Faces at Cyver: Romuald Moisan 

Cyver Core is a pentest management and report generation platform which pentesters use to deliver pentest-as-a-service, to manage pentests in their system, and to automate manual data entry for writing up findings, reports, and remediation help. Large language models, commonly called AI and generative AI, make a lot of sense for us to use, because they allow us to offer custom text generation in addition to auto-fill capabilities for common and library-stored data points. With that in mind, Cyver Core launched our first ChatGPT integration in November of 2023, meaning pentesters on our platform could generate executive summaries and report writeups based on data in the platform. 

Still, we believed we could do more with the technology, which is why, in January of 2024, we expanded our team with an up-and-coming expert on cybersecurity and large-language models. Romuald Moisan is an engineering student at Polytech Marseille, specializing in computer science. He interned with Cyver for 6 months to help our engineer, Rodrigo Santos, as we worked to expand our AI capabilities to include finding-level and remediation-level writeups custom to the client technology and assets. 

Romuald is leaving Cyver for his next opportunity, but we sat down to talk with him about the project and working with Cyver. 

An Engineering Student Specializing in Cybersecurity 

“I’m a French student with Polytech Marseille, I’m in a priority class for engineering and I just finished my second year at the school. I’m going to take a specialization in cybersecurity. Currently I’m working with an engineering school, a science study, and a university, and I’m completing an internship through each of them. When I finish that, I intend to specialize more in cybersecurity – for which I’m also currently earning certifications in – as well as moving into a new role at Secura to help them develop a learning model of their own.” 

“When Luis initially showed me the product, he had realized that it was possible to send custom requests to ChatGPT. So, my job was to create actions between ChatGPT and the product. The idea was that we communicate specific information for the AI to use, and it responds to us, which is automatically added to the report.”  

Improving Cyver’s AI Report Generation 

Romuald began his internship with Cyver on February 8 of 2024 and wrapped up on July 8th. During that time, he worked with our development team to make our vision for a new and improved report generation with AI a reality. 

“Our goal was to simplify the boring part of the pentester’s job,” adds Romuald, “as a pentester, you have two jobs, the first is carrying out the pentest as the second is producing a report. That’s boring and painful. With tools like this AI, the pentester can save a lot of time and just do the fun part. For example, if you can just automate the summary creation or the findings writeups, you spend much less time on that. The solution I helped build sends specific data to our LLM with prompts I helped design, and the AI does the rest by generating a response with a tech summary.” 

Romuald worked with Cyver to develop custom queries and prompts, allowing us to offer different types of automated summary and description generation based on what the pentester wants. Romuald helped develop prompts to produce seamless technical summaries, high level summaries, and finding-level remediation and recommendations – allowing pentesters to potentially tap into knowledge they don’t have themselves. 

Working with ChatGPT for Pentest Reports 

“We chose ChatGPT for accessibility and customization settings, as well as its privacy features. ChatGPT is also actively developed, so we continue to see improvements in new iterations. That makes it ideal for us, because we know the product will continue to grow with us. ChatGPT also offers fine tuning options, including options to tailor the API functionality to better fit our specific reporting needs.” 

“ChatGPT is a cost-effective solution for LLM features, so it provides a good balance between performance and expense. By using ChatGPT, we ensure our GenAi pentest reporting functionality is cost-effective and efficient.” 

Cyver’s ChatGPT instance is hosted on our local Azure OpenAI server. This means all data is kept locally and is never communicated to the open AI, used for training, or mixed with other company’s data. At the same time, we also use basic security measures like TLSP, unique API keys, and regular pentesting to ensure our system and configuration are secure. 

“Getting started involved some challenges, as I first had to learn the product and what Cyver Core was doing and then figure out how to adapt it to the model. Of course, I also had to manage my time between studies and the project –otherwise, this has gone smoothly.” 

Romuald is moving on from Cyver to work on another LLM development program at Amsterdam-based cybersecurity firm Secura. 

“I’m going to create an LLM but specialized in assisting pentesters with pentesting, which is a great focus considering my interest in Cybersecurity”

“Working with Cyver has been a great opportunity, Luis gave me the opportunity to work in a  real campaign and follow my studies at the same time, so thanks to this, I know what we can do with existing engines and in a real context – and how customers can use those tools to save time and grow further. I think Luis has made a great choice to put AI in his application very early – so for me it’s a great opportunity.” 

Good luck to Romuald on his next venture, from the Cyver team.