Building AI Cybersecurity Assistant WithSecure Luminen in Less Than 6 Months Using Amazon Bedrock

WithSecure’s solutions make cybersecurity accessible for mid-market companies that might not have specialized knowledge or security operation centers. WithSecure Elements (Elements), its flagship product, integrates software, services, security capabilities such as threat detection and response, exposure management, and co-security services, providing extensive data on an organization’s security posture in structured, tabular views.

WithSecure wanted to simplify this information and provide it in their customers’ local languages to drive speed and effectiveness in threat mitigation. “We want to democratize cybersecurity,” says Leszek Tasiemski, vice president of foundation product at WithSecure. “Customers don’t need to be cybersecurity experts to use our product, and if they are experts, we make it easier for them to connect the dots.”

The need to convert data into a narrative led WithSecure to explore generative AI. Given its European lineage, the company wanted to keep data privacy and data sovereignty at the forefront of solution development. Since it already used AWS, its privacy standards and processes were built around AWS.

By choosing Amazon Bedrock—a fully managed service that offers a choice of high-performing foundation models—WithSecure eliminated the complexity and expense of self-hosting foundation models. “We could choose between models and switch to new ones when they were introduced,” says Klas Kindström, director of product analytics and telemetry at WithSecure. “Cost efficiency and the availability of Amazon Bedrock in European AWS Regions were important for us too.” Amazon Bedrock’s robust data protection and privacy were a good fit with WithSecure’s stringent security standards as well.

 

Development began in December 2023 with an internal hackathon, and a public beta release came in May 2024. “Luminen was one of the fastest cases of building a product from scratch, and it wouldn’t have been possible without Amazon Bedrock being a managed service,” says Tasiemski. After collecting feedback and making usability improvements, WithSecure launched Luminen in September 2024.

During development, WithSecure switched to more high-performing and cost-effective models as they became available—enhancing Luminen’s capabilities without requiring code changes. WithSecure’s model training did not involve the use of customer data but rather prompts were built from examples of anonymous data. Additionally, the team built internal checks to improve Luminen’s output quality. For example, if the generated summary is too long or clearly incorrect, Luminen regenerates it for greater accuracy.

WithSecure uses a second, stronger large language model in the background to validate Luminen’s output quality and minimize hallucinations. This helps to build customer trust in the product’s reliability.

Luminen integrates with Elements and comprises two key skills. The Security Awareness Assistant analyzes complex data tables to provide a 7-day overview of the organization’s security status in a few paragraphs. The Investigation Assistant analyzes highly technical tabular and graphical data on identified security issues to build a narrative. “It’s a game changer because it provides an immediate and comprehensive deep dive that helps customers understand the issue and analyze it further,” says Tasiemski.

These skills are available at the click of a button on the Elements interface. Luminen can localize the output in 10 languages, making it simpler and faster for customers to understand their security posture and take appropriate action.

Customers use the comprehensive analysis on Luminen to remediate issues on their own, reducing the need to involve the Elements team. “It’s very rare to get so much praise,” says Tasiemski. “Customers say that they can understand and react to security events much quicker, and it’s simpler.” WithSecure aimed to boost efficiency and save time for customers, and on both fronts, the feedback confirms that Luminen fulfills its purpose.

The company plans to strengthen Luminen’s overviews by adding information about exposure management—identifying, assessing, and helping customers mitigate security vulnerabilities. It is also working on a subscription-based version, Luminen Pro, which will provide Luminen’s skills through API access, generate monthly and quarterly security overviews to align with customers’ auditing needs, and provide context-sensitive recommendations to minimize the risk of cyberattacks.

Luminen Pro will include a Threat Assistant, a richer narrative that will give customers contextual information on identified security threats. Over its years of cybersecurity expertise, WithSecure has used technologies like Amazon Neptune—a serverless graph database—to build knowledge graphs and store relationships between security events. “We can easily integrate Amazon Neptune and Amazon Bedrock to provide informative output to our customers,” says Kindström.

AWS will continue to have an important role in WithSecure’s development. “Working alongside AWS is frictionless,” says Kindström. “We get continuous updates on services, which helps us plan further, and we can experiment internally to optimize our processes.”

WithSecure is also looking forward to using AWS European Sovereign Cloud—the new, independent cloud designed to meet the evolving sovereignty needs of customers in Europe—when it becomes available.