FACADE: High-Precision Insider Threat Detection Using Contrastive Learning
Black Hat USA 2025 · Day 1 · Briefings
Google's FACADE system uses contrastive learning to score every user-resource access event across billions of activities per year, achieving detection of red team attackers within the top 0.01% most anomalous events. The system requires no labeled insider threat examples to train, instead bootstrapping from normal behavioral patterns, and is now publicly available as an open-source reference implementation on GitHub. ---
AI review
Google built a real insider threat detection system, ran it on ten billion events a year for seven years, and put the code on GitHub. That's the kind of receipts that end arguments. The contrastive learning trick for bypassing the label scarcity problem is the genuine contribution here — everything else is solid engineering.