Blink CEO Gil Barak says there have been three distinct periods when it comes to security operations automation. The first required experts to code workflows, taking weeks or months to produce a single one. More recently, low-code approaches let users drag and drop components into a workflow, creating the code in the background almost entirely without user input, greatly speeding up the process.
The third era has just begun with the ability to describe a workflow and have the platform build it for you. With the growing use of large language models (LLMs), the company has been able to create such a tool.
“The dream of mine since I started the company has been to get to a no-code place where anyone at any skill level can build any workflows simply by typing [a description],” he said. That became a reachable goal when ChatGPT was launched at the end of last year.
“We’re launching the Blink Copilot, which is the first truly no code [security operations workflow tool], meaning you just type a prompt, and it generates a low-code workflow, and then that can actually run that code,” he said.
What it does is understand your prompt and generate a workflow based on your description. So if you enter the prompt, “For each issue in Wiz, open a ticket in ServiceNow for the relevant event engineer, and tell them they have 48 hours to fix it,” it would create a workflow that looked like this:
Image Credits: Blink
It’s not unlike Ansible Lightspeed, announced last week at the Red Hat Summit, but instead of automating IT operations, Blink Copilot is automating security operations.
The company is working with several LLM providers, including Microsoft, Google and OpenAI, and Barak says the startup has designed the tool to be able to plug in multiple models. “We’ve built multiple layers that makes it easy for us to take different LLMs and try them out, and we’re training them on everything we build. So we have a lot of data from customers. In fact, we have all these different actions and integrations we’ve built that’s part of what we train it on,” he said.
Those integrations include a library of more than 7,000 workflow components in categories like email security, cloud security, network security and so forth. After the system creates the workflow, users can modify the different elements or add new ones if need be. They can also drill down to see how an individual step in the workflow works or review or edit the underlying code if need be.
But it’s worth noting that it’s so easy, it’s possible that someone could build workflows without the required technical knowledge to understand the implications of the actions they are building. Barak acknowledges that there could be such issues, and he says there should be humans in the loop to ensure that someone is charged with checking the workflow before publishing it.
He says that there is some irony in its simplicity because prior to having tools like this, in the coding era, it required having highly trained security engineers on staff, and now the conversation has flipped.
“The funny thing is that before this existed, everybody was talking about how hard it is to hire and retain security engineers…and now customers are telling me this looks too simple, too easy to use and how do you add guardrails to protect [yourself]? So that’s something we’re adding now,” he said.
The company, which has raised $26 million, per Crunchbase, is making Blink Copilot generally available today.