My Personal Garden

"The Apex Adversary" by Jeff Sims: IntroductionJeff Sims, a Senior Staff Data Scientist at Infoblox, presents a near-horizon cybersecurity threat model called the Apex Adversary. He defines this not as a single AI, but as an orchestrator—a "system of systems"—that combines various agentic AI capabilities to create a fully autonomous cyber combatant. Sims breaks down the anatomy of the Apex Adversary into three core components: Code Synthesis, External Sensing, and High-Capacity Reasoning. 1. Code Synthesis (Prompt $\rightarrow$ Model $\rightarrow$ Executor)Sims explains how AI can be used to generate…

"From Prompts to Plans: Security and Safety Testing for Agentic AI" by Jason Stanley: The Core Problem: AI is Evolving Faster Than Our Testing MethodsStanley begins by highlighting the massive surge in AI adoption across enterprises. However, the nature of AI systems is fundamentally changing. We are moving away from simple, stateless "chat" interfaces (where a user inputs a prompt and gets a single reply) toward complex Agentic AI. These new agents have memory, access to external tools, complex architectures, and the ability to take multi-step actions in…

This video is a Black Hat USA 2025 talk titled “BinWhisper: LLM-Driven Reasoning for Automated Vulnerability Discovery Behind Hall-of-Fame” by Qinrun Dai and Yifei Xie. The core idea is that vulnerability research still depends heavily on either manual auditing or fuzzing, and the speakers argue that LLMs are most useful not as fully autonomous hackers, but as structured reasoning helpers inside a guided workflow. The talk starts with a manual reverse-engineering walkthrough of CVE-2024-34587, using a Samsung video/RTCP parsing path as the example. They show that the actual…

Summary Using Large Language Models (LLMs) for offensive security (vulnerability discovery) currently results in an overwhelming number of false positives. To solve this, Dolan-Gavitt proposes shifting away from asking AI to "grade its own homework." Instead, security teams must use Non-AI Deterministic Validation—forcing the AI agent to provide undeniable, mathematically verifiable proof that an exploit works. The Problem: The Specter of False Positives When LLMs are fed source code and asked to find vulnerabilities, they confidently hallucinate bugs. This is a mathematical inevitability due to the Bayesian Base Rate Fallacy.…

"Hack To The Future: Owning AI-Powered Tools With Old School Vulns" by Nils Amiet and Nathan Hamiel at Black Hat USA 2025: Core Thesis The integration of generative AI into developer productivity tools (like AI code reviewers and data analytics assistants) is creating massive new attack surfaces. While the underlying Large Language Models (LLMs) are not being "hacked," the applications wrapping them are poorly designed, overly permissive, and riddled with classic, "old-school" vulnerabilities like Remote Code Execution (RCE), Prompt Injection, and Insecure Direct Object Reference (IDOR). Because these AI…

"When Guardrails Aren't Enough: Reinventing Agentic AI Security With Architectural Controls," delivered by David Brauchler III from NCC Group. The Core Thesis The central argument of the presentation is that guardrails are not security boundaries. Much like Web Application Firewalls (WAFs) in the early days of the internet, AI guardrails are merely statistical heuristics. They reduce risk but do not provide "hard" security guarantees and can always be bypassed by a determined attacker. As AI evolves into "agentic" systems—where models can execute tool calls, read databases, and take actions—relying solely…