flocky is kind of like let's make it easy let's uh built workflows that are super um you know easy to understand and follow uh so hopefully this is a tool that you will be able to use at some point and uh you know let me know uh it's already in GitHub and it has been already two months since I release it

think about this application where the use is interacting with an llm or just a language model um and then this model is the one that is doing a lot of the thinking Some people say it's not reasoning uh it's just predicting right the next uh word um but a lot of the the knowledge and context that it has it kind of produces output that it's it's super interesting and it looks like it's actually thinking reasoning across different tasks

so the the first one that we talked about here this is just your basic reflection type of loop where it's taking the the the task is reasoning over executing something trying to reason um providing some feedback into like what happens and then it just goes back right into that into that Loop

Dapper kind of like comes with this concept of a site car that it's already acting as a proxy for you and there is already a lot of different connectors and Integrations for a specific uh Services right so as you can see in here you can do workflows you can access secrets and but and what I mean by that is that if I write code to access a secret from an Azure key I don't want to rewrite it or import another thing just to you know talk to the equivalent in AWS

the workflow patterns that Dapper comes with are very basic you know task chaining it comes with a fan out fan in and also with a concept of of like monitoring so what that means is that you can have this wild Loop and also expect an event to occur uh in order for you to do something with it

so at the end that's what flocky is a a tool that not only provides the fundamentals of One agent but it actually allows you to take that agent and convert it into a microservice and also have it exposed as a like a I don't know fast API server and then it's able to communicate with other um you know microservices through you know message systems like pops up right like publish And subscribe subcribing right

the idea is that I wanted to define a couple of you know deterministic workflows initially just to kind of download papers from arxiv which keeps a lot of the you know research I guess papers that that the community publishes and you know shares with others and there's an API that you can set and say for example I want to focus only on computer science uh papers and I would love to to look for the concepts of Agents or gen and like blue team red team offense defense across all of them

so this is the AI security voice uh podcast it already has two episodes and there is one more coming today uh and it's just pretty much talking about let me see if I can play I don't know if I can play the thing through here by Design effectively so addressing these concerns can lead us to a structured

now what are the challenges that we're trying to solve in my opinion in cyber security especially from the defensive uh side this is what everybody wants to build right this is something that um even when I talk to a few folks internally and Microsoft right we're trying to figure out what is the best way to have a system that has the right tools to communicate with the right tables do NL to kql um and then figure out like how to write query all that information

usually I I see these as data transformation and then the hunt right and usually we are involved with the hunt not so much on this area um my team right now that is more focused on AI uh let's say enabling autonomy to defend Microsoft that's my team at the moment we are now focusing on the ontology but to support agents and figure out what they can do with it

I can build a system that allows me to transform the data in a way that it could also infer its own ontology right it can infer its own schema its own data model and then since we always think in graphs because we're trying to connect the dots trying to connect the evidence right we can actually go from the ontology the data model right to a graph and we can also make the system write the code to go from custo with onology and directly ingested into a graph

one you don't have to worry about any other schemas anymore like even if I you know get dropped into an incident where there is multiple custa clusters with new schemas I don't have to worry about that because there is a system that will'll be able to right take a look at it we'll be able to query maybe the um last five events and get an idea of like what this ontology could be like what is the schema of this event

so at the end right you have all of these security platforms with all these different information it doesn't matter if you even add things such as attack paths from like blood hound for example or or any other you know attack path management system you can integrate that and say hey can you just add it to the onology right can you just connect that thing with my activity data and then be able to to Traverse the graph

but if you want to identify anomalies you have to look at it from a global view right so the efforts right now for example in the team in general and this is not new every a lot of people have been doing that already so that's what you know I can to me I can share it but we're trying to figure out what it means to have a global view of of a graph and how much time it takes to train a model

so the idea is that you know we can index a lot of this schemas and the more schemas people bring to the conversation is totally fine just bring all the schemas that you have and then be able to take all of those create an index so be able to send those to a vector database try to do query decomposition where you can take the first the the question or the multiple sentence question that a user might have break it down into small pieces and do like a multihop type of rack right retrieval augmented generation

so I can take the same it's going to look kind of like the same so this is flocky it looks pretty much the same but but the difference with flocky is that Dapper only allows you to define a workflow a function and and and instead of a task it was called an activity right that's called an activity activity activity and all you can execute is just python functions right with flocky I introduced the concept of a task

flocky is something like this look how small that thing is uh so you can have a workflow where you can only have let's say one task with its own prompt the variables I guess the parameters or arguments of the function are going to also be used to um you know be substitute um inside of the prompt

the idea with with flocky is that when you work with Dapper for example and you want to Define your services right you define services that are exposed with a fast API like this in Dapper right you can actually build an application and then simply expose it right with an API

so let's use a work FL LM so what that means is that the way how this workflow works is that it's going to know how many agents are it's going to know the goals of the agents and then every single question is going to be routed through this you know manager agent and it's going to decide who speaks next

this workflow is going to initiate is going to capture any input it's going to be waiting for any type of this could be a question of like hey I want to query for any type of file creation events in my environment

now what I can do is I can just interact this as if it was just as any API I'm G to make this bigger and I'm just saying a file was involved in an alert and it is now in every in every in several endpoints I want to know more about files being created right