{"id":"https://openalex.org/W4400484836","doi":"https://doi.org/10.1145/3663529.3663829","title":"AgraBOT: Accelerating Third-Party Security Risk Management in Enterprise Setting through Generative AI","display_name":"AgraBOT: Accelerating Third-Party Security Risk Management in Enterprise Setting through Generative AI","publication_year":2024,"publication_date":"2024-07-10","ids":{"openalex":"https://openalex.org/W4400484836","doi":"https://doi.org/10.1145/3663529.3663829"},"language":"en","primary_location":{"id":"doi:10.1145/3663529.3663829","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3663529.3663829","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5078508133","display_name":"Mert Toslali","orcid":"https://orcid.org/0009-0007-6257-8288"},"institutions":[{"id":"https://openalex.org/I4210087032","display_name":"Cambridge Scientific (United States)","ror":"https://ror.org/001s4dh65","country_code":"US","type":"company","lineage":["https://openalex.org/I4210087032"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mert Toslali","raw_affiliation_strings":["IBM Research, Cambridge, USA"],"raw_orcid":"https://orcid.org/0009-0007-6257-8288","affiliations":[{"raw_affiliation_string":"IBM Research, Cambridge, USA","institution_ids":["https://openalex.org/I4210087032"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045954067","display_name":"Edward Snible","orcid":"https://orcid.org/0000-0001-7802-350X"},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Edward Snible","raw_affiliation_strings":["IBM Research, Yorktown Heights, USA"],"raw_orcid":"https://orcid.org/0000-0001-7802-350X","affiliations":[{"raw_affiliation_string":"IBM Research, Yorktown Heights, USA","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103286515","display_name":"Jing Chen","orcid":"https://orcid.org/0009-0004-7023-4010"},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jing Chen","raw_affiliation_strings":["IBM Research, Yorktown Heights, USA"],"raw_orcid":"https://orcid.org/0009-0004-7023-4010","affiliations":[{"raw_affiliation_string":"IBM Research, Yorktown Heights, USA","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5000551427","display_name":"Alan Cha","orcid":"https://orcid.org/0009-0000-3294-6106"},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alan Cha","raw_affiliation_strings":["IBM Research, Yorktown Heights, USA"],"raw_orcid":"https://orcid.org/0009-0000-3294-6106","affiliations":[{"raw_affiliation_string":"IBM Research, Yorktown Heights, USA","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075342602","display_name":"Sumit Prakash Singh","orcid":"https://orcid.org/0009-0007-6747-8163"},"institutions":[{"id":"https://openalex.org/I4210129961","display_name":"IBM (India)","ror":"https://ror.org/034ahpr11","country_code":"IN","type":"company","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210129961"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Sandeep Singh","raw_affiliation_strings":["IBM, Bengaluru, India"],"raw_orcid":"https://orcid.org/0009-0007-6747-8163","affiliations":[{"raw_affiliation_string":"IBM, Bengaluru, India","institution_ids":["https://openalex.org/I4210129961"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015398570","display_name":"Michael Kalantar","orcid":"https://orcid.org/0009-0004-1006-5008"},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael Kalantar","raw_affiliation_strings":["IBM Research, Yorktown Heights, USA"],"raw_orcid":"https://orcid.org/0009-0004-1006-5008","affiliations":[{"raw_affiliation_string":"IBM Research, Yorktown Heights, USA","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5036809621","display_name":"Srinivasan Parthasarathy","orcid":"https://orcid.org/0009-0005-8203-1242"},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Srinivasan Parthasarathy","raw_affiliation_strings":["IBM Research, Yorktown Heights, USA"],"raw_orcid":"https://orcid.org/0009-0005-8203-1242","affiliations":[{"raw_affiliation_string":"IBM Research, Yorktown Heights, USA","institution_ids":["https://openalex.org/I1341412227"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.4226,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.9333822,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"74","last_page":"79"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9944000244140625,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.537801206111908},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5183947682380676},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.4023655354976654},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.40192484855651855},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.3264119029045105},{"id":"https://openalex.org/keywords/finance","display_name":"Finance","score":0.10549908876419067}],"concepts":[{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.537801206111908},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5183947682380676},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.4023655354976654},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.40192484855651855},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.3264119029045105},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.10549908876419067}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3663529.3663829","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3663529.3663829","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W2962221540","https://openalex.org/W3161874179","https://openalex.org/W4205991051","https://openalex.org/W4224937816","https://openalex.org/W4225809611","https://openalex.org/W4284676027","https://openalex.org/W4284689801","https://openalex.org/W4284692010","https://openalex.org/W4299961325","https://openalex.org/W4308643010","https://openalex.org/W4312443713","https://openalex.org/W4313195722","https://openalex.org/W4318822291","https://openalex.org/W4380994111","https://openalex.org/W4384345635","https://openalex.org/W4386719732","https://openalex.org/W4388856819","https://openalex.org/W4388858920","https://openalex.org/W4389158533","https://openalex.org/W4393161188"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382290278","https://openalex.org/W4395014643"],"abstract_inverted_index":{"In":[0],"the":[1,76,108],"contemporary":[2],"business":[3,20],"landscape,":[4],"organizations":[5,27],"often":[6],"rely":[7],"on":[8,150],"third-party":[9,34,57,142],"services":[10],"for":[11],"many":[12],"functions,":[13],"including":[14,121],"IT":[15],"services,":[16],"cloud":[17],"computing,":[18],"and":[19,53,62,70,79,87,106,133,160],"processes.":[21],"To":[22],"identify":[23],"potential":[24],"security":[25,77],"risks,":[26],"conduct":[28,145],"rigorous":[29],"assessments":[30,46,105],"before":[31],"engaging":[32],"with":[33,75],"vendors,":[35],"referred":[36],"to":[37,113,136,144],"as":[38,60],"Third-Party":[39],"Security":[40],"Risk":[41],"Management":[42],"(TPSRM).":[43],"Traditionally,":[44],"TPSRM":[45,100,104,153],"are":[47],"executed":[48],"manually":[49],"by":[50,102],"human":[51],"experts":[52],"involve":[54],"scrutinizing":[55],"various":[56],"documents":[58,143],"such":[59],"System":[61],"Organization":[63],"Controls":[64],"Type":[65],"2":[66],"(SOC":[67],"2)":[68],"reports":[69],"reviewing":[71],"comprehensive":[72],"questionnaires":[73],"along":[74],"policy":[78],"procedures":[80],"of":[81,156,165],"vendors\u2014a":[82],"process":[83],"that":[84],"is":[85],"time-intensive":[86],"inherently":[88],"lacks":[89],"scalability.":[90],"AgraBOT,":[91],"a":[92],"Retrieval":[93],"Augmented":[94],"Generation":[95],"(RAG)":[96],"framework,":[97],"can":[98],"assist":[99],"assessors":[101],"expediting":[103],"reducing":[107],"time":[109],"required":[110],"from":[111,141],"days":[112],"mere":[114],"minutes.":[115],"AgraBOT":[116,149],"utilizes":[117],"cutting-edge":[118],"AI":[119],"techniques,":[120],"information":[122],"retrieval":[123],"(IR),":[124],"large":[125],"language":[126],"models":[127],"(LLMs),":[128],"multi-stage":[129],"ranking,":[130],"prompt":[131],"engineering,":[132],"in-context":[134],"learning":[135],"accurately":[137],"generate":[138],"relevant":[139],"answers":[140],"assessments.":[146],"We":[147],"evaluate":[148],"seven":[151],"real":[152],"assessments,":[154],"consisting":[155],"373":[157],"question-answer":[158],"pairs,":[159],"attain":[161],"an":[162],"F1":[163],"score":[164],"0.85.":[166]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":4}],"updated_date":"2026-06-16T09:24:06.705377","created_date":"2025-10-10T00:00:00"}