Scaling Security Data Analysis with AI Agents and Code-Act via Jupyter
Abstract
Current LLM-based data analysis often fails in cybersecurity due to the inefficiency of passing massive, unstructured datasets (like XDR logs) directly into a context window. This talk introduces a "Code-Act" methodology, where AI agents utilize Jupyter Notebooks as execution environments to reason over data via code rather than raw text consumption. By integrating Model Context Protocol (MCP) servers with Jupyter kernels, analysts can enable agents to perform complex data manipulation, visualization, and statistical analysis autonomously. The presentation demonstrates how this approach improves accuracy in threat hunting, provides an audit trail through notebook cells, and uses "AI Agent Skills" to implement structured, professional security workflows.