Skip to content
Sagan

Paper

AI Native Asset Intelligence

Unreadunread

AI summary

The authors introduce "AI-native asset intelligence," a framework that turns fragmented security signals (cloud configs, identities, third-party tool findings) into a structured intelligence layer for consistent, contextual asset prioritization. The system combines a modeling layer (assets, relationships, attack vectors, blast radius) with a scoring layer that separates intrinsic exposure (misconfigurations, exploitability) from contextual importance (anomaly, blast radius, business/data criticality). AI refines severity and business-context classifications, while deterministic aggregation keeps scores consistent across repeated queries. Evaluated on 131k real resources, sensitivity analyses show the scoring system responds predictably to rare exploitability evidence and contextual signals.

Main takeaways:

  • Unifies fragmented security signals into a normalized asset-importance score combining exposure, exploitability, blast radius, and business context.
  • Separates intrinsic (misconfig + attack-vector) and contextual (anomaly, blast radius, criticality) dimensions for interpretable prioritization.
  • AI contextualization refines severity and criticality labels; deterministic aggregation ensures consistency across repeated queries.
  • Evaluated on 131k production resources across 15 vendors; ablations confirm the system responds predictably to rare exploitability and contextual modulation.