AI-powered SOC: auto-triage alerts, auto-describe CVEs for executives, and policy Q&A chatbots.
AI-Powered Security Automation
import anthropic
client = anthropic.Anthropic()
# 1. Auto-triage security alerts
def auto_triage_alert(alert: dict) -> dict:
prompt = f"""
Security alert received:
{json.dumps(alert, indent=2)}
Analyse and return JSON:
{{
"severity": "Critical|High|Medium|Low|Info",
"category": "brute_force|injection|lateral_movement|etc",
"false_positive_probability": 0.0-1.0,
"immediate_action": "string",
"investigation_steps": ["step1","step2"],
"escalate_to_human": true/false
}}
"""
resp = client.messages.create(
model="claude-opus-4-5", max_tokens=800,
system="You are a senior SOC analyst. Triage alerts accurately.",
messages=[{"role":"user","content":prompt}]
)
return json.loads(resp.content[0].text)
# 2. Automated vulnerability description writer
def describe_cve(cve_id: str, cvss_score: float, affected_component: str) -> str:
resp = client.messages.create(
model="claude-opus-4-5", max_tokens=300,
system="You are a security writer. Explain vulnerabilities clearly.",
messages=[{"role":"user","content":f"Write a clear non-technical description of {cve_id} (CVSS {cvss_score}) affecting {affected_component} for an executive audience."}]
)
return resp.content[0].text
# 3. Security policy Q&A bot
def policy_qa(question: str, policy_docs: list) -> str:
context = "
---
".join(policy_docs)
resp = client.messages.create(
model="claude-opus-4-5", max_tokens=400,
system=f"Answer security policy questions using only this context:
{context}",
messages=[{"role":"user","content":question}]
)
return resp.content[0].text