Breadcrumb navigation

NEC incorporates LLM into the cybersecurity field

~Applied to security risk assessment and cyber threat intelligence generation~

Tokyo, December 15, 2023 - NEC Corporation (NEC; TSE: 6701) has developed a new system that enables highly accurate and rapid security risk diagnosis and generation of cyber threat intelligence for external public systems. The system combines NEC's accumulated knowledge of cyber threat analysis, its proprietary cyberattack risk automatic diagnosis technology, a Large Language Model (LLM), and can be operated without the need for skilled personnel with specialized knowledge.

NEC will actively utilize the system within the company as the initial client (client zero) and aims to quickly develop business based on the know-how gained from the experience of utilizing the system.

Generative AI has been attracting increasing attention in recent years, and is now being applied across a wide range of systems and products.

Generative AI is expected to be especially valuable in the security field, where it is necessary to respond quickly to threat information that is released daily in order to proactively protect businesses from cyberattack threats. To accomplish this, NEC developed a system that combines LLM with its own threat database and tools, which can be used as an assistant for security diagnosis and analysis, thereby improving accuracy and accelerating the collection and analysis of security risk diagnosis and threat information.

About the system

1. Security risk diagnosis by combining a security database and LLM

NEC has developed an interactive security risk assessment system by combining its accumulated knowledge of security risk assessment and proprietary cyberattack risk automatic diagnosis technology with an LLM. Users only need to input simple instructions to the LLM to conduct vulnerability diagnosis, attack route analysis, and formulation of measures, even without specialized knowledge.

For example, if a user enters the instruction "diagnose the terminal (IP address XX) of a VPN that is open to the outside world," the LLM will acquire the necessary information for diagnosis on behalf of the user, provide the tools and commands to be executed, and summarize the results to answer the risks. In-house verification at NEC has confirmed that the system can reduce the time required for vulnerability diagnosis by about 80% and the time required for attack route analysis and formulation of measures by about 60%.

This enables rapid diagnosis, even by those who are not skilled in diagnostics and security tools, thus enabling diagnosis to be performed on a large number of systems in a short period of time and improving the security of the entire organization.

NEC will continue to conduct in-house demonstrations and improvements with the aim of practical application, including the provision of security risk analysis services using this system.

Utilization of LLM in security risk assessment
Dialogue screen for security risk assessment

2. Accelerates the generation of cyber threat intelligence with high accuracy and greater speed

NEC's accumulated knowledge of cyber threat analysis and graph-based relational learning with LLM have enabled the development of a system that generates cyber threat intelligence with high accuracy and speed.

Specifically, it comprehensively searches the large volume of threat information on attackers, attack methods, vulnerabilities, etc. that are disclosed daily, extracts highly reliable information using its proprietary threat database, and summarizes content by considering important factors for each case. Based on this information, the system can automatically provide analysis results in response to requests on topics that users wish to investigate in depth, such as an attacker's activity history, changes in attack methods, the types of businesses that have been breached, and the amount of damage.

This enables research and analysis that was previously conducted manually to be conducted from various angles in a short period of time, and as a result, more accurate analysis reports can be expected to be created more quickly. In-house verification has shown that the time required to extract, organize and summarize important information has been reduced by approximately 50%.

NEC will continue to conduct in-house demonstrations and improvements with the aim of practical application, including a service to provide survey reports generated using this system.

Use of LLM in Threat Intelligence Generation
Survey and analysis screen (1):
Automatically summarize long articles by entering the article URL in the search window
Survey and analysis screen (2):
Enter the subject you want to explore in depth in the search window.

Automatically extracts highly accurate information and produces analysis results


About NEC Corporation
NEC Corporation has established itself as a leader in the integration of IT and network technologies while promoting the brand statement of “Orchestrating a brighter world.” NEC enables businesses and communities to adapt to rapid changes taking place in both society and the market as it provides for the social values of safety, security, fairness and efficiency to promote a more sustainable world where everyone has the chance to reach their full potential. For more information, visit NEC at

Orchestrating a brighter world

NEC is a registered trademark of NEC Corporation. All Rights Reserved. Other product or service marks mentioned herein are the trademarks of their respective owners. © NEC Corporation.