A Singapore Government Agency Website
How to identify
An AI-driven assistant that supports SecOps teams in evaluating vulnerability risk acceptance requests through MITRE-based threat modelling.
Service product and security support team
Assessment officers review disclosed vulnerabilities and determine their contextualised risk, including residual risk arising from delayed patching. This process is currently conducted manually via ServiceNow and requires multiple levels of endorsement before patching decisions can be finalised.
Accurate vulnerability assessment requires officers to understand the affected system's architecture, its exposure, and the potential methods of exploitation. Gathering and synthesising this context manually is both laborious and time consuming.
Without AI automation using threat modelling, contextualised risk assessments will remain slow and resource-intensive, delaying critical patching decisions and leaving systems exposed to exploitable vulnerabilities longer than necessary. The manual process also creates a bottleneck that hampers timely responses to emerging threats.
Conduct interviews with assessment officers asking about their current workflow, pain points, and time spent per assessment
Speed and accuracy
Service product and security support teams
The product automatically ingests vulnerability announcements and applies AI-powered threat modelling and system architecture review to cross-reference them against known exposure data, producing a contextualised risk assessment ready for the officer's review and endorsement.
When a vulnerability is announced → the system ingests it and auto analyses affected systems and exposure → it generates a risk assessment with recommended action → the officer reviews and endorses the decisions.
Simplify the process and improve the accuracy of the product's outputs.
Haven’t conduct any user testing with prototype at this point
A high volume of vulnerability assessments completed through the platform strongly indicates that officers have embraced AI-driven threat modelling capabilities and incorporated it into their workflow
To run a pilot programme with a select group of 5–10 assessment officers, with a targeted outcome of reducing the time spent per vulnerability assessment by 50%, demonstrating the platform's efficiency gains