Compliance monitoring · Production

LinkedIn builds AI-driven Security Posture Platform with ~150% faster vulnerability response

The problem

LinkedIn's security team needed to scale vulnerability management beyond manual identification and patching, and give security analysts fast ad-hoc access to insights across a fragmented distributed security infrastructure.

First attempt

Early AI experimentation was constrained by models with severely limited capacity incompatible with the scale of the security graph, and early blind-test query accuracy was only 40–50%.

Workflow diagram · grounded in source
1
Analyst query submitted
trigger
“Examples of questions we need to answer on a daily basis: Are we affected by vulnerability X? Is vulnerability X on devices exposed to untrusted networks? Who is responsible for patching host A?”
2
Context generation and indexing
ai_action
“Leveraging the seed data, LLMs generate synthetic datasets that simulate various potential scenarios. This step prepares the AI to deal with queries beyond the current scope of the database, effectively enhancing the AI's adaptability an…”
3
Function-based query mapping
ai_action
“Functions are predefined for each node type within the graph. These function names assist the LLM in selecting the most relevant node that aligns with the query context, simplifying the identification and selection process.”
4
Query routing
routing
“Query routing directs to the most efficient knowledge graph or GraphQL backend.”
5
Output summarization
output
“LLMs excel at summarizing data. The user's query, result, etc., are used to answer questions comprehensively. The chat data is stored in a temporary store as memory and added to subsequent questions in the same context.”
6
Human validation
human_review
“Human experts review a subset of queries and responses to gauge the system's effectiveness in real-life scenarios.”
7
Iterative refinement
feedback_loop
“Based on testing outcomes, the system undergoes adjustments to improve prompt generation, data synthesis, and overall query handling.”
Reported outcome

SPP minimizes manual intervention, achieving ~150% faster vulnerability response speed and ~155% greater digital infrastructure coverage; the current GPT-4 generation reaches 85–90% query accuracy.

Reported metrics
Vulnerability response speed~150%
Digital infrastructure coverage~155%
query accuracy (GPT-4 generation)85%-90%
query accuracy (early Davinci generation)40%-50%
Show all 5 reported metrics
vulnerability response speed~150%
digital infrastructure coverage~155%
query accuracy (GPT-4 generation)85%-90%
query accuracy (early Davinci generation)40%-50%
manual interventionminimizes manual intervention
Reported stack
Security Posture Platform (SPP)Security Knowledge GraphGraphQLLLMsGPT-4DavinciAzure OpenAI
Source
https://www.linkedin.com/blog/engineering/security/enhancing-linkedins-security-posture-management-with-ai-driven-insights
Read source ↗

Frequently asked questions

What did this team achieve with this AI workflow?

SPP minimizes manual intervention, achieving ~150% faster vulnerability response speed and ~155% greater digital infrastructure coverage; the current GPT-4 generation reaches 85–90% query accuracy.

What tools did this team use?

Security Posture Platform (SPP), Security Knowledge Graph, GraphQL, LLMs, GPT-4, Davinci, Azure OpenAI.

What results were reported?

Vulnerability response speed: ~150%; Digital infrastructure coverage: ~155%; query accuracy (GPT-4 generation): 85%-90%; query accuracy (early Davinci generation): 40%-50% (source-reported, not independently verified).

What failed first in this deployment?

Early AI experimentation was constrained by models with severely limited capacity incompatible with the scale of the security graph, and early blind-test query accuracy was only 40–50%.

How is this compliance monitoring AI workflow structured?

Analyst query submitted → Context generation and indexing → Function-based query mapping → Query routing → Output summarization → Human validation → Iterative refinement.