The cybersecurity landscape has been transformed by machine learning and AI, with examples ranging from the application of representation learning to discover generic features from complex cybersecurity artifacts, to the use of large language models to assist with cybersecurity tasks. In this talk, I will illustrate how these approaches can improve our ability to understand, predict, and defend against cyber threats. I will first describe scenarios where they can be game-changers for cybersecurity analysis. Then I will dive into our results across three concrete use cases. I will begin with the classic IP reputation problem, demonstrating how simple word and graph embedding techniques can identify clusters of IP addresses engaged in similar malicious activities. This helps us understand the behavior of IP addresses seen online, anticipating by days the information that is published on public blocklists, with better threat coverage. Next, I will show how LLMs can be used to support vulnerability management, particularly to parse and classify vulnerability reports. Here, a good example of pitfalls and hype-driven applications becomes evident, as we will show that classic ML still delivers better performance than state-of-the-art hosted LLMs. Finally, I will briefly touch on recent results in a lively and promising direction: using agentic AI to automate cybersecurity tasks. Using pentesting as a case study, I will present our AutoPenBench framework for evaluating generative AI agents in automated penetration testing. I will show that assisted agents achieve promising results, whereas fully autonomous systems still struggle — once more highlighting both the potential and current limitations of AI-driven cybersecurity.
Idilio Drago is an Associate Professor at the University of Turin, Italy, in the Computer Science Department. His research focuses on Internet measurements, cybersecurity, and AI applications in cybersecurity, with particular emphasis on applying AI and machine learning approaches to extract knowledge from traffic and logs and to automate security tasks. Dr. Drago has published over 100 research works with 4,200+ citations. He was awarded the IETF/IRTF Applied Networking Research Prize in 2013 for his work on cloud storage traffic analysis, and received the best paper awards at PAM 2013 and MADWeb 2025. His DarkVec paper was runner-up for best paper award at ACM CoNEXT 2021. He holds a Ph.D. in Computer Science from the University of Twente, Netherlands, and a Master’s degree from the Federal University of Espírito Santo, Brazil. Before joining the University of Turin, he was a Postdoc Researcher (2014-2016) and Assistant Professor (2017-2019) at Politecnico di Torino, Italy. He has visited the Federal University of Minas Gerais in 2019, collaborating with Prof. Jussara Almeida on multiple research topics. Dr. Drago currently coordinates several major research projects, including the EU-PNRR Cascate Call Project QCPS2 (PE SERICS), serves as UNITO Coordinator of the Italian PRIN Project ACRE on AI-Based Causality and Reasoning for Deceptive Assets, and acts as Italian Coordinator of the EU CHIPS JU project DistriMuse. He is a Steering Committee Member of the Network Traffic Measurement and Analysis (TMA) conference, Associate Editor of the IEEE Transactions on Network and Service Management journal, and Information Director of the Proceedings of the ACM on Networking journal (PACMNET). He is affiliated with the UNITO HPC4AI Center for High-Performance Computing for Artificial Intelligence and the CINI Cybersecurity National Lab.