XAI and zero-shot learning can be applied to different areas of a cybersecurity ecosystem. Let’s take an example of an ML model that monitors network traffic in an office network. Say, it flags a data transmission above 100MB happening from a network computer to a Google drive account as an anomaly—different from normal network flows. If we show the security operation centre analyst additional parameters that made us flag this as anomaly, like size of data files and destination domain, this information can save the analyst valuable time in classifying this as a data exfiltration attack. The system can further take feedback from the analyst and start auto-labelling new such attacks as data exfiltration. Extrapolate this to a network with thousands of nodes and users, explainability and zero-shot learning can save hours of valuable time spent by analysts in searching for the needle in the haystack.

