Derek Banks

I want to share a quick thought for people in cyber security. This will be my longest tweet ever. I’ve spoken to many lately who are having an existential crisis from the constant posts about “the end of cybersecurity jobs.” Yes, things are changing quickly. This is a significant moment for the tech industry. Change can be uncomfortable. But we’ve seen cycles like this before. • When GitHub and open source took off, people said software engineers would disappear because code was free. • When AWS and cloud computing emerged, people said infrastructure jobs would vanish. • When fuzzing and SAST tools improved, people said vulnerability research would disappear. • Virtualization would eliminate infrastructure jobs. • Mobile computing was going to end desktop dev. • Exploit mitigations would end exploitability. It didn't. Each time automation improved, the amount of software grew faster than the automation. It does feel "different" this time as it's explosive. Some roles will shrink: • repetitive pentesting • basic vulnerability scanning • tier-1 SOC monitoring But other areas are expanding rapidly: • AI system security • supply chain security • identity architecture • autonomous agent security • critical infrastructure protection Historically, every time we eliminate one class of bugs, new classes emerge. Right now people are vibe-coding entire systems, giving AI access to their machines, crossing trust boundaries, and deploying autonomous agents with excessive permissions. The legal and regulatory world is nowhere close to ready. There will absolutely be new failure modes. Humans are amazing and always adapt, finding new ways to do things. The worst thing you can do right now is fall into a doom loop. ...and I’ll be honest, I too have felt the "psychological paralysis" a few times thinking, “Is this time different?” It's especially impactful when it comes from someone I respect in the community. There are certainly unknowns, in an industry where we've become accustomed to predictability. But... the majority of those reactions are usually driven by social media, not reality. Platforms like X reward engagement, and sensational doom posts spread faster than measured thinking. If you see something like: “Holy #$%^! Opus 66.6 just found every bug in Chrome and replaced 50 startups!” …mute it and move on. Instead: Stay curious. Learn the new technology. Adapt your skillsets. Build things. We’ll get through this transition the same way we always have. If I'm wrong then Sam Altman better be right about UBI! :) I'm sure that if this tweet gets any engagement that I'll get some heat for it, but a good friend of mine reminds me often to focus on what you have control over. I'll revisit this tweet at DEF CON 40!

I created a Claude and Grok integration into Signal running on my DGX Spark at home. I can have it create new projects, update code of existing products, test my code, do whatever Claude does as well as use the GenAI components of Grok to do research analysis for me. Only accepts messages from my number of course - it’s a linked account and accepts only from me.

PAI is a super power. @DanielMiessler created features on top of Claude Code that increase its efficacy by 50%... and that's a lot based on how awesome Claude Code is. Incoming FREE workshop of PAI and other tools I'm using to modify how I work in cybersecurity. Straight out of our 3.0 update of our "Red Blue Purple AI" course.

🔴 (Release) The Arcanum LLM Security Context Project Today we are releasing a new AI security resource for you all! This project is a comprehensive security reference distilled from 150+ sources to help LLMs generate safer code! Enjoy! 🫶 Links Below 👇

I think we all need to be full-stack now. AI generally, but Claude Code specifically, has made it so that if you can't go from problem to a shipped solution, you're just part of a toolchain that can/will be automated. Only high-agency, full-stack people survive. And they pull away from everyone else. That’s an insane change to happen over the course of like two months.

@geoffreyhinton just captured the AI bubble debate pretty well, I think. There's not an AI tech bubble. But there is an AI investment bubble. Like I've been saying for a while now, these are very different things. And that matters for action.

This is the clearest graphic I could make on Prompt Injection. 1. Yes it's a vulnerability 2. It is the superset 3. No this does not illustrate ALL risks, just some

🧠 Did you know you can pipe into Claude Code? Like: cat logs.txt | claude -p "analyze for..." strings bin.bin | claude -p "explain X" etc...

Hackers don’t waste time — and neither should you. @Wh1t3Rh1n0 created DNS Triage, a reconnaissance tool that quickly finds information about an organization’s infrastructure, software, and even third-party services. Check out this article from Michael, where he walks you through how it works, how to install it, and how to add it to your everyday arsenal! Download it here -- github.com/Wh1t3Rh1n0/dns…

Everyone wants AI testing to be automated or similar to AI red teaming. Point and scan. It’s not. So much of it is a blend of web security and prompt injection. The testing is slow and manual a lot of the times. Attacks need to be hyper tailored to work for a specific businesses app. MUCH probing goes into figuring out LAYERS of evasions to bypass guardrails and classifiers. Red teaming and pivoting skills come into play using the models as vehicles. Testing is SLOWER than standard web pentesting because of the non deterministic features of the models

Catching up on my Unsupervised Learning videos by @DanielMiessler Watching his interview with @trailofbits on the architecture of their 2nd place AI Cyber Reasoning System "ButterCup 2.0"... It's SUPER validating in some areas. A few weeks back Dan and I were discussing our systems Helios and Warden and talking about how micro we have to be with the jobs for the agents. The more micro the better, the more single operation the better, otherwise context can get polluted. CONTEXT ENGINEERING IS PARAMOUNT. Check out the excellent interview here: youtube.com/watch?v=nvU0Gb…

Thread: Here are 15 FREE resources to start learning how to security test and hack generative AI 👇

Added some topics to the new course I’m building: Finding security workflows Security Prompt engineering Security Context engineering Prompt abstraction Security workflow glue - n8n, power automate, Atlassian, etc Mcp + fastapi design Benchmarking and evaluation Scaling Exposing your workflow What else?

I'm teaching an intro to cloud security workshop on July 11th. This is a pay what you can course so you can take it for free. I'll also be teaching the full version of my Breaching the Cloud course at @WWHackinFest in October. Registration links below: Workshop: antisyphontraining.com/course/worksho… Breaching the Cloud: antisyphontraining.com/course/breachi…

Pentesters: What's the coolest thing you've done with Burp Suite? 💥🖋️ New to the industry? You'll want to make sure you're comfortable with it and BB King has got you covered! THIS Friday, June 13th: antisyphontraining.com/course/worksho…

My advice to kids has changed recently and it's not to get a cybersecurity degree. Get a computer science one, with a specialization in AI or an AI solely degree. I feel like right now, the cybersecurity market is pretty rough on hiring folks in - and that's only going to get harder as AI progresses more. Having a computer science with AI focus, you can join any industry - but also be top notch in cybersecurity with new skills if you want to get into this field. I'm pretty reserved on when new things come out, and have PTSD around new cybersecurity trends that promise the world. I was the same when AI first came out - very reserved, is this going to have a huge impact? Is this really a thing. AI is much different and a monumental shift for the industry/economy and it'll only get better. The major problem we are going to run into with this is that how do we know who can really code and who's vibe coding? Pretty hard delineation/shift happening. While vibe code is cool and all, being able to actually code/develop something that's needed with augmentation from prompt coding is necessary.

You’ve received a “true positive” security alert for a Windows or Linux endpoint. This is not a drill! Your environment is under attack! This is war and you need to take rapid, decisive steps to determine: Has the endpoint been compromised? Have other systems been impacted? What actions should come next? Patterson Cake will take you through live demonstrations & hands-on labs to help you get through similar IR scenarios with confidence in our next Pay-What-You-Can Workshop: Rapid Endpoint Investigations, live THIS FRIDAY, June 6th. Register here: antisyphontraining.com/course/worksho…

Someone AI voice cloned the White House chief of staff & asked for: list of individuals the President should pardon, cash transfer, questions about President. If your team doesn’t know how to verify identity to avoid getting tricked by voice clones, now is the time to prep them.

With all this AI job and economy disruption, don’t forget that we tend to overestimate short term progress and underestimate it in the long term. We’re not going to suddenly in 2026 have 10 or 20% unemployment, or half of white-collar jobs going away. I think it looks something more like: 2025: Companies are shocked and are trying to figure out what’s happening. Some layoffs and use of AI starts in the most forward,-leaning companies. 2026: More companies start figuring out what is happening, and more start dying off because they run out of money and can’t compete with newer AI-powered startups. Layoffs and white-collar unemployment accelerate. 2027: The first year that it really starts to hit hard, because the AI can now actually replace many white-collar workers. New companies understand that they mostly need relatively few high-IQ and high-agency generalists who are experts with AI. Layoffs and unemployment accelerate even more. People start calling for legislation against AI job replacement. UBI conversations start getting serious. The first humanoid robots start to become visible and potentially viable for some manual labor jobs. 2028: Most companies with a pre-2023 structure and workforce are now considered in danger of going out of business. The vast majority of companies are retooling their entire business and their entire workforce in the direction of high-IQ and high-agency AI experts wielding large agent teams and processes in order to survive. Most new “hiring” for companies is either one of those ultra-high-powered generalist humans, or an AI employee. Layoffs and unemployment are extremely high. The call for legislation to protect human jobs begin to get loud. UBI and human job protection are firmly in the conversation for all political candidates worldwide, but especially in the United States. Humanoid robots powered by AI start to actually penetrate the market and start to disrupt certain manual labor industries. 2029: White-collar unemployment is now a very serious problem. Even more manual labor work starts to get disrupted as the quality of the humanoid robots improves. There is now a general panic among the population about how they are going to pay their bills without having jobs. The populist outcry against the rich people who have made money in AI and robotics will massively increase. UBI implementations start to happen and larger scale plans start to take shape at the state and national level in governments worldwide. The immigration situation gets even more heated because now governments literally have to pay people so that they can survive. So the push by citizens to kick out all illegal immigrants in their countries suddenly becomes very loud and serious. — In other words, 2025 and 2026 might look remarkably similar to 2024 and 2025. But after 2027 I think things might get very weird, very quickly.

Not learning to code just because there are AI coding agents is like not learning how to think because there are talk shows. Writing = thinking. Creating = imagining. Coding = building. If you're in tech in 2025 and you can't do these things, your career is at risk. Adapt.