To anticipate computer attacks, a new approach emerges with the creation of a Digital Information System twin To lead to artificial intelligence to detect and simulate possible attack paths. An inverted defensive logic, which imposes itself in the sensitive and regulated sectors.
Simulate the attacker to defend better
The idea is to virtually copy the IT architecture of the company – servers, ports, exposed services, network configurations – then inject known vulnerabilities identified in public bases (CVE). This virtual version of the system, or digital twinthen allows an AI to evolve there as an attacker would.
Agent IA trains in a loop to exploit the faults. It tests different sequences to progress in the network. The objective is to identify the most critical paths, those that would allow a real attacker to compromise key systems. This process is based on strengthening learning, a method already used in robotics and in games, today adapted to cybersecurity.
A change of posture
The approach differs radically from conventional tools. It is no longer a question of waiting for an alert or passively scanning the open ports, but of building Active risk simulationcapable of anticipating what could happen in real conditions.
The interest is double:
-
- Better prioritize the fixes (all flaws are not equal in a given context)
- Document the high -risk scenarios To integrate them into security governance
Concrete use cases
Experiments carried out by researchers from the University of Lorraine have shown that an IA agent, trained on a digital twin, could identify sequences of vulnerabilities allowing to compromise up to 69 % of a simulated network – without having been exposed to the target system before. The language model used (Securebert) allowed the AI to “understand” the technical descriptions of the faults.
These results pave the way for operational use in large companies, especially in the sectors subject to Dora, NIS2 or RGPD rules on data security.
A strategic approach for general departments
Building a digital twin is equipping yourself with a Decision aid tool. The simulations can be presented in the risk committee, to be used to justify budgetary arbitrations, or to demonstrate proactive diligence in the event of an incident. The integration of these tools into security management becomes a governance issue.
For financial and legal departments, this approach also allows better Document risk exposure And align technical priorities on business issues.
Towards a standardization?
Several cybersecurity publishers are starting to offer solutions based on this principle, combining simulation engine, AI engine and visualization of attack paths. The market is still emerging, but the logic is clear: in a world where the attack is automated, the defense must be so – and anticipated.
