Russian AI Assistant Helps Security Teams Detect Cyber Threats Faster

PT Naira has already been deployed in the company's pilot projects, where it quickly demonstrated measurable results. The software assists with threat analysis and speeds incident investigations by 50-60%.

Proven in Pilot Deployments

Cybersecurity teams have strong demand for tools like this. According to Positive Technologies, the number of AI-assisted cyberattack techniques has doubled over the past year. Attackers now rely on large language models capable of writing malicious code and identifying software vulnerabilities. Security vendors are responding with specialized AI tools such as PT Naira. The assistant has been integrated into the MaxPatrol SIEM security information and event management platform and the PT BlackBox dynamic application security testing solution. In pilot deployments, PT Naira accelerated incident investigations by 50-60%. It also helped junior analysts reduce the time required to prepare support rules for new event sources in MaxPatrol SIEM by nearly 90%.

How does the new platform change the cybersecurity landscape? PT Naira takes over many of the repetitive tasks traditionally handled by security analysts. It summarizes security alerts, assesses their significance, investigates suspicious commands and processes, and helps generate new rules for adding events to MaxPatrol SIEM. In another pilot deployment involving PT BlackBox, the virtual assistant also helps developers remediate software vulnerabilities.

Built for Special Tasks

PT Naira runs on open-source foundation models combined with Positive Technologies' proprietary software stack. Notably, the large language models are deployed within the developer's protected cloud infrastructure rather than on third-party servers. The AI assistant does not require new network access points and can be deployed without additional approvals from an organization's security team. Its greatest advantage over general-purpose language models such as ChatGPT is its cybersecurity-specific design and the expertise embedded by Positive Technologies. That specialization enables the assistant to deliver precise, context-aware responses instead of generic recommendations.

According to the developers, a typical technology company's security operations center processes between 4,000 and 10,000 alerts every day, yet only about 37% receive detailed analysis. During incident investigations, the new AI assistant performs the repetitive work automatically. Analysts no longer have to collect information manually, switch constantly between multiple systems, or build complex queries. By taking over routine, standardized tasks, PT Naira shortens investigation times by 50-60%.

Reducing Human Error

Another significant advantage of PT Naira is its ability to reduce the risk of human error. An inexperienced analyst might open an event record without giving it a second thought, even though it could conceal an insider attack. PT Naira takes a different approach. After receiving the analyst's request, it evaluates the context, begins its own analysis, and can identify potential threats that might otherwise be overlooked. The assistant also makes it easier for newcomers to create rules for incorporating new event sources into a SIEM platform. It evaluates the value of collecting data from a new source and helps engineers generate event-processing rules from scratch. As a result, creating complex rules now takes tens of minutes less than before.

Building More Secure and Resilient Infrastructure

The launch of PT Naira marks the beginning of a broader rollout of generative AI across the product portfolio of one of Russia's largest cybersecurity vendors. Over time, the technology is expected to accelerate the detection and investigation of attacks targeting Russian companies and critical information infrastructure. That also matters to everyday users. Faster attack detection can reduce the risk of personal data breaches and minimize service disruptions affecting banks, government digital services, and telecommunications providers. At the national level, technologies such as PT Naira support the growth of domestic AI capabilities while reducing dependence on foreign digital platforms and cybersecurity solutions.

PT Naira also has export potential for countries seeking to build independent cybersecurity infrastructure and strengthen the protection of government systems. Before deployment in markets across Asia, Africa, or Latin America, however, the AI assistant would likely require localization for additional languages, national cybersecurity regulations, local threat intelligence databases, and customer-specific infrastructure.

Attackers are already empowered by artificial intelligence and, unlike us, they are constrained neither by rules nor by regulation nor by ethics. Our task is to equip cybersecurity engineers with tools that allow them to defend against increasingly sophisticated attacks on equal terms. PT Naira is not a standalone feature but part of a broader strategy to embed AI architecture across our entire product portfolio. MaxPatrol SIEM and PT BlackBox were the logical starting points because that is where analysts are burdened most heavily by routine work

Alexander Mamylov

Head of the Machine Learning Group for Security Event Analysis, Positive Technologies