The Evolution of Pentesting with AI
AI Security Podcast4 Huhti 2024

The Evolution of Pentesting with AI

How is AI transforming traditional approaches to offensive security, pentesting, security posture management, security assessment, and even code security? Caleb and Ashish spoke to Rob Ragan, Principal Technology Strategist at Bishop Fox about how AI is being implemented in the world of offensive security and what the right way is to threat model an LLM.


Questions asked:

(00:00) Introductions

(02:12) A bit about Rob Ragan

(03:33) AI in Security Assessment and Pentesting

(09:15) How is AI impacting pentesting?

(14:50 )Where to start with AI implementation in offensive Security?

(18:19) AI and Static Code Analysis

(21:57) Key components of LLM pentesting

(24:37) Testing whats inside a functional model?

(29:37) Whats the right way to threat model an LLM?

(33:52) Current State of Security Frameworks for LLMs

(43:04) Is AI changing how Red Teamers operate?

(44:46) A bit about Claude 3

(52:23) Where can you connect with Rob


Resources spoken about in this episode:

https://www.pentestmuse.ai/

https://github.com/AbstractEngine/pentest-muse-cli

https://docs.garak.ai/garak/

https://github.com/Azure/PyRIT

https://bishopfox.github.io/llm-testing-findings/

https://www.microsoft.com/en-us/research/project/autogen/

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(55)

Why Asset Intelligence is Replacing the CMDB & Static Dashboards

Why Asset Intelligence is Replacing the CMDB & Static Dashboards

Why do CISOs still struggle with asset intelligence in 2026? Despite decades of security tooling, most organizations still have a massive 40% "dark matter" blind spot in their environment and the expl...

11 Kesä 42min

The AI AuthZ Problem: Why Human Least Privilege Fails for Autonomous Agents

The AI AuthZ Problem: Why Human Least Privilege Fails for Autonomous Agents

Why are security leaders terrified of connecting AI agents to production data? Because unlike humans, AI agents don't apply judgment, and they operate at machine speed, meaning they can relentlessly h...

4 Kesä 47min

Securing AI at the Speed of Engineering | DoorDash | Forward Deployed Security | GRC Engineering

Securing AI at the Speed of Engineering | DoorDash | Forward Deployed Security | GRC Engineering

Is your security team moving at the speed of your engineering team? In this special live recording of the AI Security Podcast from San Francisco, Ashish is joined by Nick Reva (Global Director, Engine...

21 Touko 1h 3min

Verification vs. Validation: How Autonomous AI is Changing Cybersecurity

Verification vs. Validation: How Autonomous AI is Changing Cybersecurity

Are autonomous AI agents operating unchecked in your enterprise? With the release of open source frameworks like OpenClaw, deploying an AI agent is now as simple as texting, but it comes with massive,...

13 Touko 1h 10min

The Zero-Click AI Hack: How to Contain the Blast Radius of Autonomous Agents

The Zero-Click AI Hack: How to Contain the Blast Radius of Autonomous Agents

Is an AI agent's identity a workload or an action? Ashish spoke to Elie Bursztein, Distinguished Research Scientist and co-author of Google SAIF (Secure AI Framework) about how it is neither and that ...

29 Huhti 47min

Buy vs. Build AI Security: Why [Box.com](http://Box.com) CISO is Creating their Own Agentic SOC

Buy vs. Build AI Security: Why [Box.com](http://Box.com) CISO is Creating their Own Agentic SOC

If your AI solution is just helping humans process the same amount of alerts a little faster, you haven't transformed anything, you've just created a faster hamster wheel.In this episode, Ashish and C...

22 Huhti 46min

Anthropic's Project Mythos: Why the "Zero-Day Machine" is Terrifying the Security Industry

Anthropic's Project Mythos: Why the "Zero-Day Machine" is Terrifying the Security Industry

In this episode, Ashish and Caleb discuss the internet-breaking preview of Project Mythos, an unreleased AI model from Anthropic that has shown an unprecedented, terrifying ability to reason through c...

18 Huhti 1h 3min

Are AI Security Startups Faking It? How to Separate Signal from Noise

Are AI Security Startups Faking It? How to Separate Signal from Noise

With over 70 startups claiming to have built the perfect "AI SOC Analyst" or "AI Threat Hunter," how do you separate the real products from the vaporware? Recorded live at Decibel RSAC Founder Festiva...

15 Huhti 47min