AICAD: Artificial Intelligence Capabilities For Attack & Defense
Unsupervised Learning12 Huhti 2025

AICAD: Artificial Intelligence Capabilities For Attack & Defense

AI is changing cybersecurity at a fundamental level—but how do we decide what to build, and when? In this episode, I outline a structured way to think about AI for security: from foundational ideas to a future-proof system that can scale with emerging threats.

Rethinking Human Workflows as Intelligence Pipelines
By mapping tasks into visual workflows, we can pinpoint exactly where human intelligence is still required—and where AI agents are most likely to replace or enhance us.

Using AI to Understand and Manage Organizational State
I introduce the concept of AI state management: building systems that track your current and desired security posture in real time, and using AI to bridge the gap—automating insights, decisions, and even actions across your environment.

Building a Cyber Defense Program Inspired by Attacker Playbooks
Instead of waiting for threats, I propose a new framework based on attacker capabilities—what they wish they could do now and in the near future—and how to proactively prepare by building a continuously adapting AI-powered defense system.

Subscribe to the newsletter at:
https://danielmiessler.com/subscribe

Join the UL community at:
https://danielmiessler.com/upgrade

Follow on X:
https://x.com/danielmiessler

Follow on LinkedIn:
https://www.linkedin.com/in/danielmiessler

Chapters:
00:00 - Framing the Future: Two Key Questions on AI and Cybersecurity
01:28 - Intelligence Pipelines: Visualizing Human Work as Replaceable Workflow
06:10 - Theory of Constraints: How Attackers Are Bottlenecked by Human Labor
10:42 - Defining Agents: What Makes AI Different From Traditional Automation
12:08 - AI State Management: The Universal Use Case for Automated Intelligence
16:53 - Real-World Demo: Unified Context AI for Security Program Management
26:30 - Advanced Uses: Reassigning Projects, Updating KPIs, and Security Reports
34:58 - Automating Security Questionnaires With AI Context Awareness
38:43 - ACAD Framework: Predicting and Preparing for Future Attacker Capabilities
47:40 - Defender Response: Building AI-Driven Red Teams and Internal UCCs
52:25 - Final Answers: How Software and Security Change With AI Agents

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Jaksot(538)

The Future of Hacking is Context

The Future of Hacking is Context

Sponsored by Vanta. Vanta takes the busywork out of GRC so you can focus on what actually matters—improving your security, not chasing compliance. https://ul.live/vanta This isn’t just another AI podc...

3 Kesä 202533min

UL NO. 482 | STANDARD EDITION: AI Finds an 0-Day!, Postman Leaking Secrets, High Agency Mental Model, My Unified Entity Context Video, Github MCP Leaks Private Repos, Google vs. OpenAI vs. Apple on AI Vision, and more...

UL NO. 482 | STANDARD EDITION: AI Finds an 0-Day!, Postman Leaking Secrets, High Agency Mental Model, My Unified Entity Context Video, Github MCP Leaks Private Repos, Google vs. OpenAI vs. Apple on AI Vision, and more...

AI Finds an 0-Day!, Postman Leaking Secrets, High Agency Mental Model, My Unified Entity Context Video, Github MCP Leaks Private Repos, Google vs. OpenAI vs. Apple on AI Vision, and more... You are cu...

30 Touko 202531min

Unified Entity Context

Unified Entity Context

🔹 Thanks to ProjectDiscovery for sponsoring today’s video. I've been using their tools like Nuclei and Subfinder for years, and now they’ve brought that power to the cloud with a full vulnerability m...

15 Touko 202530min

Reviewing RSA 2025 with Jason Haddix

Reviewing RSA 2025 with Jason Haddix

What really happened at RSA 2024? Daniel Miessler and Jason Haddix break it down. Fresh off a whirlwind RSA week, Daniel sits down with Jason Haddix (Arcanum Information Security) to talk about what m...

8 Touko 20251h 21min

A Conversation with Bar-El Tayouri from Mend.io

A Conversation with Bar-El Tayouri from Mend.io

➡ Get full visibility, risk insights, red teaming, and governance for your AI models, AI agents, RAGs, and more—so you can securely deploy AI powered applications with ul.live/mend In this episode, I ...

6 Touko 202545min

The 4 AAAAs of the AI ECOSYSTEM: Assistants, APIs, Agents, and Augmented Reality

The 4 AAAAs of the AI ECOSYSTEM: Assistants, APIs, Agents, and Augmented Reality

In this episode, I break down what I believe is the emerging structure of the AI-powered world we're all building—consciously or not. I call it the “Four A’s”: Assistants, APIs, Agents, and Augmented ...

22 Huhti 202527min

Using the Smartest AI to Rate Other AI

Using the Smartest AI to Rate Other AI

In this episode, I walk through a Fabric Pattern that assesses how well a given model does on a task relative to humans. This system uses your smartest AI model to evaluate the performance of other AI...

19 Huhti 20259min

A Conversation with Patrick Duffy from Material Security

A Conversation with Patrick Duffy from Material Security

➡ Secure what your business is made of with Martial Security: https://material.security/ In this episode, I speak with Patrick Duffy from Material Security about modern approaches to email and cloud w...

15 Huhti 202526min