Camelot Secure’s AI wizard eases path to cybersecurity compliance

The Cybersecurity Maturity Model Certification (CMMC) serves a vital purpose in that it protects the Department of Defense’s data.

But certification – which includes standards ensuring that businesses working with the DoD have strong cybersecurity practices – can be daunting. Fulfilling all the detailed requirements across multiple maturity levels is costly and time-consuming, especially for smaller businesses without dedicated cybersecurity teams.

Cybersecurity company Camelot Secure, which specializes in helping organizations comply with CMMC, has seen the burdens of “compliance overload” first-hand through its customers. Like many innovative companies, Camelot looked to artificial intelligence for a solution. The result is Myrddin, an AI-based cyber wizard that provides answers and guidance to IT teams undergoing CMMC assessments.

Compliance fatigue, and the need for automation

The Myrddin project was created out of a pressing need among Camelot Secure customers to simplify and accelerate the CMMC process. 

Common challenges to becoming compliant include simply understanding the requirements (CMMC has five maturity levels, each with different security standards) and having the in-house expertise to implement the necessary security practices.

“We noticed that many organizations struggled with interpreting and applying the intricate guidelines of the CMMC framework,” says Jacob Birmingham, VP of Product Development at Camelot Secure. “This often resulted in lengthy manual assessments, which only increased the risk of human error.”

To address compliance fatigue, Camelot began work on its AI wizard in 2023. It utilized Generative AI technologies including large language models like GPT-4, which uses natural language processing to understand and generate human language, and Google Gemini, which is designed to handle not just text, but images, audio, and video. Camelot has the flexibility to run on any selected GenAI LLM across cloud providers like AWS, Microsoft Azure, and GCP (Google Cloud Platform), ensuring that the company meets compliance regulations for data security.

Throughout 2024, Camelot’s team of in-house developers built the AI wizard that would become “Myrddin,” training it to understand CMMC guidelines and answer questions quickly with a focus on actionable, real-time guidance. The decision to start in a controlled environment and gradually expand AI capabilities allowed Camelot the time to mitigate risks and hone Myrddin before its rollout in September 2024.

“Myrddin is now part of our CMMC dashboard tool that assists users in conducting gap assessments and interpreting cybersecurity compliance guidelines,” says Birmingham. “It has streamlined the entire process, helping IT teams handle CMMC assessments more effectively.”

Putting an AI assistant to work for cybersecurity compliance

The Camelot Secure team’s breakthrough came when Myrddin was finally integrated into the company’s CMMC dashboard tool. This is the moment when the bundling of AI technologies transitioned to a real-time cyber wizard capable of providing CMMC guidance through voice and text. 

Myrddin uses AI to interact intelligently with users. It offers responses based on user questions about specific cybersecurity compliance areas and eliminates the tedious process of wading through documents. For instance, Myrddin would quickly offer advice and instructions on how to structure policy documentation or design network diagrams to meet specific security control requirements.

Birmingham says the company plans to expand Myrddin’s AI capabilities into its other product areas. But for now, Myrddin’s specialty is helping organizations comply with CMMC quickly and securely through automation.

“Myrddin’s ability to not only provide real-time advice but also to eventually automate the entire gap assessment process makes it a game-changer in cybersecurity compliance,” he says.

Saving time and reducing compliance effort and errors

Since integrating Myrddin into its CMMC dashboard tool, Camelot has been able to improve both its internal processes and how customers manage compliance tasks. 

Birmingham says the most notable difference has been the reduction in the time, effort, and potential human error typically associated with CMMC gap assessments. With gap assessments, IT teams have to identify the differences between the company’s cybersecurity practices and the standards required for CMMC compliance. It is usually a prolonged and manual process.

“Using Myrddin’s real-time answers and guidance, even junior team members at small and medium-sized businesses can handle complex CMMC controls,” says Birmingham. 

“The ease-of-use has decreased the downtime that comes with manual reviews while improving response times as the AI learns. Myrddin has also freed up teams to focus on risk management and strategic planning instead of getting slowed down by repetitive manual compliance checks.”

For its work automating CMMC compliance with AI, Camelot Secure earned a 2024 CSO Award, which honors security projects that demonstrate outstanding thought leadership and business value.

Beyond compliance to a full AI-based cybersecurity solution

Camelot’s immediate goal with Myrddin is to keep improving its AI capabilities so users can conduct full AI-driven gap assessments. As cybersecurity compliance standards evolve, Myrddin’s knowledge base will expand so it can continue providing up-to-date, reliable guidance. 

However, integrating Myrddin into the CMMC dashboard was just the beginning. The dashboard is one of many services in the company’s cybersecurity platform, Camelot Secure 360, which also includes detection and response, threat hunting, and incident response. Birmingham says the company plans to expand Myrddin to deliver AI-assisted guidance across these services in the near future.

“Our vision is to transform Myrddin into a versatile cybersecurity assistant that helps organizations stay compliant while also defending them against new cyber threats.”