AI Cybersecurity Tools
10 Python-based AI/ML tools for cybersecurity automation. All tools are open-source and production-ready.
Overview
These tools apply large language models (LLMs), machine learning, and NLP to automate the most time-consuming cybersecurity tasks: threat analysis, log review, compliance checking, and incident reporting.
1. ThreatIntel-GPT
AI-powered threat intelligence analysis and report generation
Analyzes threat feeds using large language models, generates structured IOC reports, and correlates threat indicators across multiple intelligence sources. Integrates with STIX/TAXII, MISP, and OpenCTI.
Key Features:
- Multi-source threat feed ingestion (STIX/TAXII, MISP, OpenCTI)
- LLM-powered IOC correlation and contextual analysis
- Automated HTML/PDF report generation
- MITRE ATT&CK technique mapping
- Bulk indicator enrichment via VirusTotal, Shodan APIs
pip install threatintel-gpt
threatintel-gpt analyze --source feeds.json --output report.html
threatintel-gpt correlate --iocs indicators.csv
| GitHub | Release v1.0.0 |
2. LogParser-AI
Intelligent log analysis with ML anomaly detection
Parses Windows Event Logs (EVTX), Syslog, and application logs using machine learning to detect anomalies, suspicious patterns, and potential security incidents. Uses Isolation Forest and Autoencoder models.
Key Features:
- Multi-format log parsing: EVTX, Syslog, JSON, CSV
- ML-based anomaly detection (Isolation Forest, Autoencoders)
- Chronological timeline reconstruction across log sources
- Severity-scored alert generation
- Support for Windows Security, System, Application event logs
Use Cases:
- Post-incident forensic log review
- Real-time SOC monitoring pipeline
- Compliance log audit (ISO 27001, SOC 2)
| GitHub | Release v1.0.0 |
3. ComplianceBot
Automated compliance checking against security frameworks
Automates compliance assessment against ISO 27001, NIST CSF, CIS Benchmarks, and RGPD/GDPR using AI-powered policy analysis. Generates gap analysis reports with remediation priorities.
Supported Frameworks:
- ISO/IEC 27001:2022
- NIST Cybersecurity Framework 2.0
- CIS Controls v8
- RGPD/GDPR (French/EU)
- ANSSI recommendations
| GitHub | Release v1.0.0 |
4. VulnScanner-LLM
LLM-powered vulnerability scanning and contextual analysis
Combines traditional vulnerability scanning (CVE database, CVSS scores) with LLM analysis to provide contextual risk assessment, exploit likelihood scoring, and step-by-step remediation guidance.
| GitHub | Release v1.0.0 |
5. PhishingDetector-AI
ML-based phishing email and URL detection
Uses NLP and URL feature analysis with ensemble machine learning models to detect phishing attempts in emails, URLs, and web pages. Achieves 97%+ detection accuracy on benchmark datasets.
Detection Capabilities:
- Email header and body analysis
- URL and domain reputation scoring
- Brand impersonation detection
- Homograph attack detection (IDN)
| GitHub | Release v1.0.0 |
6. PolicyGenerator-AI
AI-powered security policy generation
Generates customized security policies tailored to organization size, industry, and regulatory requirements. Covers acceptable use, incident response, access control, and data classification policies.
Output Formats: Word, PDF, Markdown
| GitHub | Release v1.0.0 |
7. IncidentSummarizer
Automated incident report summarization with NLP
Summarizes lengthy security incident reports, extracts key findings (affected systems, attack vector, timeline), and generates executive summaries using transformer-based NLP models.
| GitHub | Release v1.0.0 |
8. CVE-Explorer-AI
AI-assisted CVE exploration and impact analysis
Searches and analyzes CVEs with AI-powered impact assessment for your specific technology stack. Provides exploitability scoring, affected version mapping, and patch prioritization recommendations.
| GitHub | Release v1.0.0 |
9. SOC-Assistant
AI assistant for SOC analysts
Interactive AI assistant that helps SOC Level 1/2 analysts investigate alerts, perform triage, query SIEM data, and generate incident response playbooks. Reduces mean time to respond (MTTR) by automating repetitive analysis steps.
| GitHub | Release v1.0.0 |
10. SecureCodeReview-AI
AI-powered secure code review
Analyzes source code for security vulnerabilities (OWASP Top 10, CWE Top 25), suggests contextual fixes, and generates audit-ready security review reports. Supports Python, JavaScript, C++, Java, and C#.
| GitHub | Release v1.0.0 |
| Back to Home | 2026 Ayi NEDJIMI |