The Future of Autonomous Red Teaming with Ads Dawson

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/f6/d5/ed/f6d5ed39-c78c-bbc3-9e16-8da9c7df7142/mza_16272558080117222112.jpg/600x600bb.jpg

The Boring AppSec Podcast

28 episodes

5 days ago

In this podcast, we will talk about our experiences having worked at different companies - from startups to big enterprises, from tech companies to security companies, and from building side projects to building startups. We will talk about the good, the bad, and everything in between. So join us for some fun, some real, and some super hot takes about all things Security in the Boring AppSec Podcast.

Technology

RSS

All content for The Boring AppSec Podcast is the property of The Boring AppSec Podcast and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/40655927/40655927-1736141685828-0e4ce07b90353.jpg

The Future of Autonomous Red Teaming with Ads Dawson

The Boring AppSec Podcast

53 minutes 51 seconds

2 months ago

The Future of Autonomous Red Teaming with Ads Dawson

In this episode, we talk to Ads Dawson (Staff AI Security Researcher @ Dreadnode).

We discuss the evolving landscape of offensive security in the age of AI. The conversation covers the practical application of AI agents in red teaming, a critical look at industry standards like the OWASP Top 10 for LLMs, and Ad's hands-on approach to building and evaluating autonomous hacking tools. He shares insights from his work industrializing offensive security with AI, his journey as a self-taught professional, and offers advice for others looking to grow in the field.

Key Takeaways

- AI is a "Force Multiplier," Not a Replacement: Ad emphasizes that AI should be viewed as a productivity tool that enhances the capabilities of human security professionals, allowing them to scale their efforts and tackle more complex tasks. Human expertise remains critical, especially since much of the data used to train AI models originates from human researchers.

- Prompt Injection is a Mechanism, Not a Vulnerability: A key insight is that "prompt injection" itself isn't a vulnerability but a method used to deliver an exploit. The discussion highlights a broader critique of security frameworks like the OWASP Top 10, which can sometimes oversimplify complex issues and become compliance checklists rather than practical guides.

- Build Offensive Agents with Small, Focused Tasks: When creating offensive AI agents, the most successful approach is to break down the overall objective into small, concise sub-tasks. For example, instead of a single goal to "find XSS," an agent would have separate tasks to log in, identify input fields, and then test those inputs.

- Hands-On Learning and Community are Crucial for Growth: As a self-taught professional, Ad advocates for getting deeply involved in the security community through meetups and CTFs. He stresses the importance of hands-on practice—"just play with it"—and curating your information feed by following trusted researchers to cut through the noise and continuously learn.

Tune in for a deep dive into the future of security and the innovative approaches shaping the industry!

Contacting Ads

* Ad's LinkedIn: https://www.linkedin.com/in/adamdawson0/

* Ad's website: https://ganggreentempertatum.github.io/

Contacting Anshuman

* LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/in/anshumanbhartiya/

* X: ⁠⁠⁠⁠https://x.com/anshuman_bh

* Website: ⁠⁠⁠⁠https://anshumanbhartiya.com/

* ⁠⁠⁠⁠Instagram: ⁠⁠⁠https://www.instagram.com/anshuman.bhartiya

Contacting Sandesh

* LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/in/anandsandesh/

* X: ⁠⁠⁠⁠https://x.com/JubbaOnJeans

* Website: ⁠⁠⁠⁠https://boringappsec.substack.com/