Rob T. Lee

One of the most dangerous new attack techniques at @OneRSAC this week is the pace gap: adversaries are operating at machine speed. The barrier to entry for machine-speed attacks has collapsed. GTG-1002 proved it: Chinese state actors running Claude Code with MCP for autonomous recon and lateral movement across 30+ targets, at rates Anthropic's own team called physically impossible for human operators. (The CCP ran the proof of concept. I'll take the validation.) The answer is not faster humans. The answer is AI-augmented defenders, which means matching AI speed with AI speed. At the AI security practitioner con [un]prompted, I typed two words, "find evil," and fourteen minutes twenty-seven seconds later had a complete C drive analysis. (I know it was accurate. I ran the intrusion myself.) The tool handles the syntax so the investigator can focus on what actually requires a human: reading the findings and driving the case. Only someone who knows DFIR can interpret that output. The full case gets made at the @SANSInstitute "Five Most Dangerous New Attack Techniques" panel at RSAC, Moscone West, Tuesday, 3:55 PM PT. I'll share more about the Find Evil! Hackathon ($22K+ in prizes, April launch) to get the entire defender community building on this together. Offensive teams have a handful of developers working in secret. We have the open source community. Let's go.

We have a coordination problem masquerading as a standards problem. (And honestly, the standards part is the easier fix.) Governments are waking up to AI as a national security issue. Standards bodies are multiplying. Everyone's building frameworks. Nobody's talking to each other. That fragmentation? We'll spend years untangling it. @owasp AI Exchange has spent years building clarity on AI security. Their work feeds directly into ISO standards and the European AI Act. @SANSInstitute brings 27 years of teaching practitioners worldwide. Together, we're convening the people who can actually fix the coordination gap: policy makers, standards leaders from @NIST, @MITREattack, American National Standards Institute (ANSI), @IEEEorg, Cloud Security Alliance, BIML (Berryville Institute of Machine Learning), OWASP GenAI Security Project. Confirmed attendees include John Keefe, Gary McGraw, Ken Huang, Omar Santos. The mission of the AI Policy Forum: Stop the siloing. Map what exists. Find where initiatives reinforce each other instead of creating compliance whiplash for industry. (I think coordination done right looks less like "new rule" and more like "here's how these pieces fit together.") If you've got ideas on what this conversation should cover, gaps you're seeing, perspectives that belong at the table, please drop them in the comments. Thanks to @robvanderveer and Disesdi Shoshana Cox for your partnership.

AI is reshaping cyber roles. Regulation is complicating hiring. Talent isn't getting easier to find. @robtlee and James Lyne unpack the 2026 Workforce Research Report live at @OneRSAC. 👥 A can't miss for anyone building a cyber team in 2026 → go.sans.org/XcGbfg #RSAC #CyberWorkforce #AI

AI adoption is a daily habit, not a milestone. SANS Institute CAIO @RobTLee: "You need to work on AI like you exercise — on a daily basis." On buy-in, resistance, and why frustration is a sign you're doing it right 👇 informationweek.com/it-leadership/…

The White House dropped its National Cyber Strategy yesterday and I’ve read it three times, it’s short but it hits the right points. (That’s either diligence or a sign I need more sleep.) My honest take: more right than wrong, with one gap worth watching. What they got right is significant: Pillar 5 explicitly calls for “rapidly adopt and promote agentic AI in ways that securely scale network defense and disruption.” That sentence alone represents a meaningful shift in federal posture. For years, the policy conversation treated AI as something to study carefully. This document treats it as something to deploy. That’s the correct urgency. The GTG-1002 operation – Chinese state actors running Claude Code at 80-90% autonomy for offensive reconnaissance – happened in 2025. Our defensive posture can’t be operating on a different clock.

The place I’d love to see version two develop further is the workforce pillar. Pillar 6 describes pipelines, academia, vocational schools, existing credentialing pathways. What it doesn’t yet address is the continuous education model: the delta between a certification earned three years ago and the threat landscape operators face today. AI-augmented attacks are evolving monthly. (I sit on the CSIS Commission on U.S. Cyber Force Generation and this is exactly the conversation we keep coming back to.) The document builds the right foundation. Workforce readiness is an ongoing operating expense, not a one-time investment. That’s less a criticism than a prompt for the implementation documents that follow. Strategies set direction. The workforce question is where direction meets execution – and getting that right is what makes the other five pillars actually work. Read it. The AI deployment posture, regulatory flexibility, and offensive framing are worth your time. The workforce section is where practitioners like you and me have the most to contribute to what comes next. whitehouse.gov/wp-content/upl…

Pillar 2 on common sense regulation: “Streamline cyber regulations to reduce compliance burdens” and “ensure that the private sector has the agility necessary to keep pace with rapidly evolving threats” I’ve been making exactly this argument, framed as a cybersecurity safe harbor. Defenders need the equivalent of HIPAA exceptions that doctors received: the ability to analyze sensitive data strictly for threat detection without running afoul of the same privacy laws our adversaries ignore. (Attackers don’t schedule GDPR reviews.) The regulatory direction here is right. The offensive posture throughout the document also reflects a reality check that previous strategies often softened. Shaping adversary behavior, using all instruments of national power, not confining responses to the cyber realm – that’s accurate threat modeling. The asymmetry is real, and this strategy names it.

Would you like to chat with [un]prompted con about AI security? Follow a thread across every session, brief your team, or just base your research on the knowledge collected?

Really excited to be speaking at #unprompted next week in SF. My session is SIFT – FIND EVIL!! I Gave Claude Code R00t on the DFIR SIFT Workstation I wired Claude Code into the DFIR SIFT workstation via Model Context Protocol, timeline generation, memory analysis, malware sweeps, all through natural language commands. 40+ hours of testing. I'll show you what actually works, and where it fell flat. Thank you to @gadievron and the [un]prompted team for pulling this together. March 3-4. Livestream passes still available: lu.ma/eky90vot Will you be there or streaming in? #unprompted2026

TOMORROW Fri 2-27-2026, LIVE, 1 pm ET/ 10 am PT #DigitalForensics & Intelligent Threats Join #CXOTalk guests: * @RobTLee, #CAIO, @SANSInstitute * Co-host David Bray, PhD., @StimsonCenter cxotalk.com/episode/the-ai… What are red teams discovering about #AIsecurity vulnerabilities? #DFIR #AI #CIO #CSO #CSIO

What I hear every single day from security leaders: You're expected to learn and personally adopt AI. To 'juice' the product with AI. To rework governance, and overhaul the SOC and your defenses. And the more you adopt AI, the more you wonder... Are you ushering in business failure from a breach or training your AI replacement? Our reality: The enemy is at the gate, moving at machine speed, and we are not ready. Every day, defenders show up to protect businesses, infrastructure, and communities, bound by policies and laws. Criminal organizations operate without any such constraints. This asymmetry is what I'm talking about Friday on @cxotalk with David Bray, PhD @StimsonCenter and @mkrigsman on LinkedIn Live. If you haven't tuned into CXOTalk before, you'll want to follow Michael Krigsman who has led about 1K (yes, thousand) live interviews. Technical depth and boardroom strategy in the same discussion. And David Bray, PhD, Distinguished Fellow and Chair of the Accelerator at The Stimson Center (has testified before Congress on AI, was CIO of the Federal Communications Commission, Senior National Intelligence Executive). AI is transforming how cyberattacks are planned, executed, and concealed. The time is now to talk to peers, learn from each other, and figure out what defense looks like in 2026. Add Friday, Feb 27, 10am PT / 1pm ET to your calendar: linkedin.com/events/7432109… #CXOTalk #AISecurity #Cybersecurity

@MrWiresWV @elder_plinius @SANSInstitute appreciate the note @MrWiresWV Updated link here to agenda and to register. (complimentary livestream or be in the room in DC with us) sans.org/cyber-security…

@robtlee @elder_plinius @SANSInstitute Hey guys the link is broken, getting a not found error when hitting cybersecuritysummit.ai. Thanks

I'm excited to share that @elder_plinius is keynoting the @SANSInstitute AI Summit this April. I’m chairing, and yes, we invited the anonymous hacker who’s broken every major AI model within hours of release. (I can already hear the compliance team sighing.) Nobody knows who he is. @TIME confirmed no coding background when they included him in their 100 Most Influential People in AI list for 2025. He just showed up and started dismantling guardrails faster than the companies building them. The pattern is consistent: new model drops, Pliny cracks it before lunch, posts the technique to his GitHub repo that now has 10,000+ stars. Eleven months before @AnthropicAI disclosed the weaponization risk of Claude through segmented sub-agents, Pliny called it. He sat out Anthropic’s $30,000 Constitutional AI challenge. Not because he couldn’t solve it, but because they wouldn’t open-source the data collected from participants. (When your principle is radical transparency, you don’t compromise for a payout.) He leads BT6, a 28-operator white-hat collective. Their take on why guardrails keep failing: security theater designed to appease fears rather than fix vulnerabilities. Marc Andreessen handed him an unrestricted grant. OpenAI banned him in April 2025 for “violent activity,” then quietly brought him back. His Discord community BASI PROMPT1NG has 15,000+ members workshopping jailbreaks in real time. (That’s more people than most security conferences.) The name is deliberate. Pliny the Elder sailed toward Mount Vesuvius as it erupted to get a better look. Curiosity over caution. The SANS Institute AI Summit is two days of the security community figuring out how AI is reshaping everything we do. Pliny sees the cracks before anyone else does. I hope you’ll be in the room April 20-21 at the SANS AI Summit: cybersecuritysummit.ai

Fri. 2-27-2026, LIVE, 1 pm ET/ 10 am PT #DigitalForensics & Intelligent Threats Join #CXOTalk guests: * @RobTLee, #CAIO, @SANSInstitute * Co-host David Bray, PhD., @StimsonCenter cxotalk.com/episode/the-ai… How may shadow #AI impact cybersecurity? #DFIR #AIsecurity #CIO #CSO #CSIO

"You need AI to protect against AI." That's Jacob Klein, Head of Threat Intelligence at @AnthropicAI, keynoting the SANS AI Summit this April. He's lead author on Anthropic's 2025 report that shook up the security community--ten documented case studies of serious AI misuse: North Korean fraud operations, ransomware tooling, autonomous campaigns, and an AI-driven cybercrime spree they called "unprecedented." (I don't use that word lightly. Neither did they.) His take on why defenders need to rethink everything: the old paradigm--alert fires, human responds 24/7, looks at it, does something--is too slow now. Jacob's team tracked how attackers used Claude to run nearly an entire cyberattack. Reconnaissance, exploitation, lateral movement, data extraction. The human just said "Yes, continue" at a few chokepoints. (80-90% autonomous execution.) He's also tracking North Korea's tech worker scams using AI--hundreds of US companies infiltrated, funding weapons programs. His take: "Before, you would need a few highly trained individuals to go out into the market, get a job, maintain a job. Now North Korea can just use really anybody and say, 'Hey, use Claude' to get the tech work done and maintain an illusion of competency." (Payroll fraud as nation-state capability. We really are living in interesting times.) Before Anthropic, he drove @Google's strategy to combat violent extremism and built the global Trust & Safety operation at @coinbase. Different domains, same job: find the people exploiting new technology before the rest of us see it coming. We're all figuring out how to evolve cybersecurity for what's here and what's coming. I want you in the room--talking with peers, shifting how you think about defense, learning from some of the best trainers in the world. @SANSInstitute AI Cybersecurity Summit. April 20 in Arlington: sans.org/cyber-security…

UPDATED link here to agenda and to register. (complimentary livestream or be in the room in DC with us) sans.org/cyber-security…

UPDATED link here to agenda and to register. (complimentary livestream or be in the room in DC with us)sans.org/cyber-security…

"Agents don't inherit trust like humans inherit debt. They verify it cryptographically before every handshake, or they become the attack vector that walked right through your perimeter." Thanks to Helen Oakley @e2hln for the incredible keynote and fireside chat with Kate Marshall at the 2025 AI Cybersecurity Summit. Helen is VP of Software and AI Security at SAP and co-lead of the OWASP GenAI Security Project Agentic Security Initiative (ASI). Her workshop at this year's AI Cybersecurity Summit in April is “OWASP FinBot Lab: Exploit and Secure an Agentic Vendor Management System” is on Day 2. Register here: sans.org/cyber-security… I hope you'll be in the room! @e2hln @robvanderveer @sounilyu @chrishvm @DavidJBianco @schneierblog @elder_plinius @disesdi

UPDATED link here to agenda and to register. (complimentary livestream or be in the room in DC with us) sans.org/cyber-security…

This Fri 27 Feb 2026, LIVE, 1 pm ET/10 am PT/ 11 am MT #DigitalForensics & Intelligent Threats Join #CXOTalk guests: * @RobTLee, #CAIO, @SANSInstitute * Co-host David Bray, PhD., @StimsonCenter cxotalk.com/episode/the-ai… What is an #AI attack lifecycle? #DFIR #AIsecurity #CIO #CSO #CSIO