step 4: Operational Safeguards
- VM Configuration Audits:
- Automated checks for SSH keys, password policies, and IAM role assignments.
- SPOC Integration:
- Defined escalation protocols to route system failure alerts to designated engineers within 5 minutes.
Impact & Outcomes
Radar Bot delivered measurable improvements in cloud security operations:
- 30% Faster Threat Detection: LLM analysis reduced triage time from hours to minutes.
- 85% Remediation Automation: AI-generated KQL/Python scripts cut manual effort by 25 hours/week.
- 60% Reduction in False Positives: Context-aware filtering eliminated noise in vulnerability alerts.
- 95% Multi-Cloud Compliance: Unified visibility across 500+ GCP/Azure assets.
Radar Bot’s ‘hacker mindset’ exposed security risks the client had not considered. Their team now prioritizes threats before they escalate.
%20(1).png)
