Small and Medium-sized Enterprises (SMEs) are often easy targets for attackers due to their limited budgets and lack of specialized security personnel. To bridge this capability gap, we are developing an AI Security Consultant as a cost-effective alternative to expensive human security consultants. Our solution combines the automated analysis of an SME’s infrastructure with a questionnaire to obtain the security-relevant attributes that build a comprehensive digital twin of an SME. The digital twin enables a locally hosted Large Language Model (LLM) to perform a risk assessment and to generate tailored mitigating security controls. The corresponding implementation instructions have to be detailed and easy to execute by the potentially inexperienced personnel of SMEs. This practical approach goes beyond generic standards and best practices, empowering SMEs to effectively enhance their cybersecurity posture and resilience.
