Training Organizational Models

Every organization has a unique Threat Profile. That's usually based on:

• what you are protecting

• who you are protecting it from

• what you are protecting it with

Those three components provide a Venn-diagram that's unique for each organization. That's why not every piece of information is relevant intelligence for every organization. Interesting news about Information Operations attempting to influence election in the United States, for example, is completely irrelevant to a mining company in Australia.

At Liberty91, we bring them together in real-time. Every time a new piece of information arrives in the platform, it is enriched by our AI-agents, checked against alert-rules, and given a criticality rating based on every individual user's settings. Then, it is checked for relevance for each organization's country, sector, assets, hosts, domains and suppliers.

Each organization also receives their own Morning Report every day. That report is completely tailored to their unique threat profile. It will provide an update on threats to their region and sector, but also provide intelligence on new vulnerabilities and exploits relevant to any of their assets, where they are hosted, and what they should do about it.

For every event, threat actor, malware, vulnerability or collection, analysts can create custom Threat Intelligence products specifically for each organization they care for. Every report will be unique, tailored, instant and relevant for each individual organization.

Dynamically training the models

For each organization, Liberty91 creates a unique Retrieval Augmented Generation Model (RAG-model). That model is trained on everything we know about the organization. That includes information that's available on Open Source, but also the information that's provided by the analysts. It is essentially a library of information, specifically about that organization. That library is updated every single time new information is made available, either by adding or removing assets or suppliers, or when a regional threat profile is updated.

And every time Liberty91 produces a new Intelligence Product for the organization, it will use that RAG-model as a reference. Does a news article mention a particular vendor in a security-relevant way? Liberty91 will know how and why that's relevant. It will add that new information to the RAG and if the analyst or one of their stakeholders wants to be informed, send an alert to the relevant integrations.