2025-08-05 –, Siena
As threat actors evolve faster than our security tools, defenders need a new playbook—one that blends explainable AI with real-world cyber context. Enter CADDIE: a Retrieval-Augmented Generation (RAG) engine driven by the Model Context Protocol (MCP) to supercharge SOCs, auditors, and compliance teams. This talk will unpack how we use RAG + MCP to inject real-time policy, threat intel, and log data into large language models, enabling automation for tasks like gap analysis, alert triage, and regulatory mapping. Whether you're a blue teamer, GRC lead, or AI practitioner, you'll walk away understanding how to wield GenAI as a precise, compliant tool—not a hallucinating risk vector.
In this session, I will present the architecture, use cases, and lessons learned from deploying CADDIE, a self-hostable Retrieval-Augmented Generation platform tailored to cybersecurity. With growing adoption of LLMs, enterprises are facing a gap: how to contextualize outputs with real, trusted data across threat detection, policy writing, and compliance monitoring. This is where the Model Context Protocol (MCP) shines—allowing structured ingestion of logs, threat intelligence, policy documents, and MITRE mappings into an LLM interface.
Attendees will see:
How MCP structures retrieval pipelines and token-efficient prompts
RAG in action for GRC (e.g., SOC 2, ISO 27001, DORA) and threat detection workflows
Case studies from proof-of-concepts with financial institutions, think tanks, and public-sector orgs
Why context-aware GenAI reduces hallucinations and increases interpretability in cyber operations
Red team and blue team applications of MCP: from compliance automation to contextualized alert triage
This talk draws on prior research and presentations, including Black Hat 2024 (“Leveraging RAG for Proactive Cybersecurity Posture”) and my AI Summit talk on RAG-powered policy agents. Attendees will leave with an understanding of how to incorporate RAG in their cyber environments and how structured context via MCP is a key defense layer when working with LLMs in production
Brennan Lodge is the Director of Information Security at the Manhattan Institute and founder of BLodgic Inc., a cybersecurity firm pioneering Retrieval-Augmented Generation (RAG) systems for governance and threat detection. Brennan’s work in AI-driven cyber defense has been featured at Black Hat 2024, KernelCon, AI Summit NY, and Compliance Week 2024. A former data scientist at Goldman Sachs and R&D AI for Cyber Security lead at HSBC, Brennan now teaches AI and cybersecurity at NYU and advises on AI policy, deepfake detection, and regulatory compliance automation.