Building the Cervello AI Agent: Empowering Cybersecurity Analysts in Railway Networks
Transforming railway cybersecurity analysis for researchers and analysts through intelligent automation and contextual AI
The Challenge: Information Overload in Railway Cybersecurity
Railway systems are vast, interconnected, and increasingly digitized. Analysts must investigate incidents and anomalies across numerous assets – onboard units, interlocking systems, signaling equipment, RTUs, and more while data remains fragmented across different tools and platforms.
This manual, time-consuming process makes it difficult for cybersecurity teams to quickly understand risk, identify threats, or track down the root cause of operational issues.
We built a tool to change that – designed specifically for internal cybersecurity researchers and analysts.
Our Solution: The Cervello AI Agent for Analysts
The Cervello AI Agent is a powerful internal tool designed to support our cybersecurity analysts – not replace them. It acts as an intelligent assistant, built to accelerate investigations, surface meaningful insights, and reduce the manual burden of navigating complex railway infrastructure.
This agent mirrors the thought process of an experienced cybersecurity researcher: it identifies important signals, understands relationships between assets and stations, tracks known vulnerabilities, and delivers context-rich summaries grounded in real operational context.
Analysts can ask high-level questions such as:
- “What’s the current risk level at Station A?”
- “Which interlocking assets are still running outdated firmware?”
- “Are there any known vulnerabilities affecting this asset?”
- “What vulnerabilities were associated with the last incident at Station C?”
The Cervello AI Agent helps researchers move from data to decision quickly and reliably, minimizing cognitive load and making analysis accessible even in high-pressure scenarios.
Our goal is to empower analysts to work faster and smarter with an AI assistant that truly understands the language, structure, and dynamics of railway cybersecurity.
Architecture Overview: How the Cervello AI Agent Works
The Cervello AI Agent is built on a modular, scalable architecture composed of three core technologies:
Large Language Models (LLMs)
Advanced language models drive the agent’s reasoning, summarization, and natural language capabilities. Analysts can ask questions in plain language and receive context-aware, business-relevant insights.
The AI Agent is guided by a detailed system prompt – a carefully designed set of instructions that guide how it interprets input, prioritizes information, and formats responses. This ensures the agent consistently behaves like a knowledgeable cybersecurity analyst and delivers structured, actionable outputs.
Orchestration Tool
A workflow orchestration tool serves as the automation backbone of the agent. It connects to all internal data sources such as asset inventories, incident records, vulnerability feeds, and system logs, and routes each request through modular workflows.
Each agent request flows through a dedicated data transformation sub-workflow, ensuring that the LLM receives clean, structured, and enriched data ready for analysis.
Vector DB
The agent’s semantic memory is powered by a vector database that stores embedded knowledge about:
- Asset relationships and network topology
- Historical incidents, vulnerabilities, and remediation strategies
- Platform documentation and analysis methodologies
This enables fast, meaningful retrieval of relevant context and improves the quality of insights the AI Agent delivers.
Together, these components allow the Cervello AI Agent to deliver fast, intelligent, and actionable responses to analysts while continually learning from the organization’s evolving infrastructure.
What’s Next: A Conversational Analyst Assistant
While the current version of the AI Agent is used by our internal analysts and researchers, we’re exploring the next step: embedding it as a chatbot within the Cervello platform.
This would allow teams to:
- Ask real-time questions during investigations
- Surface instant insights directly from asset pages
- Receive proactive recommendations about security posture and vulnerability exposure
- Explore relationships and risks using natural language
This conversational capability would further democratize cybersecurity insights across roles and teams, not just for analysts, but also operations and engineering.
The Takeaway
The Cervello AI Agent is already transforming how our cybersecurity researchers work. It helps them focus on what matters, reduces repetitive tasks, and brings organizational knowledge to the forefront of every investigation.