An AI sandbox for federal agencies got itself a giant shovel on Oct. 9—a supercomputer named “Judy” that performs a quintillion math operations a second.
The nonprofit research foundation MITRE wants to test the superfast comp’s ability to assist the eye-straining human IT tasks like inspecting logs, tracking intrusions, and spotting suspicious behaviors inside a security operations center (SOC).
“This would not only allow large organizations to scale and track down more threats, but it may, for the first time, offer small companies the ability to have AI agents acting as cyber analysts to support their defensive missions,” MITRE CTO Charles Clancy told IT Brew.
The sandbox hosts an HPC cluster and smaller GPU clusters for staging and testing, Clancy said, along with many open-source models and large language models. Agency participants can submit jobs to use the compute environment to, say, train a small model on provided data, with MITRE engineers providing “that white glove service for the data engineering,” Clancy said.
Or in the case of creating a super-SOC, MITRE might take the lead. “We’re in conversations with several different federal agencies about getting access to large amounts of cyber data and cyber telemetry that we can use to train the models,” according to Clancy.
In a short Q&A with IT Brew, Clancy explains why Judy, powered by an Nvidia’s DGX SuperPOD data center infrastructure and named after computing pioneer Judy Clapp, can help to address cybersecurity tasks—and even potentially a gap in cybersecurity employment.
Responses have been edited for length and clarity.
What cybersecurity role will the “AI sandbox” play?
We don't have the sort of human capital pipeline necessary to fill the cyber jobs of our nation. There’s a lot of work happening in higher ed to try and increase that pipeline, but we’ve sort of plateaued in terms of our ability to satisfy that gap. Our hypothesis is that AI is going to be an enabler to closing that gap, because we’ll be able to bring greater automation and autonomy to cyber-defense functions.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
What does that automation look like, in the proposed SOC project?
There’s a lot of analytic workflows that require a human to put together different pieces of telemetry coming from different parts of the network to track down and understand whether or not different parts of the network have been compromised by an adversary. If we can map out that analytic workflow process, and we can teach AI to use the same software tools that the human analyst does, then the human analyst could be managing 10 AI agents who are doing that.
How does this process begin?
You’re not going to be able to hand raw network data or log data to the current open-source models and have them be able to understand it and reason on it. So, we need to build models that speak native cyber.
Why is this AI sandbox important for federal agencies?
The alternative is every agency going off and buying their own supercomputer and spending a couple years figuring out how to use it, and then trying to figure out how to build applications that sit on top of it. By providing a common platform, we can bring some pretty significant cost savings to the US government, where they can all get access to large-scale compute in support of their mission, with some necessary support infrastructure so they don’t all have to reinvent the wheel. And once they kind of get their feet wet, playing in the sandbox—or to mix metaphors, I guess, their feet sandy playing in the sandbox—then they’ll have enough information to know exactly what they want to go buy, and they can appropriately size it, and they can make sure that they’re getting the support they need from the cloud and AI vendor community.