The Evolution of Pentesting with AI
04/04/24 • 53 min
How is AI transforming traditional approaches to offensive security, pentesting, security posture management, security assessment, and even code security? Caleb and Ashish spoke to Rob Ragan, Principal Technology Strategist at Bishop Fox about how AI is being implemented in the world of offensive security and what the right way is to threat model an LLM.
Questions asked:
(00:00) Introductions
(02:12) A bit about Rob Ragan
(03:33) AI in Security Assessment and Pentesting
(09:15) How is AI impacting pentesting?
(14:50 )Where to start with AI implementation in offensive Security?
(18:19) AI and Static Code Analysis
(21:57) Key components of LLM pentesting
(24:37) Testing whats inside a functional model?
(29:37) Whats the right way to threat model an LLM?
(33:52) Current State of Security Frameworks for LLMs
(43:04) Is AI changing how Red Teamers operate?
(44:46) A bit about Claude 3
(52:23) Where can you connect with Rob
Resources spoken about in this episode:
https://github.com/AbstractEngine/pentest-muse-cli
https://github.com/Azure/PyRIT
How is AI transforming traditional approaches to offensive security, pentesting, security posture management, security assessment, and even code security? Caleb and Ashish spoke to Rob Ragan, Principal Technology Strategist at Bishop Fox about how AI is being implemented in the world of offensive security and what the right way is to threat model an LLM.
Questions asked:
(00:00) Introductions
(02:12) A bit about Rob Ragan
(03:33) AI in Security Assessment and Pentesting
(09:15) How is AI impacting pentesting?
(14:50 )Where to start with AI implementation in offensive Security?
(18:19) AI and Static Code Analysis
(21:57) Key components of LLM pentesting
(24:37) Testing whats inside a functional model?
(29:37) Whats the right way to threat model an LLM?
(33:52) Current State of Security Frameworks for LLMs
(43:04) Is AI changing how Red Teamers operate?
(44:46) A bit about Claude 3
(52:23) Where can you connect with Rob
Resources spoken about in this episode:
https://github.com/AbstractEngine/pentest-muse-cli
https://github.com/Azure/PyRIT
Previous Episode
AI's role in Security Operation Automation
What is the current reality for AI automation in Cybersecurity? Caleb and Ashish spoke to Edward Wu, founder and CEO of Dropzone AI about the current capabilities and limitations of AI technologies, particularly large language models (LLMs), in the cybersecurity domain. From the challenges of achieving true automation to the nuanced process of training AI systems for cyber defense, Edward, Caleb and Ashish shared their insights into the complexities of implementing AI and the importance of precision in AI prompt engineering, the critical role of reference data in AI performance, and how cybersecurity professionals can leverage AI to amplify their defense capabilities without expanding their teams.
Questions asked:
(00:00) Introduction
(05:22) A bit about Edward Wu
(08:31) What is a LLM?
(11:36) Why have we not seen entreprise ready automation in cybersecurity?
(14:37) Distilling the AI noise in the vendor landscape
(18:02) Solving challenges with using AI in enterprise internally
(21:35) How to deal with GenAI Hallucinations?
(27:03) Protecting customer data from a RAG perspective
(29:12) Protecting your own data from being used to train models
(34:47) What skillset is required in team to build own cybersecurity LLMs?
(38:50) Learn how to prompt engineer effectively
Next Episode
How AI can be used in Cybersecurity Operations?
How can AI change a Security Analyst's workflow? Ashish and Caleb caught up with Ely Kahn, VP of Product at SentinelOne, to discuss the revolutionary impact of generative AI on cybersecurity. Ely spoke about the challenges and solutions in integrating AI into cybersecurity operations, highlighting how can simplify complex processes and empowering junior to mid-tier analysts.
Questions asked:
(00:00) Introduction
(03:27) A bit about Ely Kahn
(04:29) Current State of AI in Cybersecurity
(06:45) How AI could impact Cybersecurity User Workflow?
(08:37) What are some of the concerns with such a model?
(14:22) How does it compare to a analyst not using this model?
(21:41) Whats stopping models for going into autopilot?
(30:14) The reasoning for using multiple LLMs
(34:24) ChatGPT vs Anthropic vs Mistral
You can discover more about SentinelOne's Purple AI here!
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/ai-cybersecurity-podcast-344611/the-evolution-of-pentesting-with-ai-50059965"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to the evolution of pentesting with ai on goodpods" style="width: 225px" /> </a>
Copy