rvlsoft - Fotolia
CW Innovation Awards: Transforming cyber security with AI
Facing rising cyber threats and a shortage of experts, Citic Telecom International CPC developed an AI-powered penetration testing tool to automate security audits and reduce costs
With cyber attacks becoming more sophisticated, Hong Kong-based Citic Telecom International CPC faced growing pressure to protect its IT assets. Traditional penetration testing, though essential, was costly and required cyber security expertise. The shortage of cyber security experts further compounded the problem, making it challenging to conduct regular and comprehensive security audits.
To address these issues, Citic Telecom wanted a solution that would lower the technical barriers for conducting penetration tests, enabling junior IT staff to perform this advanced security testing task. The goal was to enable regular and automated scanning to identify and address vulnerabilities promptly and reduce costs while improving the efficiency and accuracy of cyber security testing.
Citic Telecom developed the TrustCSI AI Pentest tool to address these challenges. The tool integrates traditional penetration testing tools with its AI penetration testing technology, along with its Hong-Kong patented method for generating SQL injections for web application firewall security testing.
TrustCSI AI Pentest automates penetration testing processes, making them faster, more accurate, and accessible to non-experts. Key features of the tool include asset scanning, vulnerability detection, weak password testing, SQL injection and cross-site scripting (XSS) injection. In addition, it supports customised penetration testing tasks and generates penetration test reports.
Traditional penetration testing was often sporadic due to its high cost and time requirements. TrustCSI AI Pentest introduced an automated scheduling function, allowing non-professional users to conduct regular scans of its IT assets. This ensures that vulnerabilities are promptly identified and addressed, significantly reducing the risk of cyber attacks. It also eliminates the need for extensive professional training and reduces system maintenance costs, making daily security testing more accessible.
By leveraging AI technology, TrustCSI AI Pentest created efficient and targeted payloads to identify information security vulnerabilities that traditional tools often miss. This approach significantly improved the accuracy and efficiency of vulnerability discovery. The tool also streamlined reporting with AI-generated insights, interpreting test results to produce clear, user-friendly reports that provide insight into cyber security vulnerabilities.
Citic Telecom also built a portal that allows users to check the cyber security level of IT assets, which enables enterprises to take preventive measures before cyber attacks occur and reduce the probability of security incidents.
The project delivered substantial cost savings by minimising reliance on expensive third-party tools and reducing the need for cyber security experts. A key cost-saving measure is reduced software licensing fees. Each outsourced penetration test for one system used to be HK$20,000 (US$2,571), and penetration testing for 20 critical systems per year amounts to around HK$400,000 (US$51,424). TrustCSI AI Pentest now helps to reduce the costs and is expected to save the company an estimated HK$200,000 (US$25,712) annually.
Automating the testing task has also reduced the workload for Citic Telecom's in-house cyber security personnel. Typically, penetration testing is conducted on around five systems per quarter, with annual security scanning covering 126 systems. Additionally, testing scans are mandatory before application system upgrades, changes, and the deployment of new systems. Previously, 150 man-days were spent annually on penetration testing. TrustCSI AI Pentest has halved this effort, saving 80 man-days per year.
Key success factors
The project’s success was driven by several key factors. A structured change management approach meant that change requests were evaluated by designated team members that included AI engineers, IT experts and cyber security professionals. Management approval was mandatory before implementing any changes, ensuring alignment with project objectives and cyber security needs.
A diverse team with the right skills, knowledge and openness to change was carefully assembled. This ensured that the team could effectively drive and adapt to changes, fostering efficiency and innovation.
Effective communication played a key role. The team held weekly meetings and real-time internal messaging platforms helped to ensure open, transparent communication. This kept all members updated about the progress, changes and impacts, reducing uncertainty and building trust throughout the project.
Agile project management principles were applied, with the project divided into five sprints – each involving requirements confirmation, design, implementation and user acceptance testing. This agile approach allowed flexibility, minimised change requests and ensured timely delivery. The project was eventually completed on schedule and within the allocated budget of HK$740,000 (US$95,135).
With the successful completion of the project, Citic Telecom has learned that accurate AI models require a substantial amount of training data. To address a shortage of suitable data, the company used multiple testing environments, manually collected cyber security data, integrated internet-sourced data and used data augmentation techniques to expand the dataset.
Citic Telecom also saw the benefits of modularising testing functions. As penetration testing means that different targets require varied test content, by integrating testing functions into the platform in the form of modules, it allowed users to customise test templates for specific targets, improving platform flexibility and reducing future development costs.
Finally, close collaboration between cyber security experts and IT operators proved invaluable. Cyber security insights shaped the functional scope and compliance of TrustCSI AI Pentest, while IT operator feedback improved test report readability and usability, ensuring the project’s effectiveness.
Read more about CW Innovation Awards 2025
- M1 is running all its backend systems on the cloud, enabling it to speed up decision making and enhance customer service.
- Singapore real estate investment firm CapitaLand Investment taps machine learning models to optimise space utilisation across 23 commercial buildings and business parks.
- A company-wide SAP revamp has transformed Bosch Global Software Technologies’ financial and HR processes, delivering granular insights and streamlined operations.
- DBS Bank’s generative AI tool is streamlining customer service, reducing manual work and speeding up response times, improving both employee and customer experience.
