AI Native Asset Intelligence
Authors: Gal Engelberg, Leon Goldberg, Konstantin Koutsyi et al.
Summary
The authors introduce "AI-native asset intelligence," a framework that turns fragmented security signals (cloud configs, identities, third-party tool findings) into a structured intelligence layer for consistent, contextual asset prioritization. The system combines a modeling layer (assets, relationships, attack vectors, blast radius) with a scoring layer that separates intrinsic exposure (misconfigurations, exploitability) from contextual importance (anomaly, blast radius, business/data criticality). AI refines severity and business-context classifications, while deterministic aggregation keeps scores consistent across repeated queries. Evaluated on 131k real resources, sensitivity analyses show the scoring system responds predictably to rare exploitability evidence and contextual signals.
Main takeaways:
- Unifies fragmented security signals into a normalized asset-importance score combining exposure, exploitability, blast radius, and business context.
- Separates intrinsic (misconfig + attack-vector) and contextual (anomaly, blast radius, criticality) dimensions for interpretable prioritization.
- AI contextualization refines severity and criticality labels; deterministic aggregation ensures consistency across repeated queries.
- Evaluated on 131k production resources across 15 vendors; ablations confirm the system responds predictably to rare exploitability and contextual modulation.
Relevance
Not directly related to my persona/midtraining work — this is an enterprise security asset-scoring system. Included because the structured scoring and AI contextualization architecture could inform how to prioritize or interpret model behaviors, but no direct connection to language-model fine-tuning or triggers.
Abstract
arXiv:2605.09115v1 Announce Type: new Abstract: Modern security environments generate fragmented signals across cloud resources, identities, configurations, and third-party security tools. Although AI-native security assistants improve access to this data, they remain largely reactive: users must ask the right questions and interpret disconnected findings. This does not scale in enterprise environments, where signal importance depends on exposure, exploitability, dependencies, and business context. Repeated AI queries may therefore produce unstable prioritization without a structured basis for comparing assets. This paper introduces AI-native asset intelligence, a framework that transforms heterogeneous security data into a structured intelligence layer for consistent, contextual, and proactive asset-level reasoning. The framework combines a modeling layer, representing assets, identities, relationships, controls, attack vectors, and blast-radius patterns, with a scoring layer that converts fragmented signals into a normalized measure of asset importance. The scoring system separates intrinsic exposure, based on misconfigurations and attack-vector evidence, from contextual importance, based on anomaly, blast radius, business criticality, and data criticality. AI contextualization refines severity and business/data classifications, while deterministic aggregation preserves consistency. We evaluate the scoring system on a production snapshot with 131,625 resources across 15 vendors and 178 asset types. Sensitivity analyses and ablations show that severity mappings control finding sensitivity, AI severity adjustment refines prioritization, attack-vector scoring responds to rare exploitability evidence, and contextual modulation selectively modifies exposed resources based on business or data importance. The results support AI-native asset intelligence as a foundation for stable prioritization and proactive security-posture reasoning.