OpenCRE Introduces ChatCRE


Spyros Gasteratos

Monday, September 11, 2023

Would you trust generative AI with an important cyber security question?

We are super excited to announce the world’s first security-specialized chatbot: the powerful OpenCRE-Chat. Using Google’s great conversational PaLM AI technology, we created a large language model that uses the standards collected in OpenCRE as main resource for answering questions about information security. The advantage of this approach is that the answers are more reliable, since they come from vetted and leading standards (ISO, NIST, CAPEC, Mitre, OWASP etc.), plus the Chatbot provides the right references with the answers. In contrast, regular chatbots typically do not provide references, and they take their information from the entire internet, which can be a problem if the answer is an hallucination, or from an unreliable, outdated or even manipulated source.

ChatCRE is currently freely available for abybody with a google account (we need to maximize number of queries per unique user per minute): OpenCRE is the free open source catalog of cyber security concerns, collected from a wide range of security regulations, standards and guidelines. It was created to solve the mapping problem in the complex and fragmented landscape of security standards. Users can find all the information they need regarding a concern by browsing and searching the catalog: regulatory sources, threats and weaknesses, test guidance, programming tips, configuration for tools, etc..

Next to linking, browsing and searching all the OpenCRE material, now with generative AI it is possible to ask questions and get more reliable answers. This is achieved by retrieving the most relevant reference information from the OpenCRE catalog and adding it in its entirety to the prompt. By doing so, the chatbot will always use the most relevant and vetted resources to help answer the question. Stay tuned and follow @opencre at LinkedIn: more exciting announcements incoming!

Go ahead, and learn anything you always wanted to know about security but were afraid to ask, in your own language! Thank you very much @kerberosmansour for your crucial role in building the Chat component. #largelanguagemodels @google @opencre @spyros @robvanderveer @owasp #ai #appsec