06-27, 10:20–11:05 (Europe/Vienna), Mittlerer Saal (Track 1)
"Friends don't let friends upload their tradecraft to VirusTotal", but what about AI? More and more companies are integrating AI into their pipelines and workflows, and we can see headlines of AI finding hundreds of bugs everywhere online. So how can we integrate this technology into our work without burning our tradecraft - is this even possible?
We'll examine the capabilities of AI itself, how we can integrate it into our research to find more bugs more quickly, and how well it can be used for weaponization. To visualize this, we'll walk through at least one real-world vulnerability: my original approach, how that approach can be improved by AI, and to what degree.
But the advantages of AI come at a (hidden) cost: we're sharing everything with a third party, be it Anthropic, Google, or whoever. Would you upload your C2 beacon to VirusTotal during a Red Team? So, where exactly should we draw the line on AI?
Niels is a Red Teamer at Mantodea Security who is well-known for (accidentally) breaking things, even if he doesn't want to. His work is focused on red team operations and researching technology on a low level in the hopes of finding just one more bug.