Rapid7 IDR AI Usage

Use of AI at Rapid7

Rapid7 has established requirements for Artificial Intelligence (AI) usage across all products and services, including an approval process, data privacy standards, model lifecycle management, and security measures. These requirements were developed in the context of the Trust and Compliance policies already in place. For more information on Rapid7’s stance towards AI TRiSM (Artificial Intelligence Trust, Risk, and Security Management), further reading can be found here.

Compliance and enforcement of these requirements are overseen by Rapid7's Chief Security Officer, including disciplinary actions for policy violations.

Models are trained and fine-tuned in secure environments with restricted access permissions. They are then rigorously evaluated by both AI experts for mathematical accuracy as well as subject matter experts for in context utility and accuracy. This ensures the training process has been successful to reach a desired performance level.

IDR primarily uses AI in the following functions:

Alert Management: IDR uses an AI/Machine Learning-based service that emulates the behavior of a human analyst by evaluating and assigning a likely disposition to alerts in the queue.

The models used by this service are trained and fine-tuned in secure environments with restricted access permissions. They are then rigorously evaluated by both AI experts for mathematical accuracy as well as subject matter experts for in context utility and accuracy. This ensures the training process has been successful to reach a desired performance level.

To learn more about how dispositions are applied to Alerts using AI and the reasons why it reaches these decisions, read AI Alert Triage.

Did this page help you?

Support

Share an idea with Rapid7