BSidesSLC 2025 – LLM-Assisted Risk Management For Small Teams & Budgets

The rise of generative AI has sparked a wave of experimentation in cybersecurity, but most small and midsize enterprises (SMEs) still lack the resources to deploy full‑scale threat‑hunting platforms. Turpin’s BSidesSLC presentation illustrates how affordable, open‑source LLMs—such as Llama 2 or Mistral—can be fine‑tuned on internal logs and threat‑intel feeds, turning raw data into actionable insights. By automating repetitive tasks like vulnerability scoring and alert enrichment, these models free analysts to focus on strategic decision‑making, effectively stretching thin security budgets.

Beyond cost savings, the real value lies in speed. In Turpin’s pilot, a team of three analysts reduced average incident‑response time from 45 minutes to roughly 30 minutes, a 30% improvement that translates into fewer breach windows and lower remediation expenses. The approach also integrates seamlessly with existing security information and event management (SIEM) systems, ticketing tools, and orchestration platforms, ensuring that AI‑generated recommendations flow directly into established workflows without disruptive overhauls.

However, the technology is not a silver bullet. LLMs can hallucinate, producing inaccurate threat descriptions or misclassifying benign activity. Turpin stresses a hybrid model where AI augments, not replaces, human judgment—requiring continuous validation, prompt engineering, and governance policies. As regulatory scrutiny on AI use intensifies, organizations must balance innovation with compliance, documenting model provenance and ensuring data privacy. For SMEs, mastering this balance could be the key to achieving enterprise‑grade security without the traditional price tag.