2605. Designing an AI-Powered Agent for Personalized Information Security Assistance Using RAG and Fine-Tuned LLMs
Invited abstract in session TB-28: Multi-Agent Systems and Reinforcement Learning for Decision Support, stream Decision Support Systems.
Tuesday, 10:30-12:00Room: Maurice Keyworth 1.03
Authors (first author is the speaker)
| 1. | Jui-Hsuan Lee
|
| Department of Information Management, National Taipei University of Business | |
| 2. | Kuo-Chun Hsu
|
Abstract
The growing complexity of information security presents challenges for non-expert users who must manage security tasks without specialized knowledge. This thesis proposes an AI-powered agent that integrates Retrieval-Augmented Generation (RAG) and fine-tuned Large Language Models (LLMs) to provide personalized, organization-specific security assistance.
A key innovation is the unit-specific RAG pipeline, which structures proprietary security policies and compliance documents for precise retrieval. By combining retrieved knowledge with fine-tuned LLM reasoning, the agent delivers context-aware recommendations aligned with organizational policies. Fine-tuning enhances the model’s understanding of domain-specific terminology and compliance requirements, ensuring accurate responses.
Additionally, a built-in risk evaluation tool allows users to assess cybersecurity threats through AI-assisted analysis, evaluating factors such as likelihood, impact, and mitigation effectiveness without requiring prior expertise.
Experimental results demonstrate the system’s effectiveness in retrieving relevant security knowledge, improving response accuracy, and guiding users through risk assessments. By leveraging AI-driven recommendations, this research enables non-expert users to manage security tasks efficiently while ensuring compliance.
Keywords
- Artificial Intelligence
- Risk Analysis and Management
Status: accepted
Back to the list of papers