AI Assistant & AI Agents - Part 2
AI Agent's 6 major design patterns and some research where agents leverage tutorial, prompts and tools to hack website.
Hello Cyber Builders 🖖
Welcome back to our series on AI Assistants, Agents, and beyond. This week, we’re exploring the fascinating world of AI Agents and how they can improve productivity and efficiency.
Whether you’re familiar with AI Agents or just getting started, this post will provide a comprehensive look at what they are and their impact. It will also include a cybersecurity usage example and a bonus video.
Note: I am trying to prevent myself from speaking about AI as a person. I don’t think it is an excellent way to think about a piece of software and a set of numbers (deep neural network weights). I believe these are tools, even when they impersonate people, taking a role.
We are not in a science fiction movie and must be careful about how we speak about AI. Most people around us - not in the cybersecurity or AI industry as we are - must present AI as a tool to help humanity, not as a terminator like bots or job-takers!
In this Post
You’ll learn what an AI Agent is
What are the six design patterns of AI agents?
And get some concrete (and fascinating?) AI Agent hacking websites
If you missed my previous post of the series, it is here:
What are AI Agents?
AI Agents are a step beyond traditional AI Assistants. While AI Assistants, like Siri or ChatGPT, respond to direct commands and queries, AI Agents are designed to act autonomously based on pre-set goals.
They interact with their environment, process data, and make decisions to achieve specific outcomes without constant human intervention. This autonomy allows them to handle complex tasks and adapt to changing situations…
Here is the promise for AI Agents.
In cybersecurity, AI Agents play a crucial role. An AI Agent can monitor your security data lake - you know the GBs of logs you collect daily :) - look for high-severity alarms or anomalous data and respond to these threats autonomously.
For instance, if an Agent identifies unusual activity that resembles a phishing attack, it can immediately block the suspicious communication, alert the security team, and initiate further analysis to prevent future incidents.
It means that the impact of AI Agent for cybersecurity operations would be:
Improve incident-related data by autonomously collecting all relevant information for the analyst.
Perform more in-depth analyses that are hard to do without automation.
Reduce time to respond to alarms by being more proactive.
Focusing on these impacts could be a good idea in a period when most MSSPs are looking to automate more and more as they face higher costs, lower margins, and more demanding customers.
You can have a look at Dropzone.AI 4-minute video below who recently reached the RSA 2024 Innovation Sandbox final.
The 6 AI Agent Design Patterns
To truly appreciate the power of AI Agents, it’s essential to understand their design patterns. These patterns guide how Agents operate, ensuring they can perform tasks autonomously, manage complexity, and report effectively.
Keep in mind that, essentially, managing an AI Agent is like managing a highly efficient team member. Like any skilled team member, you must oversee the overall direction, but the Agent handles the day-to-day details.
There are six AI Agent design patterns to keep in mind. Let’s go through them.
AI Agent - Role Play / Focus via System Prompt
Definition: As for the AI Assistant use case we covered last week, this pattern involves setting a specific role or focus for the Agent through system prompts. You can define the Agent’s role as a SOC Analyst, project manager, or malware researcher assistant. By providing clear instructions and context, the Agent can focus more. Technically, it helps the Generative AI model focus on the part of the model related to your asked focus.
AI Agent - Tool Usage
Definition: This design pattern focuses on how Agents utilize tools to complete tasks. An intelligent Agent might leverage various software tools to gather data, analyze information, or execute specific actions. For example, an Agent designed to manage social media accounts could use scheduling tools, analytics platforms, and content creation software to ensure a seamless workflow.
AI Agent Reflection
Definition: Reflection in AI Agents refers to their ability to assess their actions or, most often, the actions of other Generative AI Agents. This pattern ensures that Agents can evaluate their performance and rework the output. Reflection is often called “Chain of thought,” where you ask the Gen AI model (e.g., LLM) to self-reflect on his previous output and fix it. Imagine you are asking the model to generate a Python script; you can execute it and give feedback to the model, the script, and the output. If it generates an error, the model will fix the script and iterate until it matches the expected goal, like in a unit test.
AI Agent Cooperation
Definition: Cooperation involves multiple Agents working together to achieve a common goal. In this pattern, Agents communicate and coordinate their activities, sharing information and resources as needed. For instance, in a complex project, different Agents might handle specific tasks like research, data analysis, and reporting, working together to complete the project efficiently.
AI Agent Planning
Definition: Planning is a critical design pattern in which Agents develop and execute plans to achieve their objectives. This involves setting goals, identifying necessary tools, and creating a task list. An Agent planning a series of tasks to analyze a security alarm, outlining each step, allocating resources, and monitoring progress would be an example.
AI Agent Memory
Definition: Memory is the Agent’s ability to remember and learn from interactions and experiences. This pattern enables Agents to retain information about people, organizations, projects, and keywords, allowing them to provide more personalized and contextually relevant assistance.
You can learn more in these great articles:
An Example - AI Agent to Autonomy Hack Website
AI Agents are tools capable of extensive research and autonomous action. This capability is being leveraged in various ways, including startups branding themselves as creators of Large Action Models (yet another AI lingo). It is hard to separate marketing from tech in such a context, so I wanted to give you a more detailed use case.
Let’s look at research published by Illinois Edu (LINK) called “LLM Agents can Autonomously Hack Websites”.
Researchers have conducted experiments on real but sandboxed websites to avoid disrupting real-world systems. These environments included all necessary components such as databases, back-ends, and front-ends. The Agents were tested against 15 different types of vulnerabilities, ranging from easy ones like SQL injection and XSS to more complex ones involving cross-site request forgery (CSRF) combined with XSS. Success was measured using various metrics to assess the effectiveness of the LLM Agents in autonomously hacking websites within a set timeframe (e.g., 10 minutes).
The study revealed that intelligent Agents can autonomously execute various hacking techniques, including SQL injections, cross-site scripting (XSS), and server-side request forgery (SSRF). These Agents demonstrated the ability to adapt their strategies to exploit different security vulnerabilities without prior knowledge. The experiment measured their success in autonomously hacking websites within a predefined timeframe, showing promising results.
Furthermore, the study underscored the importance of document retrieval in enhancing the performance of these Agents. Access to resources on web hacking, SQL injections, XSS, and SSRF allowed them to improve their understanding and execution of tasks without explicit instructions, suggesting their potential to enhance security defenses and execute attacks.
Experiments conducted in sandboxed environments demonstrate that LLM Agents, such as those using GPT-4, achieve high success rates in hacking attempts. For instance, GPT-4 successfully executed complex attacks in about 73.3% of trials, significantly outperforming previous models.
Extract from the paper:
This work shows that LLM agents can autonomously hack websites, performing complex tasks without prior knowledge of the vulnerability. For example, these agents can perform complex SQL union attacks, which involve a multi-step process (38 actions) of extracting a database schema, extracting information from the database based on this schema, and performing the final hack. Our most capable agent can hack 73.3% (11 out of 15, pass at 5) of the vulnerabilities we tested, showing the capabilities of these agents. Importantly, our LLM agent is capable of finding vulnerabilities in real-world websites.
Bonus Video
Andrew NG gave a great talk on AI Agent at Sequoia Capital 2 months ago. He is highlighting the design pattern we discussed above. 10 good minutes on the topic to understand and get out of the AI “lingo” we all see as marketing material.
Conclusion
The design patterns we’ve discussed—Tool Usage, Role Play via System Prompts, Reflection, Cooperation, Planning, and Memory—provide a robust framework for understanding how intelligent Agents function and why they are highly effective.
We are just at the beginning—just day 1—and most applications are still in front of us. Still, the idea of an autonomous AI Agent powered by design patterns will stay, and it is good to keep these in mind.
Tell me what you think in the comment section.
Laurent 💚