Trail of Bits reposted this
There were >60 AI-related talks at BSidesLV, Black Hat , & DEF CON this year. ✨ Let me save you 𝒉𝒐𝒖𝒓𝒔: I put the talks in one place and summarized them. + slides, recordings, etc. where possible. 📊 The Process The goal of this was to help quickly get an idea of everything AI-related people shared at Hacker Summer Camp. I grouped each talk by Category, and summarized its abstract in 1 sentence and then 2-3 sentences, so you can quickly get a lay of the land. Time permitting, I want to do more detailed summaries, but many slides and recordings are not out yet. 📊 Top Categories The most popular categories, in descending order, were: 1. Attacking AI 2. AI for Defense (Blue Team) 3. Public Policy 4. Securing AI 5. AppSec 📖 Talk Summaries 📖 There were far too many talks for me to describe here, but let me give you a flavor: 🛡 Securing AI Rich Harang shared lessons learned from NVIDIA’s AI red team from securing dozens of LLM-powered applications. Christina Liaghati, discussed MITRE ATLAS, a public knowledge base of AI adversary tactics. Cyrus Nikolaidis and Faizan Ahmad shared CyberSecEval Prompt Injection benchmarks and PromptGuard. 👿 Attacking AI Hillai Ben Sasson and Sagi Tzadik used malicious models to break security boundaries in AI-as-a-Service platforms. Shachar Menashe analyzed the attack surface of the 6 most popular OSS MLOps platforms. Harriet Farlow bypassed casino biometrics, Ryan Tracey et al bypassed person detection in a popular security camera. Suha S. Hussain and Vasilios Mavroudis discussed backdooring models. Tooling: Leon Derczynski presented garak, Ian Harris FuzzLLM. Ofir Yakobi and Shir Sadon presented AI Goat. Maya Pavlova, Aaron Grattafiori et al on red teaming Llama 3. ✍ AppSec Kirill Efimov & Eitan Worcel 🎗 on AI autofixes. Chris Wysopal on AI-generated code introducing more vulnerabilities. Jay Chen & Ravid Mazon on automatically finding AuthZ vulns in web apps. 😷 Adam Shostack: LLMs for threat modeling. 🎣 Phishing Arun Vishwanath, Fred Heiding, Simon L. on building a self-improving phishing bot. Josh Kamdjou showed real, in-the-wild phishing attacks with fabricated contents. Perry Carpenter created a powerful backend for real-time, interactive voice-enabled cyber scams. 🔬 Blue Team Sheng-Hao Ma et al described a neural-network-based symbolic execution LLM that can analyze malware, even if protected by commercial packers. Ann Johnson & Sherrod DeGrippo on how Microsoft is leveraging its global-scale threat intelligence + AI. Ezz T.: using AI to map SIEM data to MITRE ATT&CK. Adel K.: building an LLM-powered web honeypot. 🗡 Red Team Michael Kouremetis: a methodology for evaluating LLM's offensive cyber capabilities. Joel Noguera & Diego Jurado Pallarés on creating an AI agent to augment bug bounty and pentesting workflows. ...and so much more 👇 https://lnkd.in/d3rmuPRN #cybersecurity #ai