Towards Autonomous Detection Engineering�Embedding-Based Retrieval & MCP Orchestration

Fatih Bulut, Anjali Mangal

Microsoft

12/10/2025

Autonomous Detection Engineering

12/10/2025

TTPs

Today’s Detection Engineering

• Dispersed rules across multiple platforms lead to duplication and inconsistencies.
• Workflows rely heavily on manual, ticket-based processes that are vulnerable to fragile handoffs.
• There is a lack of comprehensive visibility into coverage, quality, and technical debt.

12/10/2025

Goal

• Objective: Enhance existing detection tools with AI to speed up creation, minimize duplication, and reveal coverage gaps.
• Approach: Aggregate data, enrich with AI, index, use MCP tools, apply guarded generation, and involve humans in the loop.
• Outcome: Achieve safe, gradual automation that supports analysts by reducing repetitive tasks, not replacing them.

12/10/2025

Architecture

Preparation of Detection Metadata

• Combine multi-source rules into a single schema (id, tactics, language, entities, sources, logic).
• Extract information such as ATT&CK mapping, entity types, logic, dependencies using AI.
• Utilize prompted analyzers with few-shot examples and schema-driven JSON outputs.
• Maintain quality via self-consistency checks and schema validation.

12/10/2025

Cataloging for Information Retrieval

• Vector database for efficient semantic access and retrieval
• Relational database to manage metadata mapping and details
• Embedding models for representation, and inference.

12/10/2025

Democratize Use Across the Ecosystem

12/10/2025

?

Model Context Protocol (MCP)

12/10/2025

• Standardized interface — Defines how LLMs interact with external tools, data sources, and APIs in a consistent, secure way.
• Context orchestration — Enables models to dynamically request, retrieve, and use relevant context (files, queries, connectors) during reasoning.
• Extensible ecosystem — Supports plug-and-play “tools” (e.g., code, search, calendar) so models can act as autonomous, context-aware agents.

https://modelcontextprotocol.io

Core Building Blocks of MCP Server

• Server: Hosts tools, prompts, and resources.
• Client: The model or app that connects to the server.
• Session: Manages communication and context sharing.
• Tools / Prompts / Resources: The capabilities the model can call to reason, retrieve data, or act.

12/10/2025

What Tools Do We Need?

12/10/2025

Visual Studio Code for Orchestration

• Implementation of agentic orchestration is already available
• Offers built-in support for MCP server integration
• Comes with extra functionalities like web search
• The tool is widely used and recognized among developers

12/10/2025

Experiments

• A total of 22 detections spanning two separate platforms
• The primary languages used were PySpark and KQL
• All MITRE ATT&CK tactics were addressed by the detections, with the exception of Reconnaissance
• Three different methods were investigated:
• Baseline
• Sequential
• Agentic
• OpenAI models are compared (GPT-4o, GPT-4.1, o1, o3, GPT-5, GPT-5.1)

12/10/2025

Evaluation

• LLM as a Judge

{

        "ttp_match": true,

        "logic_equivalence": true,

        "schema_accuracy": true,

        "syntax_validity": true,

        "indicator_alignment": true,

        "exclusion_parity": true,

        "robustness": true,

        "data_source_correct": true,

        "output_alignment": true,

        "library_usage": true

}

• Embedding cosine similarity between gold and generated detection

​

12/10/2025

Setting the Right Expectation

​

​

Because we depend solely on the model's capability to produce code using a restricted set of tools without executing the code, we do not anticipate perfect scoring.

12/10/2025

Results

12/10/2025

Which method proves to be more effective?

*Mean value calculated from high, medium, and low reasoning efforts across various models.

Results

12/10/2025

Which model performs better?

*Mean calculated across high, medium, and low levels of reasoning effort for the agentic approach.

Results

12/10/2025

Which type of reasoning effort is more effective?

* Only agentic approach is used.

Token Consumption

12/10/2025

40X

2X

X

Baseline

Sequential

Agentic

Cost Increases

Task completion time increases

Key Insights

• An agentic workflow is a more effective option for detection generation
• Involves a multi-turn process
• Selects tools as necessary
• Allows for course correction and error fixing
• High-level reasoning is advantageous if cost is not a major issue
• Note: it requires more time (and expense)
• Models tend to be unreliable for scoring when acting as judges, especially across a broad range of values
• It’s better to pose specific questions that yield True/False answers

12/10/2025

Future Work

• Conduct experiments involving more detections, encompassing the majority of MITRE ATT&CK techniques (beyond tactics).
• Perform evaluations with human validation to ensure that automated scoring aligns with human judgment.
• The research is centered solely on OpenAI models, plan to investigate other model providers.

12/10/2025

Thanks!

12/10/2025