CyLeague HD and SMBC Cyberfront to Launch AI-Powered 'Cyber Attack Response Navi' in October 2026

CyLeague Holdings Co., Ltd. (Headquarters: Minato-ku, Tokyo; Representative Director and President: Hiroshi Fukutome; hereinafter 'CyLeague HD'), a subsidiary of Change Holdings Co., Ltd. (Headquarters: Minato-ku, Tokyo; Representative Director and Executive Officer: Hiroshi Fukutome) and an intermediate holding company promoting the cybersecurity business, will begin offering a new service, 'Cyber Attack Response Navi', from October 2026. This service was jointly developed with SMBC Cyberfront Co., Ltd. (Headquarters: Chiyoda-ku, Tokyo; Representative Director: Yasunori Aoki; hereinafter 'SMBC Cyberfront'), a joint venture in which CyLeague HD participates.

This service utilizes an AI that leverages knowledge and data accumulated in the security operations of domestic companies and organizations, including the SMBC Group, to assess the risk level of potential cyberattacks and present response procedures. It supports rapid initial response for companies and organizations that find it difficult to secure dedicated security personnel, contributing to the improvement of their cyberattack response capabilities.

■ Background of Development: Increasing Executive Cyber Responsibility and the 'Post-Detection Wall' Faced by the Field

From May to June, during the peak period for financial results announcements and annual shareholders' meetings for companies with March fiscal years, management is facing unprecedented demands from shareholders and institutional investors to explain their 'preparedness for cyber risks'. In recent years, there have been a series of cases where ransomware attacks causing the shutdown of core systems and accounting processes have directly led to delays in submitting securities reports and downward revisions of earnings. The incident response system has become a critical ESG issue affecting corporate value, and top management is urgently required to build a rapid incident response system from the perspective of the 'duty of care' under the Companies Act (*1).

The damage from cyberattacks has transcended the mere IT department issue and is developing into a situation that threatens business continuity itself. According to the latest survey by the National Police Agency, half of the companies affected by ransomware incurred investigation and recovery costs of '10 million yen or more', highlighting the increasing severity of the damage (*2). Furthermore, the risk of supply chain attacks (cyber dominoes) that involve not only the company itself but also its business partners has been identified as a major threat for four consecutive years (*3), raising concerns about the impact on the entire social infrastructure.

In response to these threats, 'detection mechanisms' are being put in place through the introduction of EDR (*4) and other tools. However, the field is facing the following 'post-detection wall':

Difficulty in Judgment: Inability to determine the risk level or the necessity of isolation for 'Critical' alerts, 'logins from overseas IPs', or 'suspicious PowerShell executions'.

Stagnation of Initial Response: Even after receiving a notification from a SOC (*5), the next steps are unclear, and the response relies on a limited number of specialized personnel.

Limitations of General AI: General-purpose generative AI struggles to provide specific response procedures tailored to the company's own environment.

Thus, while many organizations have 'detection mechanisms', they lack the practical judgment to 'determine what to do after detection and how to act'.

Furthermore, looking ahead to the 'SCS (Supply Chain Cybersecurity) Evaluation System' led by the Ministry of Economy, Trade and Industry, which aims to start operation at the end of fiscal year 2026, companies are required not only to introduce security tools but also to establish a 'system for appropriately judging incidents and linking them to initial response' (*6). To bridge this gap between management challenges and on-the-ground realities, we have developed the new service 'Cyber Attack Response Navi', which uses AI to instantly analyze the severity of incidents and support the initial response (judgment) of management and field personnel.

■ About 'Cyber Attack Response Navi'

'Cyber Attack Response Navi' is an AI security judgment support service jointly developed by CyLeague HD and SMBC Cyberfront. By inputting security alerts, SOC notifications, or questions related to cyberattack response, such as 'Is this a sign of a cyberattack?', 'Should I respond immediately?', or 'What should I check next?', the AI interprets the content and presents the risk level, items to check, and recommended response procedures.

For example, by inputting EDR alerts, UTM (*7) logs, IDaaS (*8) suspicious login notifications, SOC notification texts, or questions like 'Could a login from an overseas IP be unauthorized access?', 'I detected a suspicious PowerShell execution, how far should I investigate?', or 'Unfamiliar external communication is occurring, should I block it?', the AI will provide answers from the following perspectives:

- The possibility that the event is a sign of a cyberattack
- Whether to respond immediately or conduct additional checks
- Logs, terminals, accounts, and communication destinations to check first
- Priority of isolation, blocking, additional investigation, and escalation
- Response procedures tailored to the company's own system and environment
- Points to report to management and related departments

This service is not a substitute for AI making final judgments or actual responses. It is a support tool for on-site personnel and information system departments to proceed with cyberattack response more appropriately and quickly while confirming the basis for their judgments.

■ Main Features

1. Leveraging Knowledge and Data from Multiple Domestic Companies and Organizations
Utilizing knowledge and data accumulated in security operations, provided by multiple domestic companies and organizations including the SMBC Group, to support judgment for events that may be cyberattacks.

Unlike general-purpose generative AI, it aims to present risk levels, items to check, and response priorities based on judgment patterns built up in actual security operations.

In the future, through collaboration with security vendors, corporate SOCs, incident response experts, etc., the service will continue to evolve.