Rob T. Lee

“I spend all day, every day, looking at folks who misuse our models and our products. I want to walk through all of you what I've been seeing on the ground and how this has changed in the past year.” - Jacob Klein, @AnthropicAI's head of threat intel at the @SANSInstitute AI Summit. And then came the heartburn line: “Almost everything I’m walking through can be used by a defender as well.” He’s right. Defenders can point AI at endpoints at scale, code at scale, vulnerabilities, and SOC signals. Every serious defender already knows the list. The hard part is the operating reality: usable data, investigations that don’t depend on manual glue work, remediation that moves fast enough, and AI you can actually trust. What makes this a tougher sell is the reliability of the tools in our hands right now and our own skill gaps. And consider: we still get to watch some of this play out in the open. That window closes as attackers move to their own private tooling and infrastructure. The only way we get ready is by starting now: working on our own skill gaps, building muscle with the tools we have, stress-testing them in real environments, forcing the workflow changes that make AI for defense operational. Work on this directly with us: Find Evil! is live. Protocol SIFT is what happens when you wire an AI agent into a forensic workstation full of trusted tools and tell it to behave. It's an early capability with real outputs, failure mode. Join our community effort to make it something defenders can deploy. 42 days to enter. An incredible 2,500+ builders and teams are in as of today. $22K in cash prizes. Sponsored by SANS Institute. findevil.devpost.com (You'll have to hear Jacob's full talk and the fireside chat with Bruce Schneier and Anne Neuberger: Are tech companies the new SOC? Check it out on the SANS Institute YouTube page.) Curious what you think. (And if you've entered in the hackathon?) #AIsecurity #cybersecurity #vulnops

@robtlee @anton_chuvakin @OpenAI @AnthropicAI At Aisle, we were able to find the same things cheaper and we documented it. aisle.com/blog/system-ov…

So excited to announce: Find Evil!, the first autonomous AI hackathon for incident response is live. More than 1,400 solo builders and teams registered as of this morning. IR professionals, AI engineers, developers, students. Most of what's on our feeds and agendas is how two frontier AI labs told the world that their own models are dangerous enough to need emergency defensive programs, and basically to go figure it out. Let's do something about it. Grab your team and sign up. Especially grab peers who keep saying "Why are you so obsessed with Claude Code?" (You cannot convince people with a deck. They have to put their hands on the tools and watch an AI agent reason through 200+ forensic tools in real time.) The hackathon is a two-month competition ($22K in prizes) to take Protocol SIFT, the proof-of-concept connecting AI agents to the SIFT Workstation’s 200+ open source forensic tools through MCP and to make it production-ready. You don't need to be an incident response expert. The SIFT Workstation handles the domain tooling. You need curiosity and building skills. Details and registration: findevil.devpost.com Sponsored by @SANSInstitute

What is the frontline of cybersecurity today? @robtlee, Chief AI Officer and Chief of Research at the @SANSInstitute, shares his thoughts in a fireside chat with XBOW CEO @oegerikus below. Watch more of their conversation. bit.ly/422eZPo

So @OpenAI basically took its latest model (not even a Frontier one) and re-released it after effectively removing guardrails. They are likely trying to enhance researchers' ability to find code vulnerabilities. But neither OpenAI nor @AnthropicAI is telling the cybersecurity community how to even accomplish this. We have heard from multiple folks with Mythos that they don't even know what specifically they're supposed to do with it. Point it at applications and say "find vulnerabilities" or what? It's not like it comes with a how-to manual or a man page. This is nothing more than one vendor trying to one-up another.  We need to start benchmarking how one AI model is able to find code vulnerabilities over another and how quickly they are doing it. There are real risks at stake here. Is the solution to this problem that people should do code analysis and vulnerability discovery through models without additional security? For the majority of defenders out there that do not have the offensive training for fuzzing or vulnerability discovery, what are they supposed to do in the meantime? How are they going to validate the individuals (and people at enterprises) asking for access? While we can applaud that all these models are released to defenders first, the real issue is: is everyone fully aware of what to do with them once they get their hands on them?

AI is discovering vulnerabilities faster than defenders can patch them. This isn't a future risk — it's today's reality. Our new Mythos CISO briefing, "The AI Vulnerability Storm," gives security leaders a concrete playbook to respond. Authored by @gadievron, @rmogull, and @robtlee.

The @AISecurityInst confirmed Claude Mythos Preview is the first model to complete their full 32-step corporate network attack simulation end-to-end. Initial reconnaissance through full network takeover. The thing is, AISI's most interesting conclusion is also their most dangerously optimistic one. They say they can't be sure Mythos could compromise a well-defended network because their range had no active defenders, no defensive tooling, no penalties for tripping alerts. That sounds reassuring until you look at what Mythos is already doing. It found a 27-year-old vulnerability in OpenBSD (one of the most hardened operating systems on the planet) and a 16-year-old flaw in FFmpeg that automated testing tools had hit five million times without catching. If it's bypassing tooling on hardened systems, "active defenders would stop it" needs a lot more evidence than AISI provided. And even with active human defenders and alerts, the speed asymmetry is what should keep you up. The window between vulnerability discovery and weaponization has collapsed into hours. Autonomous attack chains move laterally from initial access to objective completion at a pace human defenders weren't designed for. If your defensive teams aren't using AI agents, they can't match the speed of AI-augmented threats regardless of their technical skill. So what do you actually do about it? Point AI agents at your own code and find the vulnerabilities before attackers do. That's Priority Action 1 in the briefing released today from Cloud Security Alliance @cloudsa, @SANSInstitute, and @OWASPGenAISec . The real barrier isn't technology. It's policy and liability. Every organization I've talked to wants autonomous defense in observation mode, not act mode. If an agentic defensive capability trips and takes down production, the CISO is personally liable. There have been prosecutions. (I'm surprised anyone becomes a CISO at this point.) Full AISI technical writeup is on aisi.gov.uk The strategy briefing that @gadievron, @rmogull, and I built with 60+ contributors in response to Mythos is at labs.cloudsecurityalliance.org/mythos-ciso Free, 30 pages. Risk register, priority actions, board briefing section. (More on all of this at the AI Summit next week: go.sans.org/YjGCXr Timing couldn't be better.)

‼️Eleven priority cybersecurity actions for the AI cybersecurity deluge. Some actions are required THIS WEEK. AI has significantly increased the likelihood of attackers discovering new vulnerabilities, creating new exploits, and using them in complex automated attacks at scale.  AI increases the speed to develop patches, and reduces defects in new software, the burden on defenders, by comparison, increases due to the inherent limitations of patching. The attackers gain asymmetric benefits. Sandwiched between the technical recommendations a section "prepare for burnout," treat the problem with the same clinical seriousness as network segmentation. Currently: periodic security pentests outdated (this means that regulations like #GDPR or #NIS2 are outdated), threat intelligence lags. Awesome assessments, congratsc @gadievron for coordinating this. labs.cloudsecurityalliance.org/wp-content/upl…

@gadievron @AnthropicAI @cloudsa Thank you for leading!

@robtlee @AnthropicAI @cloudsa Thank you so much for stepping in to make this happen!

Friday afternoon @gadievron says "I'm working on a CISO community document for Monday. Want to collaborate? Releasing Monday." I said "Sure." (I have a problem with that word.) @AnthropicAI had dropped Mythos on Monday. @cloudsa is running an emergency CISO Zoom on Tuesday. @SANSInstitute was already building BugBusters this Thursday with Ed Skoudis, Joshua Wright, and Chris Elgee. The entire community was asking the same question: what do we actually DO about this? Three nights later we have a 30-page strategy briefing with 60+ contributors. "Sure" turned into barely sleeping Friday, Saturday, Sunday while @gadievron and @rmogull dragged this thing into existence. (My son checked to see if I was still breathing around hour 40. I think he was mostly concerned about if Uber Eats delivered Five Guys yet.) The contributing authors list reads like someone raided a cybersecurity hall of fame: Jen Easterly, Bruce Schneier, Chris Inglis, @philvenables, Heather Adkins @argvee, @RGB_Lights, @sounilyu, @jimreavis, Katie Moussouris @k8em0, Jon Stewart, Maxim Kovalsky, David Scott Lewis, Joshua Saxe, John Yeoh, Ramy Houssaini and James Lyne. Every single one said yes within hours. Cloud Security Alliance @cloudsa, @SANSInstitute, [un]prompted, @OWASPGenAISec -- four organizations that don't usually build things together at this speed. This is the start. SANS reviewers who showed up: Chris Cochran @chrishvm, @edskoudis, Viswanath S Chirravuri @vchirrav, @bettersafetynet, Ciaran Martin Thursday @edskoudis, @joswr1ght, and @chriselgee stop talking and start showing. Live AI-assisted vulnerability discovery against real code. No slides about the future. Terminals and bugs. (The kind of demo where something breaks and that IS the point.) Full reviewer list is in the doc. If you know someone on it, send them a note. They earned it. But an even bigger thank you -- seriously -- from the entire cyber security community needs to go to @gadievron for once again bringing the avengers together -- like in Endgame (is that what Mythos is?) -- and you all know the scene -- but we need someone to create the meme with Gadi Evron with his shield and Mjölnir saying "Avengers..... assemble!" because that is exactly what he does. A lot it seems. Read it: labs.cloudsecurityalliance.org/mythos-ciso Going to sleep now. Setting my alarm for Thursday. (Not joking.) #CyberSecurity #AISecurity #SANSInstitute

@robrounsavall @gadievron @AnthropicAI @cloudsa Thank you!

@robtlee @gadievron @AnthropicAI @cloudsa I have my study plan for the week! ^^^ Great work, pulled it down as soon as I saw it, already digging in...

Anthropic released Mythos on Tuesday. By Sunday, 60+ security leaders had written the briefing the community needed. "The window between discovery and weaponization has collapsed into hours." — @RobTLee, SANS Institute 181 working Firefox exploits. The previous best model managed 2. Read the blog → go.sans.org/Bw3mxJ Read the briefing → labs.cloudsecurityalliance.org/mythos-ciso/ Join us Thu 4/16 at 12PM ET → go.sans.org/DM0LjN #Cybersecurity #AIRisk

SANS is launching Find Evil! -- the first hackathon for autonomous incident response AI. Registration opens April 15. $22K+ in prizes. findevil.devpost.com

Honestly, Ed, I hadn’t thought about it from that angle until I read what you wrote. The number of people in this community who are genuinely passionate, who are using their platforms not just to talk but to actually push things forward (that part matters more than we give credit for), it is inspiring when you step back and look at it whole. The risks are real. But I’m more optimistic right now than I was in January. Something about this moment feels like the early days again, the kind of pull that only happens when hard problems need communities more than they need heroes. (And we have enough of those. Heroes, I mean.) Thanks for the perspective check.

One of the most well-known AI red-teamers in the community, @elder_plinius, just called it quits and killed all public research. Yesterday, April 1, he announced everything is going closed source, effective immediately. After years of free drops, open tools, and research that the entire AI security community built on, he walked away. I was floored, genuinely sad and disheartened. I had to get up and take a walk and think about what this meant and what truly triggered this change of heart. (My hero was taking his super suit off and hanging up his cape.) I formed a plan on that walk. I'm actually spending time with him in person at the AI Summit in a few weeks (mask, voice modulator and all), maintaining his anonymity on stage. And honestly, that part alone is fascinating. How many people have ever spoken at a conference masked? (Also what mask? Guy Fawkes? Daft Punk? Lucha libre? The possibilities here are endless.) Our entire conversation just changed for the fireside chat that Sam Sabin is leading. I started drafting new questions focusing on this change of heart. Full planning engaged. Maybe even trying to convince him to put the cape back on. Then suddenly, like a punch in the face, APRIL 1. Dagnabbit. Seriously? I just spent 2 hours going from shock, to emotions, to acceptance, to action plan. And I forgot the date. Well played Pliny. Well played. And yes, there might be some underlying truth to your post (there always is) x.com/elder_plinius/… Guess I'll save a few of these questions for when I see you later this month on Apr 21. See you there... @AnneNeuberger, @elder_plinius, @robvanderveer, @sounilyu @bardenstein, @aboutsecurity, @joshuasnavely, @pyotam2, @edskoudis @SANSInstitute

Registration is OPEN for Find Evil! the first hackathon for autonomous AI incident response. Built by the community, for the community. $22K+ in prizes. Mission: Make Protocol SIFT, the framework connecting AI agents to the SIFT Workstation's full toolset, into a fully autonomous incident response agent. SIFT Workstation is a beat to shreds, open-source incident response platform with 200+ tools. 19 years of community development. 60K+ downloads annually. No incident response background required. New to AI? Good. Get your hands on the tools and learn with us. Registration open April 1. Hackathon starts April 15. Submissions due June 15. Register: findevil.devpost.com Read more: robtlee73.substack.com/p/registration… Sponsored by @SANSInstitute