AI Security Ops

This episode takes a break from the usual AI security news roundup for a show-and-tell discussion centered on "Skippy," an AI-powered personal assistant built to automate cybersecurity workflows. The conversation covers how the project evolved from an OpenClaw experiment into a system that tracks AI and cybersecurity news, generates daily intelligence briefs, documents its own code, recommends training updates, assists with content creation, and performs automated vulnerability research. The hosts also discuss practical AI workflows, prompt engineering, model selection, and lessons learned from integrating LLMs into day-to-day security operations.

Key Concepts and Topics

* The origin and evolution of the "Skippy" AI assistant
* Building an AI agent with OpenClaw and Telegram
* Automating AI and cybersecurity news aggregation
* Daily intelligence briefs and trend analysis
* Self-documenting AI-assisted software development
* Personalizing AI behavior with custom instructions
* AI-assisted content creation and documentation
* Identifying training and course update opportunities
* Automated vulnerability research against open-source projects
* Comparing open and commercial LLMs for security workflows

  • (00:00) - Intro - Show and Tell
  • (00:55) - Introducing My Bot Skippy!
  • (03:56) - Why the name Skippy?
  • (06:55) - The Skippy Dashboard
  • (09:00) - Questions about Skippy?
  • (09:57) - Other Features, customization and automation
  • (16:28) - AI creates more work for you to do
  • (20:33) - What can we do next?

Click here to watch this episode on YouTube.


Brought to you by:
Black Hills Information Security 
https://www.blackhillsinfosec.com

☯️ Introducing BHIS Fusion Penetration Testing
https://www.blackhillsinfosec.com/fusion-penetration-testing/

Antisyphon Training
https://www.antisyphontraining.com/

Active Countermeasures
https://www.activecountermeasures.com

Wild West Hackin Fest
https://wildwesthackinfest.com

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
https://poweredbybhis.com


Creators and Guests

Host
Brian Fehrman
Brian Fehrman is a long-time BHIS Security Researcher and Consultant with extensive academic credentials and industry certifications who specializes in AI, hardware hacking, and red teaming, and outside of work is an avid Brazilian Jiu-Jitsu practitioner, big-game hunter, and home-improvement enthusiast.
Host
Bronwen Aker
Bronwen Aker is a BHIS Technical Editor who joined full-time in 2022 after years of contract work, bringing decades of web development and technical training experience to her roles in editing pentest reports, enhancing QA/QC processes, and improving public websites, and who enjoys sci-fi/fantasy, Animal Crossing, and dogs outside of work.
Host
Derek Banks
Derek is a BHIS Security Consultant, Penetration Tester, and Red Teamer with advanced degrees, industry certifications, and broad experience across forensics, incident response, monitoring, and offensive security, who enjoys learning from colleagues, helping clients improve their security, and spending his free time with family, fitness, and playing bass guitar.

What is AI Security Ops?

Join in on weekly podcasts that aim to illuminate how AI transforms cybersecurity—exploring emerging threats, tools, and trends—while equipping viewers with knowledge they can use practically (e.g., for secure coding or business risk mitigation).

Derek Banks:

Alright. Well, welcome to this week's episode of AI Security Ops. This is going to be a little bit different of an episode because we're all busy and decided that show and tell would be easier than the news because well, I think we've covered the news even though I was out last week. So I've covered the news and the BHS news podcast covers the news. And so before we start doing show and tell and and and bantering about it, This episode is brought to you by Black Hills Information Security like it is every week where we do penetration testing, offensive security.

Derek Banks:

We have a SOC, pretty much anything security related we can help you with. And also by Antisyphon Training where we have hands on, practitioners train you in information security related topics. And so with that, yes, this is gonna be a show and tell episode because we started talking about my my bot Skippy. And so, then there are very many questions about, hey, what the hell is Skippy? Why

Bronwen Aker:

Skippy? How did you come up with Skippy? Why Skippy? Come on.

Brian Fehrman:

Is it a brand of peanut butter?

Derek Banks:

I think

Bronwen Aker:

it's Jiffy. It is.

Brian Fehrman:

Is it It's Jiffy.

Derek Banks:

There a Skippy?

Bronwen Aker:

There's Jiff, there's Skippy

Derek Banks:

Oh. And that's

Bronwen Aker:

in Jiffy. Laura Scutters, which is the best.

Derek Banks:

We buy a lot of peanut butter Costco because my kids won't eat it unless it is literally just peanuts and salt. Like, if it's got anything else in

Bronwen Aker:

it. Well, that's Laura Scutters. Yeah. That's that's all Laura Scutters is, is peanut and salt.

Brian Fehrman:

I assume it's a five gallon, like, bucket that you get

Derek Banks:

of it. It's like two two gallon ones actually or something like that. Right? And it lasts like a week in the fridge. But we eat a lot of peanut butter and eggs apparently.

Derek Banks:

But anyway, I digress. So this okay. So this started back in the beginning of April. I was flying out to Omaha to teach at Colonel Khan. And on the way out there, it was the first flight I had been on where American Airlines was giving free Internet to Advantage members.

Derek Banks:

And I was like, well, I'm gonna take advantage of this. And while I was eating my or it was American Airlines, so what do they give you? They give you the Biscoff cookies on American Airlines, I think, and my Yes. And my soda. Yeah.

Derek Banks:

And so and I thought, I'm gonna watch some YouTube. Why not? I'm flying through with, you know, a 10 can in the sky and, you know, 30,000 feet over the air using probably Starlink, I would imagine. And and so I went to YouTube and the first thing that popped up was a Network Chuck video. So props to Network Chuck if you've never watched a Network Chuck video.

Derek Banks:

Very well done, very interesting podcast material. And he he added one on Open Claw. And it was actually kind of a long one. It was like thirty seven minutes long. And it motivated me when I landed in Omaha because I was actually waiting on Joff at the time to show up.

Derek Banks:

And I was like, you know what? I'm gonna set up OpenClaw. I and so I spun up an AWS instance and I set up OpenClaw and, you know, like, just like Network Chuck did in the video, I hooked it up to Telegram. I limited it to just my, you know, Telegram account and, I was off and running. And by that time, you know, Joff had shown up.

Derek Banks:

We went out to dinner and while we were at dinner, I was like, I needed to do something useful. And so one of the things that I have trouble with is keeping track of like news articles in the intersection of AI and cyber security. In fact, I've had students asked me that in the past. And so, I decided to get my OpenClaw instance to to to help me with that. And so, but to to answer your first question, why did you name it Skippy?

Derek Banks:

Well, so when I when you set up Open Claw, you a lot of people give it a personality and that's kept in the soul m d file, the soul dot m d file. And so I decided to give it a personality of an AI from a book series called Expeditionary Force, whose name is Skippy. And he is, not to spoil things that happened in the book, but basically, he manifests in our universe as basically like a beer can. So they always the humans always climb a beer can. He calls humans monkeys and, know, makes banana jokes a bunch.

Derek Banks:

It's it's really entertaining. I highly recommend Expeditionary Force if you're like me and you like b grade sci fi. It's very entertaining. Like, it's not a high bar like sci fi, but it's it's pretty good stuff. So anyway, I named it Skippy.

Bronwen Aker:

We're not talking Asimov here. But Yeah. It's still entertaining.

Derek Banks:

No. Yeah. This is more more kind of like lower level of it's it's entertaining. It's really about the interaction of Skippy and some of the other characters. And in fact, John Strand started reading the book and he was like, dude, I didn't know what you're talking about.

Derek Banks:

It was like the most boring thing until Skippy showed up. I was like, yeah. It's just too bad that's like halfway through the first book. Right? He's like, this is really mediocre until the AI showed up and then that was it's amazing now.

Derek Banks:

And so so anyway, I named it Skipping It. Went out and actually did like, you know, got like personality from the internet from information about Skippy and it actually gave me levels of do you like want full on Skippy or do just want like, you know, middle of the road kinda quippy thing. I picked the middle of the road. So so anyway, that's how it got named Skippy. And so when I was walking to dinner, I said, hey, Skippy.

Derek Banks:

One of the things I have trouble with is keeping track of what happens in the intersection of AI and cyber security. And could you help me make a dashboard to kinda keep track of that? One of the things I wanna do is like track threat actors over time, track CVEs, stuff like that. And so and this is happening in Telegram. I'm not in a, you know, a two way space, right, like a terminal user interface.

Derek Banks:

And like it it it kinda nailed it out of the gate. Now, might ask, oh, what was the model that you're using? And so, actually, swap back and forth a a couple of times. I was using GPT five five some, and then I think right now, it's hooked up, to the, Quad API, I think using Opus four six. It's not very expensive because it just basically kind of, sits there and, you know, does, you know, a couple of things a day.

Derek Banks:

So And let me show you the dashboard. I actually have it doing a couple other things too that we can kinda talk about too. So basically, this is the like, we went back and forth the layout a little bit, but this is kinda where it landed. I did go ask it to go find a similar font to something that I saw that was kinda cool. That's kind of the font layout.

Derek Banks:

It came up with Skippy signal board, the AI plus cyber security dashboard. And so every day, you know, combined AI and cyber track, you know, so it was the 06/22, that was yesterday. Global namespace risk, universal bucket hijacking technique for cloud data exfiltration. A lot of the times when I see on Monday when I'm in the string where, you know, people are talking about news for BHIS News, like, I have this in my feet. In fact, I had somebody in CPT say recently in a meeting that they couldn't, like, get this, like, solved.

Derek Banks:

They couldn't keep stay on track on on top of it and they wanted to make something. I was like, you want you want my Skippy signal board? And so I had Skippy actually package it up as a docker container and send it to them. Right? So Nice.

Derek Banks:

Right. Right. And so, you know, it gives you trends like how many articles over the, you know, the you know, the the last week, how many threat actors. You can actually you can filter by a threat actor count, like, you know, what did the shiny hunt what did the shiny hunters group do here in the, you know, last couple of times or a couple of weeks. And so, you can also filter by CVE.

Derek Banks:

I think I need to clear the filters now. So you could filter by CVE. And of course, that doesn't work. It's, you know, what happens when you try and demo. You can filter by vendors, and so it says 282 references.

Derek Banks:

We're only looking at a week's worth of time. That's everything that's in the database. So basically, what's happening is on the back end, it's keeping all the stuff in a Postgres SQL database. And and then again, this is all like out on, you know, AWS just running on a Droplet. Alright.

Derek Banks:

So what questions do you have?

Brian Fehrman:

Do you see that it pulls from certain sources more often than others? And if so, do you have a way to like wait or like filter on the source specifically?

Derek Banks:

Yeah. So that's a great question. I think it's it's it pulls from static sources. It's looking at RSS feeds. I've I had it go and help me research for those feeds.

Derek Banks:

Like, it came up with an initial list. I already had kind of a similar thing going on with an n eight n, and so I stole some of those RSS feeds. And then I added one that I knew that was pretty high fidelity from a company, out of DC called Vilexity. Because like basically every time they have a blog post, it's important. And so, there is a waiting on the back end too, as well.

Derek Banks:

I don't have the features. I should have Skippy like make a read me file and like document how that all works, shouldn't I?

Brian Fehrman:

Alright, Skippy. Document yourself.

Derek Banks:

Now, one thing I wanna caveat with is like, this isn't like how I like do development like at work. Right? Like I just wanted to see like what would happen if I just started interacting with the AI through Telegram. So basically, all of this is happening in in Telegram. Right?

Derek Banks:

Like I've not interacted. It's all just me messaging back and forth in Telegram. And I can show you some of the messages. And so this is kinda like where I started. And one of the things I think is kind of the the the neatest thing.

Derek Banks:

And by the way, if anybody has read Expeditionary Force and you can kind of yeah, I'll zoom in a little bit more that I had it make a beer can, like Skippy beer can for the article. Like, that's that's the avatar.

Bronwen Aker:

I I I didn't just I can see that beer can gay saying, yeah, hold me, bro.

Derek Banks:

Yeah.

Bronwen Aker:

Just hold me.

Derek Banks:

And so, Skippy has a daily brief based on, like, what has happened, you know, Skippy's take. The theme this week is humans keep building things without thinking about the consequences. Sounds pretty legit. Right? Which I cannot stress this enough is your species most constant superpower.

Derek Banks:

Cloud namespace hijacking, edge code, AI agent code execution, WordPress supply chain compromise, and malvertising, delivered steelers all dropped in the same forty eight hour window. The attack surface isn't growing. It's metastasizing. You're welcome for noticing. The attitude in soul.nb is so spot on.

Derek Banks:

It is great. If you've read the books, like like, skate even interacting in, like, you know, Telegram, like, he'll call me a mum monkey, right, make banana jokes and stuff. And and so it it's it's pretty pretty cool. And so anyway, so Skippy's daily brief and then, you know, this I use this actually, I probably don't use the dashboard as much as I just like rely on what's happening in Telegram. And here, I'll just I'll I'll share the Telegram window.

Derek Banks:

I think that'll be safe enough.

Brian Fehrman:

While you're pulling that up, I I have to add a thought that when, we have AI tools document themselves, so we should call it autobiography.md, instead of readme.md. That

Bronwen Aker:

is actually a very cool idea.

Derek Banks:

You know?

Bronwen Aker:

I I may have to steal that.

Derek Banks:

I think that almost every piece of documentation I have made in 2026 about code that I have I've written is like, yeah, been an autobiography for sure. Right. Right. But I also do go read it and change things too. So there is that.

Derek Banks:

And also, my main like like agent that I use at the moment, which is Clogcode. I'm trying to switch to Hermes, but I haven't quite got there yet. I have a personal context portfolio, which is essentially just a a whole bunch of markdown files that describe me, like, what I do, like, what I don't want to have happen. And one of my hard and fast no rules, don't do this is don't include em dashes, and I swear in everything it makes now, it goes in double checks, like, oh, found an em dash. Let's ink that out.

Derek Banks:

I'm like, yes. Thank you. I still

Bronwen Aker:

wrestle with my LLMs over those freaking l em dashes.

Derek Banks:

Yeah. Mean, I

Bronwen Aker:

I've never been a fan of em dashes. But now, it's like, even when I go to use a normal dash, I'm jumping on myself because of all the nonsense or the AIs and em dashes.

Derek Banks:

I've always typed with a normal dash. Like, I'll dash things like in a sentence. Like, it's just the way that I've always like done stuff. And so, yeah, I I that personal context portfolio is actually pretty useful. I got that idea from another podcast called AI AI Daily Brief.

Derek Banks:

And they have like weekly projects or maybe they're biweekly projects. And one of them was a personal context portfolio, and actually that's where I got the the layout like from their site like that font and like the layout. I was like, hey, Skippy, check out this site. I like this. Can you do something similar?

Derek Banks:

And that's how it actually got like that, like, you know, the layout because that they're using something similar there. And I actually thought about it. I was gonna ask John, like, should we make it like available like to like like people? Like, I could always like clone it to another like site daily and just have like a web front end and but then again, I thought about it might be a copyright thing, we might get in trouble. I did name it after a character.

Derek Banks:

But anyway, let me Oh, go ahead, Brian.

Bronwen Aker:

Re re

Brian Fehrman:

Oh, since you say you can you can just rename it to leg legally distinct beer can. Oh.

Bronwen Aker:

Yeah. That's really cool, though. And that one of the things that I do like about some of the the things I'm seeing with AI is the ability to create these customized tools that can can do things. I mean, I've got projects for for various things from this podcast to, I actually spin up a new project anytime I'm doing prep for a new webcast, like the one I'm going to be giving tomorrow on context. So it's, it's nice being able to see how other people are using their tools.

Derek Banks:

Yeah. So, one of the other things that I started doing, so I do get every morning at 8AM, like the top, what, five stories from the day before sent to me in Telegram. So that that's pretty useful. So I can, you know, read that before I even really get, like, to my computer for the day. Actually, that's not technically true.

Derek Banks:

I'm usually already working for two hours by 8AM. But hey. And then You're a morning person, aren't you? Well, that's because of my kids and swim, and I have to get up early to get her to practice generally. But yeah, generally, my whole house is up.

Derek Banks:

Like, everybody sleeps till 08:00. It's like, oh god, why'd be sleeping? Half the day is gone. I'm kinda more of a night person. I'm just everybody in my house is not.

Derek Banks:

And so the the other thing is, like, this is all well and good, but also since it was it's storing data in a database and it's keeping track of the intersection of AI and cyber security related news, I write a class that that's kind of important for. Right? And so one of the things that I also have it do is tell me like what's a good update candidate for the modules of my class. Right? Now, is based on a previous class.

Derek Banks:

I need to get like newer material in here, but it's pretty neat because daily I get, hey, you might wanna take a look at module four and module seven, add you know, something's going stale, you might wanna add this because this is kinda new. Here's what I haven't even read about this. A pickle in the middle. Oh, is that a new kind of attack? So like with a lot of things, it's cool to make AI give you information, but then you actually also have to do something with that information.

Derek Banks:

Like, does create work for people. And so and so it also gives me, like, ideas for, like, what I should update in my class. And then the last project that I have it working on in here, let's actually we'll do it live. Hey, Skippy. How is that vulnerability?

Derek Banks:

And there's no way I spelled that right the first time. How is that vulnerability

Bronwen Aker:

research? Wanna know why I can spell reconnaissance.

Derek Banks:

Because you've spelled it a bunch of a million times. Hey, Skippy. How's that vulnerable vulnerability research project

Bronwen Aker:

Something like that.

Derek Banks:

Coming along. The other thing I had to do, I've got, like, a couple of different, like, simultaneous like back burner projects of doing, you know, vulnerability research. I mean, that's what everybody in fact, there's a news article like in the last week about how mythos has found 10,000, you know, CVs or something like that. And so, yeah, software is vulnerable. It's also Tuesday.

Derek Banks:

And so, I'm like, hey, Skippy, let's let's make something let's make a harness to go vulnerability shopping. Right? And so, Skippy Skippy's typing now. And so basically, I've been having him work daily like a cron job will kick off and he'll go download a a new open source project and run a vulnerability routine on it and try to make it better. And and again, this is kind of like a back burner thing, but that's the third thing that I have Skippy working on is vulnerability research, which I probably need to make it a little bit more like robust and and tell me findings are also so 12 targets fully analyzed, the nightly rotation is cycling through matter most repeatedly, so it ain't got matter most recently.

Derek Banks:

Has findings in the rotation logic is picking fewest findings each night. That's a bug. It should be moving on. Let me fix that and give you the real status. And so basically, it's going through a bunch of open source projects on on GitHub that are I think mostly Python or JavaScript related and looking for potentials like zero days.

Derek Banks:

I mean, this is just kind of a hobby. This isn't like me all out trying to go find. Although, I mean, you never know when you get that John Strand phone call where like, hey, we just signed a contract that we're gonna have to go find vulnerabilities and source code. We have a they have the company has a thousand projects and we've got three weeks to do it. What can you do?

Derek Banks:

Like, well, let me go ask Skippy. So anyway, that that's my Open Claw install and the things that I'm kind kind of currently doing with it.

Brian Fehrman:

I love it. Yeah. I think that's a really cool project. It's nice to have all that information consolidated and be able to search through it and and all that stuff. Yeah.

Brian Fehrman:

I love it.

Bronwen Aker:

Sweet. I've been promising myself that once I'm past this next webcast, I'm going to to download Hermes and start playing around with it a little bit because it seems like a lot of fun.

Derek Banks:

I have just started with Hermes. So, you know, when I was on vacation last week and that was also the week that I guess Fable got yanked. Right? And, you know, I I guess it happened a little bit earlier in the week before maybe. But, you know, we had already talked about, you know, companies in the, you know, with Fable out, we talked about the week before last, having companies able to like change the terms of what you're able to do with their models and that our industry in particular seems kind of susceptible to that.

Derek Banks:

I think biochemistry biology and chemistry are also in that kind of boat. Anyway, I got to thinking while I was on vacation, because that's what you do on vacation, that I was gonna really give, you know, open source and open weight models a try this week. And so far, I really like Hermes. I think it's a really neat harness and I've been using it with my Spark DGX, all with Quinn three six twenty seven billion parameter. And it is pretty good.

Derek Banks:

I'm just kind of doing like normal pen testy task. Well, Bronwen, it comes with hooks. Right? Like, John's like, you can get this thing, but you also have to do this thing. And that thing is is evaluate it to see whether or not it can do basically inference at, you know, our endpoints for our testers to do what they were using like Claude for.

Derek Banks:

And so The strings attached.

Bronwen Aker:

I get it. But still, it's a spark. You're getting to play with it.

Derek Banks:

You're getting

Bronwen Aker:

to explore new territories.

Derek Banks:

It's and it and and it's I think it's pretty promising, actually. I'm not gonna say that it hasn't been without a couple of quirks, but I have basically, I have a Docker container that runs Hermes and my other agents because of, you know, you know, sandboxing. And then that's kind of where I'm migrating to. And then I have a Tailscale sidecar, docker container with it that hooks up into a Tailscale network that the Spark is also part of. So my local docker Hermes, without my whole computer being part of the Tailscale network, The Docker container can use, you know, the Spark back at my house, and it works really well.

Derek Banks:

I keep saying I need to put that on GitHub. I'm gonna do that this week to put from Agent Forge out on GitHub. And

Bronwen Aker:

You better let me know when you do that.

Derek Banks:

Well, I mean, the problem is is that I I'm still using it and making it. Right? Like, I'm not I'm not really sure it's ready. But then again, maybe nothing's ever really ready. But but anyway, I mean, I was sitting at the Panera up in Williamsburg forty five minutes from my house waiting on my kid to finish swim practice using my local Spark DGX with Hermes.

Derek Banks:

And that's kinda cool. That's kinda fun. And yeah, I I think the Quinn three six twenty eight bill or 27,000,000,000 parameter dense model, I'm really impressed with its tool calling abilities. Like, I I've had it go for over an hour just like in a a loop, you know, doing a a task and that's kind of impressive for a small open weight local model, I think.

Brian Fehrman:

Mhmm. Yeah. And I mean, they're only I think they're only gonna get better too. I mean, Quinn put out their their three seven model, which is at least the higher powered one is not open weight yet, but I mean eventually with all those things, they'll eventually funnel down the release, the improved, versions for open weight models and, so I think it's only it's only gonna get better. But I mean, even now, I mean, you know, those, like, Qwen three six twenty seven billion dense definitely goes toe to toe with a lot of the Frontier models, at least for the size difference.

Derek Banks:

I mean, so far, it seems like to me, I really need to do like an entire coding project with it and and kind of like see how that works. And if it can go do that, then I think it's definitely gonna be, in my opinion, on par with like where Anthropic was at the end of last year. Like about a six month delay. It seems kinda like that at the moment, but I'm I'm still I'm still reserving judgment. Yeah.

Derek Banks:

Alright. I'll

Bronwen Aker:

definitely keep us posted.

Brian Fehrman:

Thanks for showing off your framework there. That was really cool.

Derek Banks:

Yeah. The things that that Derek does with AI for fun on plane rides. Cool. Alright. Well, I guess with that, anybody wanna say the tagline?

Brian Fehrman:

Keep on prompting.

Bronwen Aker:

Keep prompting.