Trend Micro talks up risk score prediction, using own LLM

Trend Micro has launched Trend Cybertron, which it is billing as the “industry’s first specialised cybersecurity large language model (LLM)”. 

Trend Cybertron is trained on the company’s threat intelligence from over 250 million sensors, interpreting user queries and generating plans. 

Open-sourced and integrated into the company’s Trend Vision One platform, the AI model and agent framework is fine-tuned using Llama 3.1 and supports deployment with NVIDIA NIM inference microservices on NVIDIA accelerated infrastructure. 

Trend Micro’s ANZ field CISO, Andrew Philp, said there's been a lot of promise about agentic AI, something the company is tapping into by also releasing a small language model customers can use in their workflows to carry out research and augment teams. 

“If you look inside of the Trend Cybertron platform, it is able to predict what your risk score is likely to look like or where you need to invest your energy,” he said. 

“We're using it to develop a methodology of putting a business dollar value on a risk rather than just a risk score and we're also using it to be able to educate the analysts. In other words, the companion can come in and tell them exactly what's going on, what they should look at first, and what they should do about that.” 

The platform also enables data classification, vulnerability discovery, detection of deepfakes, phishing techniques, malware, lateral movement, user anomalies, and scams. 

The platform provides security for AI, protecting training data, preventing misalignment and stopping cyberattacks against AI models. 

“If a partner's customer, or a partner themselves, builds their own AI model, often they'll be building it on something like an NVIDIA NIM, but that middleware can be open to vulnerabilities and attacks, so having security that can actually integrate with the middleware as well, not just the edge layer, means that you can actually give [partners] a really compelling security option,” he told us. 

Mitigating risk rather than replacing technologies

Philp said he generally sees partners gradually transition across to using the Trend Vision One platform and replace certain products over time rather than migrate everything all at once, a process he hopes is replicated with the takeup of Trend Cybertron.  

“The first thing one of our partners replaced [when moving to Trend Vision One] was having to get extended support on a Microsoft operating system using virtual patching; [the platform’s] gone on to replace endpoint products, threat management and threat risk assessment products, web gateways and email gateways, to the point where it's a complete system, and they don't have any of those other renewables,” he said. 

“There's lots of different technologies that that can displace but ultimately, what we're trying to do more so than replace technologies is mitigate risk, and that risk can be a much bigger cost to the business than those individual products. 

“If we could put something in place that mitigates a $10 million risk and it costs a few hundred thousand dollars, for example, then that's a really good payback for the customer.”