Weaponized AI: Making Low Severity Exploits Critical -- Live! 360 Events

Red Team Tactics and Techniques

CRTH06 Weaponized AI: Making Low Severity Exploits Critical

11/21/2024

1:00pm - 2:15pm

Level: Intermediate

Erica Burgess

Cybersecurity and AI Architect

Tyler Technologies

Ethical hackers like myself have been using many types of AI to hack systems for a few years now, but some offensive security techniques require generative AI and other new tech. I'll discuss how I used AI to generate an RCE 0-day for server compromise, manipulate search engine AI for vulnerability discovery, captcha bypass, tools that would have been impossible without generative AI, and more. We'll also discuss risks specific to AI systems and defense.

You will learn:

About AI-specific defense evasion techniques and how to defend (i.e. AI voice clone demo for social engineering, and AI related appsec attacks).
How to mitigate AI-specific risks of using or building various types of AI systems.
About using various types of AI for cutting edge offensive security research i.e. generating new 0-days before an attacker does. Additionally, we apply this knowledge towards general tool orchestration using Azure's OpenAI API.