WEBVTT NOTE This file was generated by Descript 00:00:00.000 --> 00:00:04.489 Speaker 2: I really feel that input validation is a losing game with 00:00:04.489 --> 00:00:07.730 AI because natural language has so many, like a natural language 00:00:07.730 --> 00:00:09.260 system has so many bypasses. 00:00:09.590 --> 00:00:12.410 And like, even if you block all special characters, like some of 00:00:12.410 --> 00:00:15.530 the techniques, you can literally just describe them with words. 00:00:16.030 --> 00:00:20.080 And so like there's always gonna be a creative bypass in this type of system. 00:00:22.230 --> 00:00:25.740 Speaker: Simply Defensive brings you the industry's top practitioners, 00:00:25.800 --> 00:00:33.300 innovators, and leaders to inform, educate, and join us defensive. 00:00:38.678 --> 00:00:41.858 Josh Mason: Hello, and welcome to the latest episode of Simply Defensive. 00:00:41.888 --> 00:00:45.488 I'm Josh Mason, the only person here who hasn't keynoted a Wild West 00:00:45.488 --> 00:00:48.178 Hacking Fest, and with me as always. 00:00:48.678 --> 00:00:49.038 Wait, what 00:00:49.538 --> 00:00:50.048 Wade Wells: What's up? 00:00:50.348 --> 00:00:51.068 Was last year. 00:00:51.278 --> 00:00:51.578 All right. 00:00:51.578 --> 00:00:53.488 And it was the, closing keynote. 00:00:53.548 --> 00:00:55.523 I don't know if that counts or so 00:00:55.628 --> 00:00:56.153 Jason Haddix: it does. 00:00:56.453 --> 00:00:56.843 Wade Wells: does it. 00:00:56.903 --> 00:00:58.853 Honestly, it was the better of the two. 00:00:59.063 --> 00:01:00.143 Jerry's pretty upset about it. 00:01:00.643 --> 00:01:01.663 Josh Mason: It was pretty damn good. 00:01:02.053 --> 00:01:05.683 Uh, and with us today, uh, our good friend Jason Haddix. 00:01:05.683 --> 00:01:06.913 Jason, thanks for joining us, man. 00:01:07.413 --> 00:01:08.318 Jason Haddix: Hey, thanks for having me. 00:01:08.673 --> 00:01:12.213 Josh Mason: And I feel like you need an introduction if you all don't know 00:01:12.213 --> 00:01:17.443 who Jason is and you're listening to us, like choices, life choices so 00:01:17.443 --> 00:01:20.393 Jason you you're running arc anum. 00:01:20.843 --> 00:01:24.023 For those who don't know you, you've been the siz o at 00:01:24.073 --> 00:01:24.553 UB soft. 00:01:25.053 --> 00:01:26.343 You've been a bug crowd. 00:01:26.393 --> 00:01:28.343 You're doing stuff with flare. 00:01:28.843 --> 00:01:33.373 And you, in my opinion, are one of the thought leaders in 00:01:33.373 --> 00:01:35.383 the AI cybersecurity space. 00:01:35.883 --> 00:01:37.053 Just all Around. 00:01:37.553 --> 00:01:42.193 you seem to have, a good grasp of how to attack it, how to use it. 00:01:42.443 --> 00:01:47.773 . Wade, you have taken Jason's class on using ai. 00:01:47.848 --> 00:01:48.238 Wade Wells: yeah. 00:01:48.508 --> 00:01:52.558 I took the Red Blue Purple AI course, I wanna say maybe two years. 00:01:53.038 --> 00:01:54.988 There's a second cohort that was going through. 00:01:55.488 --> 00:01:55.673 I think. 00:01:55.763 --> 00:01:56.693 Jason Haddix: been a year and a half ago. 00:01:56.928 --> 00:01:57.468 Wade Wells: Yeah. 00:01:57.498 --> 00:01:57.768 Yeah. 00:01:57.768 --> 00:02:00.078 I saw you on Jerry's. 00:02:00.498 --> 00:02:03.188 It's on what is the fireside chat? 00:02:03.398 --> 00:02:06.998 And I was like, okay, I need, 'cause I had been playing around with AI for a while, 00:02:06.998 --> 00:02:09.248 but I hadn't really dived into it yet. 00:02:09.698 --> 00:02:14.078 And honestly the course just skyrocketed my experience like 00:02:14.143 --> 00:02:14.443 Jason Haddix: to hear. 00:02:14.618 --> 00:02:15.578 Wade Wells: ridiculous. 00:02:15.668 --> 00:02:19.928 And it I came back and had instant like use, I'm still using the stuff 00:02:19.988 --> 00:02:24.008 today at my current org and I am signed up for the course again. 00:02:24.458 --> 00:02:26.758 And so gonna be another one in December. 00:02:26.758 --> 00:02:29.218 We don't know when this is gonna air, but that's, to say. 00:02:29.718 --> 00:02:33.738 I do wanna shout out one thing though, in that class way back then, you were 00:02:33.738 --> 00:02:37.408 talking shit about CTI and Little bit. 00:02:37.408 --> 00:02:40.798 A little, and now you're a field CISO for flare, so I just 00:02:40.798 --> 00:02:42.208 thought that was hilarious. 00:02:42.298 --> 00:02:42.598 But. 00:02:43.098 --> 00:02:47.258 Jason Haddix: So I think the con, I think in that class, the conversation 00:02:47.258 --> 00:02:51.418 was that I've had a lot of different hats and I've had to manage a lot of 00:02:51.418 --> 00:02:55.488 different groups inside of security it was always hard as a leader. 00:02:55.988 --> 00:02:57.998 To prove value of CTI. 00:02:58.298 --> 00:03:01.478 Not that I didn't think that CTI was valuable. 00:03:01.658 --> 00:03:06.548 It's just hard for them to prove what we're doing every day is cost effective 00:03:06.548 --> 00:03:10.448 as opposed to other groups in security, which give you an artifact pretty much 00:03:10.448 --> 00:03:12.008 after they do anything right, like pen 00:03:12.508 --> 00:03:17.088 Or And I think CTI and threat hunting suffer from this both a little bit. 00:03:17.588 --> 00:03:19.748 And sometimes your CTI people are your threat hunters. 00:03:19.748 --> 00:03:21.548 It depends how big your organization is Right? 00:03:22.048 --> 00:03:23.498 some teams wear many hats. 00:03:23.498 --> 00:03:28.168 But I think that was one of the things it's it was just like I remember. 00:03:28.558 --> 00:03:32.808 I remember looking at some investigations and then some threat hunts and then 00:03:33.228 --> 00:03:36.708 looking at artifacts and it just wasn't where I wanted it to be. 00:03:37.038 --> 00:03:38.778 And that could have just been my personal experience. 00:03:38.958 --> 00:03:41.348 It's every, place is different. 00:03:41.348 --> 00:03:47.538 But like I do think that there are some very pointed, kind of components 00:03:47.543 --> 00:03:50.148 of CTI that are really valuable. 00:03:50.148 --> 00:03:52.988 So the cyber I think that. 00:03:53.488 --> 00:03:55.918 The credential kind of leakage problem. 00:03:56.103 --> 00:03:56.443 Wade Wells: yeah. 00:03:56.893 --> 00:03:58.963 Jason Haddix: Is one of the biggest ones. 00:03:59.263 --> 00:04:01.063 If you look at any fucking breach, oh, sorry. 00:04:01.563 --> 00:04:02.343 Wade Wells: No, we can cuss. 00:04:02.343 --> 00:04:02.793 Go for it. 00:04:02.898 --> 00:04:03.348 Josh Mason: You're fine. 00:04:03.363 --> 00:04:03.843 Wade Wells: You're good. 00:04:04.173 --> 00:04:04.293 Yeah, 00:04:04.398 --> 00:04:04.548 Jason Haddix: Yeah. 00:04:04.548 --> 00:04:05.148 If you look at, if 00:04:05.178 --> 00:04:05.748 Josh Mason: We're grownups. 00:04:06.248 --> 00:04:10.108 Jason Haddix: Across the industry it's like something that's 85% of 00:04:10.108 --> 00:04:14.508 'em are started by some sort of either leak credential or someone's 00:04:14.508 --> 00:04:17.388 been part of a different breach, password reuse or something like that. 00:04:17.778 --> 00:04:20.598 And so like that whole part of. 00:04:21.098 --> 00:04:24.998 is really important is to first of all, identify which accounts have been 00:04:24.998 --> 00:04:29.278 leaked, how they have been leaked, what the mitigation is going to be for that. 00:04:29.278 --> 00:04:31.468 Whether you're going to roll a credential, whether you're going to 00:04:31.468 --> 00:04:35.038 reset a password, whether you have to reformat a whole goddamn machine. 00:04:35.038 --> 00:04:36.778 'cause there's malware on that machine, 00:04:36.778 --> 00:04:37.078 right? 00:04:37.088 --> 00:04:37.363 Wade Wells: Yeah. 00:04:37.573 --> 00:04:39.703 Jason Haddix: And I actually see that last one I don't see 00:04:39.703 --> 00:04:40.663 a lot of people talk about. 00:04:40.843 --> 00:04:45.123 Like when as part of Flare, I've learned a lot about the CTI underground, 00:04:45.453 --> 00:04:48.863 and when you get Steeler logs and you look at those and you're like, 00:04:48.863 --> 00:04:52.483 okay, an employee's laptop has been infected with actual Malware. 00:04:52.983 --> 00:04:55.833 that, that exists usually at like the system level, 00:04:55.833 --> 00:04:55.998 right? 00:04:56.498 --> 00:04:58.538 Like on the kernel level, depending on they had an 00:04:58.538 --> 00:04:59.528 exploit or something like that. 00:04:59.918 --> 00:05:02.408 And so a lot of customers like, oh, we'll just roll the account. 00:05:02.413 --> 00:05:02.513 It's. 00:05:03.013 --> 00:05:03.233 Wade Wells: No, 00:05:03.253 --> 00:05:08.163 Jason Haddix: you have to like like actually nuke that system and start from 00:05:08.543 --> 00:05:08.833 Wade Wells: Okay. 00:05:09.333 --> 00:05:12.873 Jason Haddix: And that, that's a harder discussion too, if it's a personal system, 00:05:13.158 --> 00:05:13.578 Josh Mason: Oh yeah. 00:05:13.623 --> 00:05:13.863 Jason Haddix: someone's 00:05:14.318 --> 00:05:14.608 Wade Wells: Yeah. 00:05:14.883 --> 00:05:17.043 Jason Haddix: that they logged into corporate resources with, 00:05:17.193 --> 00:05:18.243 how do you go tell a personal. 00:05:18.743 --> 00:05:23.723 Per oh, your, the laptop that you and your kid and your wife uses at home got 00:05:23.723 --> 00:05:29.663 malware on it because someone downloaded a crack for Fortnite or free B bucks or 00:05:29.663 --> 00:05:35.053 whatever, and I need you to reformat your reformat that box because it's it's got 00:05:35.053 --> 00:05:38.883 malware on it that disclosed corporate credentials or cookies or whatever. 00:05:39.273 --> 00:05:39.483 Yeah. 00:05:39.933 --> 00:05:41.883 Wade Wells: To your point to to give you a little more credit. 00:05:41.883 --> 00:05:46.553 So I did raise my hand up and I was like, oh, I'm the CTI instructor at Antis 00:05:46.553 --> 00:05:50.533 Siphon, and you did let me come on and defend CTI and then you, were, all for it. 00:05:50.533 --> 00:05:50.833 So 00:05:51.163 --> 00:05:55.233 Not more of just poking fun, but with, definitely with the. 00:05:55.733 --> 00:05:56.993 Imaging stuff. 00:05:57.493 --> 00:06:01.363 Now, especially with more remote work, like I, when I, one of the big 00:06:01.363 --> 00:06:04.513 corporate overlords I used to work at, if there was any signs of malware, it 00:06:04.513 --> 00:06:07.573 wasn't even a question like, oh, we're gonna get, no, you just go get a new 00:06:07.573 --> 00:06:09.613 PC where we're wiping you complete. 00:06:09.973 --> 00:06:13.633 Nowadays, I don't think I've seen that since remote work at 00:06:13.633 --> 00:06:15.073 all, at any of the orgs I'm at. 00:06:15.103 --> 00:06:19.323 And it'd be much harder, like I've been nuked twice by antivirus 00:06:19.353 --> 00:06:21.903 'cause of doing funny stuff and they have to send out a new Laptop. 00:06:22.403 --> 00:06:26.143 Jason Haddix: I think Josh, was it you that I was talking to at Wild West and we, 00:06:26.143 --> 00:06:31.203 were talking about the struggle to even get machines at the beginning of COVID. 00:06:31.233 --> 00:06:31.863 Was that you 00:06:31.953 --> 00:06:32.073 that I 00:06:32.573 --> 00:06:35.868 Josh Mason: No, but I, recognize that I saw that myself. 00:06:36.368 --> 00:06:38.798 Jason Haddix: There was a little while where we like we, I was a 00:06:38.798 --> 00:06:40.578 cso, UB Soft, and we, we need. 00:06:41.078 --> 00:06:42.728 needed machines for new employees. 00:06:42.728 --> 00:06:46.408 And during COVID, during the first year and a half, Dell 00:06:46.408 --> 00:06:48.028 wouldn't even sell us anymore. 00:06:48.528 --> 00:06:54.138 And so what it meant was everybody went home to work and we had new employees 00:06:54.138 --> 00:06:55.668 still coming on board during COVID. 00:06:56.118 --> 00:07:00.218 And now for a little while it meant that we asked them to 00:07:00.218 --> 00:07:01.748 use their personal devices, 00:07:01.928 --> 00:07:02.378 Wade Wells: Wow. 00:07:02.498 --> 00:07:03.338 Jason Haddix: were pre-owned. 00:07:03.788 --> 00:07:04.178 Wade Wells: Yeah. 00:07:04.358 --> 00:07:04.778 Josh Mason: Yeah. 00:07:05.278 --> 00:07:08.888 Jason Haddix: Yeah, so it's, not an easy question with, that blip of 00:07:08.888 --> 00:07:12.298 three years, three and a half years too, that that happened to where 00:07:12.298 --> 00:07:13.918 everybody like moved to remote work. 00:07:14.368 --> 00:07:17.608 It's, an infinitely hard balance to, do. 00:07:17.698 --> 00:07:18.028 Yeah. 00:07:18.378 --> 00:07:24.218 Josh Mason: Oh, so much I was a government contractor at the time and there was 00:07:24.278 --> 00:07:30.358 so much of, you definitely can't log in from your personal and to do stuff. 00:07:30.858 --> 00:07:33.408 That was a real difficult thing to do. 00:07:33.908 --> 00:07:34.178 Yeah. 00:07:34.678 --> 00:07:34.798 Jason Haddix: Yeah. 00:07:35.298 --> 00:07:36.828 Wade Wells: I wonder, I never even looked at, so I wondered if the 00:07:36.828 --> 00:07:39.468 VDI market like spiked then, right? 00:07:39.948 --> 00:07:40.428 Josh Mason: Oh yeah. 00:07:40.573 --> 00:07:40.793 Yes, 00:07:40.818 --> 00:07:41.508 Jason Haddix: thing we looked at. 00:07:41.628 --> 00:07:42.168 Wade Wells: Yeah. 00:07:42.293 --> 00:07:44.283 Josh Mason: a hundred percent because that was our 00:07:44.338 --> 00:07:44.428 Jason Haddix: we 00:07:44.603 --> 00:07:44.723 Josh Mason: solution. 00:07:44.788 --> 00:07:45.058 Jason Haddix: video. 00:07:45.558 --> 00:07:45.738 Wade Wells: Oh, okay. 00:07:46.218 --> 00:07:46.488 Jason Haddix: Yeah. 00:07:46.988 --> 00:07:50.408 We, I mean that we had so many employees that we had 22,000 employees, 00:07:50.408 --> 00:07:53.528 so the V, so any VDI solution that we would've pivoted to first of all 00:07:53.528 --> 00:07:55.678 would've taken forever to implement. 00:07:55.768 --> 00:07:59.418 And then second of all, would've been so expensive and crushed our 00:07:59.418 --> 00:08:01.608 security budget and our IT budget. 00:08:01.608 --> 00:08:01.788 And 00:08:02.288 --> 00:08:03.488 Wade Wells: And then you gotta hope those, 00:08:03.503 --> 00:08:03.863 Jason Haddix: it out. 00:08:04.088 --> 00:08:06.488 Wade Wells: you gotta hope those VDIs are then set up properly, right? 00:08:06.988 --> 00:08:07.963 Jason Haddix: There's management and like 00:08:08.008 --> 00:08:08.518 Wade Wells: yeah. 00:08:08.653 --> 00:08:09.073 Jason Haddix: and all that 00:08:09.088 --> 00:08:11.458 Wade Wells: Use a different golden image and you're like, wait a second, 00:08:11.533 --> 00:08:11.773 Jason Haddix: Yeah. 00:08:11.818 --> 00:08:13.318 Wade Wells: you're not supposed to have access to that. 00:08:13.348 --> 00:08:13.468 Yeah. 00:08:13.618 --> 00:08:14.158 Jason Haddix: Exactly. 00:08:14.158 --> 00:08:14.368 Yeah. 00:08:14.458 --> 00:08:14.878 Josh Mason: Yeah, 00:08:14.878 --> 00:08:17.428 Jason Haddix: let's pray that someone doesn't put a hard coded admin account 00:08:17.698 --> 00:08:20.958 on there and it's got a hash and then some low privileged user just 00:08:21.048 --> 00:08:22.743 pulls that sucker out there and Yeah. 00:08:23.243 --> 00:08:27.468 Josh Mason: the uh, instructors were happy because finally we had computers 00:08:27.468 --> 00:08:32.048 that we could mess with just for fun, that had Cali because we were 00:08:32.048 --> 00:08:36.938 using vSphere, and they just spun, or they just turned around and used the 00:08:36.968 --> 00:08:38.768 golden images that we had for classes. 00:08:39.268 --> 00:08:43.528 Just took those pools and just aot of them to us for usage 00:08:43.588 --> 00:08:45.148 to then log into the courses 00:08:45.648 --> 00:08:47.268 To allot them to students. 00:08:47.448 --> 00:08:49.948 So it was it was, I don't know. 00:08:50.188 --> 00:08:51.088 I wasn't in charge of it. 00:08:51.088 --> 00:08:53.608 I wasn't the vSphere admin, thank Goodness. 00:08:54.108 --> 00:08:54.348 yeah. 00:08:54.848 --> 00:08:55.478 But that was a mess. 00:08:55.978 --> 00:08:56.248 Wade Wells: All right. 00:08:56.748 --> 00:08:58.518 I have a good AI question for you. 00:08:59.018 --> 00:09:00.203 And when we discussed here before. 00:09:00.703 --> 00:09:02.653 So me as like a blue teamer, right? 00:09:02.653 --> 00:09:06.273 I've seen like the, Soar come up, right? 00:09:06.273 --> 00:09:08.043 And everyone's we're gonna automate everything. 00:09:08.193 --> 00:09:09.183 Everyone's gonna leave. 00:09:09.183 --> 00:09:11.313 No one's gonna have a job 'cause we're gonna be able to do it. 00:09:11.673 --> 00:09:15.683 I felt like in my, career, people did use Soar, but everyone was still 00:09:15.683 --> 00:09:19.903 scared to do like manual pushes and, blocks and stuff like that. 00:09:19.903 --> 00:09:22.273 Like I'd never seen someone go full bore with it. 00:09:22.633 --> 00:09:22.923 Jason Haddix: Okay. 00:09:22.933 --> 00:09:24.853 Wade Wells: I feel like people are thinking they're gonna do 00:09:24.853 --> 00:09:26.503 the same thing with AI now. 00:09:26.803 --> 00:09:29.293 But if like people didn't even use SOAR for that, why 00:09:29.293 --> 00:09:30.733 are they gonna trust AI more? 00:09:31.233 --> 00:09:32.043 Does that make sense? 00:09:32.048 --> 00:09:32.328 Alright. 00:09:32.828 --> 00:09:36.298 Jason Haddix: I think that, in the first two cohorts of attack 00:09:36.328 --> 00:09:39.858 of of Red Blue Purple ai which people don't know what that is. 00:09:39.858 --> 00:09:43.508 It's a course that we run we spend one day getting you from 00:09:43.508 --> 00:09:47.138 zero to hero to understanding the current kind of models and ways 00:09:47.138 --> 00:09:48.428 that you can consume those models. 00:09:48.428 --> 00:09:52.028 And then we spend a day talking about how to apply it to security roles. 00:09:52.528 --> 00:09:55.678 And and we look at some of the more cutting edge. 00:09:55.928 --> 00:09:58.398 Projects out there that are already using AI for blue teams, 00:09:58.398 --> 00:09:59.448 red teams, and purple teams. 00:09:59.948 --> 00:10:04.358 And so I feel like in that the the first few cohorts, I was very bullish on that 00:10:04.418 --> 00:10:07.258 it would happen very fast that we would. 00:10:07.758 --> 00:10:11.268 We would automate some of the detection work, some of the glue 00:10:11.268 --> 00:10:14.948 that puts those systems into other change management systems and asset 00:10:14.948 --> 00:10:16.358 systems and all this kinds of stuff. 00:10:16.358 --> 00:10:19.088 And it would really happen very quickly. 00:10:19.588 --> 00:10:24.748 Now since then, we have been like doing some consulting, going to organizations. 00:10:24.783 --> 00:10:28.413 As part of this new random service that we built called the an AI 00:10:28.413 --> 00:10:31.583 scaling Assessment where we go into a business and we're like, let's 00:10:31.583 --> 00:10:34.313 look at everything you're doing in security from a security point of view. 00:10:34.613 --> 00:10:37.343 And then I will, basically consult with them and say, here's where 00:10:37.343 --> 00:10:39.473 you can use AI for these teams. 00:10:39.973 --> 00:10:41.893 what I have started to learn over the course of doing these 00:10:41.893 --> 00:10:47.493 assessments is that, organizations move gally slow for change like this. 00:10:47.973 --> 00:10:53.223 And so I knew that from being a CISO in certain orgs, but it's even more 00:10:53.223 --> 00:10:56.583 apparent when you work with companies in the finance sector or in the 00:10:56.583 --> 00:10:59.943 healthcare sector or the automotive sector, which some of our, which 00:10:59.943 --> 00:11:01.113 are some of our biggest customers. 00:11:01.113 --> 00:11:04.853 And so Like it, it just, I have had to slow my role a 00:11:04.853 --> 00:11:06.113 little bit and be like, cool. 00:11:06.593 --> 00:11:09.773 Although the capability exists for you to do some of this cutting edge 00:11:09.773 --> 00:11:15.273 stuff, like using MCP to use natural language to execute investigations 00:11:15.273 --> 00:11:18.993 or to build custom dashboards or all this amazing stuff, it all exists. 00:11:19.493 --> 00:11:22.793 With a couple of with a couple of vendors and some open source stuff, 00:11:23.093 --> 00:11:25.583 it's in order to get that into any of these organizations, it's gonna 00:11:25.583 --> 00:11:26.963 take a year and a half, pretty much. 00:11:27.053 --> 00:11:27.343 Wade Wells: Yeah. 00:11:27.833 --> 00:11:28.523 Jason Haddix: at minimum. 00:11:29.023 --> 00:11:32.083 And so that was something I've been learning over my time with AI is 00:11:32.083 --> 00:11:34.213 that even if the tech is there, I. 00:11:34.633 --> 00:11:37.843 Sometimes the businesses are not ready to move, the security 00:11:37.843 --> 00:11:39.013 teams are not ready to move. 00:11:39.513 --> 00:11:42.603 And that, that's just the technology portion of it, like the implementation. 00:11:42.903 --> 00:11:46.323 There is also people inside of these organizations who are anti ai. 00:11:46.623 --> 00:11:49.203 And I've had a lot of this in my interviews with these security 00:11:49.203 --> 00:11:50.118 teams and they're like, I. 00:11:50.618 --> 00:11:53.738 They don't, first of all, they have some latent fear of being replaced. 00:11:54.238 --> 00:11:55.138 Which is normal. 00:11:55.138 --> 00:11:55.618 It's human. 00:11:55.618 --> 00:11:57.118 And that's totally a thing. 00:11:57.478 --> 00:12:01.498 And then also they've had bad interactions with their usage of AI where they, 00:12:01.498 --> 00:12:05.128 no one had really trained them how to use any of these models really well. 00:12:05.128 --> 00:12:07.938 So they tried to use it for something and it didn't work 00:12:07.938 --> 00:12:10.008 well, like the first two times. 00:12:10.248 --> 00:12:13.358 And then they were like, F ai, is so junk. 00:12:13.358 --> 00:12:16.528 Like it's never gonna take the place of anybody. 00:12:16.528 --> 00:12:21.168 And then you have other people who, Just like they inside of political, 00:12:21.168 --> 00:12:24.758 inside of political organizations, they try to protect their fiefdom from 00:12:24.758 --> 00:12:28.568 change because they have a well-oiled machine in operations or in the blue 00:12:28.568 --> 00:12:30.668 team or in the sock or whatever. 00:12:30.728 --> 00:12:34.238 And they finally have just gotten their product that they wanted in there. 00:12:34.238 --> 00:12:38.518 They finished all that onboarding and they don't want to change any part of 00:12:38.518 --> 00:12:43.348 that 'cause it basically gives them mental anguish to think about doing any change. 00:12:43.393 --> 00:12:43.593 Yeah. 00:12:44.093 --> 00:12:47.573 Wade Wells: I recently, okay, so I'm at a newer org. 00:12:48.073 --> 00:12:49.003 I meant one password. 00:12:49.243 --> 00:12:52.063 I've been there for almost coming up a little over six months. 00:12:52.243 --> 00:12:52.483 Yeah. 00:12:52.513 --> 00:12:52.663 Yeah. 00:12:52.843 --> 00:12:53.203 Thank you. 00:12:53.233 --> 00:12:53.443 Jason Haddix: Yeah. 00:12:53.943 --> 00:12:54.783 Wade Wells: It's pretty fun. 00:12:55.263 --> 00:12:58.983 We're right off the bat, so we're very project oriented project and like 00:12:59.013 --> 00:13:00.453 making issues and stuff like that. 00:13:00.453 --> 00:13:02.523 And for security, like I haven't seen. 00:13:03.023 --> 00:13:05.663 close of like more of a developer life cycle than anywhere else. 00:13:05.903 --> 00:13:06.203 Jason Haddix: Yeah. 00:13:06.203 --> 00:13:09.533 Wade Wells: right off the bat, my boss tells me is Hey, your issues are lacking. 00:13:09.533 --> 00:13:10.913 Like you need to be more verbose. 00:13:10.913 --> 00:13:12.923 You need to be better, like what you're gonna do with them. 00:13:13.193 --> 00:13:13.848 And I'm like, oh, okay. 00:13:14.348 --> 00:13:15.278 didn't make new issues. 00:13:15.308 --> 00:13:19.778 I just made a, I made a, good bot that to I give it the idea, here's 00:13:19.778 --> 00:13:23.138 the template and then the, best part is he came back to me, he's 00:13:23.258 --> 00:13:25.058 dude, you're rocking it on issues. 00:13:25.208 --> 00:13:26.708 And I'm like, oh no, I made a bot for that. 00:13:27.158 --> 00:13:27.638 Here, it is. 00:13:27.643 --> 00:13:29.108 And he is just give this to the team. 00:13:29.258 --> 00:13:32.348 Everyone's just gonna use this for issues now because everyone else. 00:13:32.348 --> 00:13:33.338 So stuff like that 00:13:33.668 --> 00:13:33.998 Jason Haddix: Yeah. 00:13:34.088 --> 00:13:36.398 Wade Wells: just I'm not seeing enough people that call out the little 00:13:36.398 --> 00:13:37.778 things that you can use it, that are 00:13:38.048 --> 00:13:38.768 Josh Mason: Oh my gosh. 00:13:39.268 --> 00:13:41.098 We're huge on that Here. 00:13:41.598 --> 00:13:47.968 our big thing, man, over the summer was like, if you we have, you know, 00:13:47.968 --> 00:13:54.433 a, an enterprise AI for like everyone to use, like use that one for work. 00:13:54.933 --> 00:13:57.153 And, use it for as much as you can. 00:13:57.213 --> 00:14:02.423 It's got all the features, so like that puts all the fences on it that 00:14:02.903 --> 00:14:04.133 I don't know, someone signed off On. 00:14:04.633 --> 00:14:08.223 and, uh, the CT like CTO and CEO signed off on it. 00:14:08.583 --> 00:14:11.673 And so it's got all the features, we've checked it out, like it's 00:14:11.673 --> 00:14:14.393 got the fences, so thus, use it. 00:14:14.893 --> 00:14:16.723 And for the small things, for the big things. 00:14:17.223 --> 00:14:19.413 I ran deep research like 20 times this week 00:14:19.913 --> 00:14:23.263 On like crazy ideas and I'm, yeah. 00:14:23.503 --> 00:14:27.973 Because I got, I'm taking over like the company podcast as well, because 00:14:27.988 --> 00:14:28.348 Jason Haddix: cool. 00:14:28.573 --> 00:14:30.343 Josh Mason: you can never have too many podcasts, in my opinion. 00:14:30.843 --> 00:14:31.323 Jason Haddix: Everywhere. 00:14:31.323 --> 00:14:32.463 Just Josh, you're crazy. 00:14:32.963 --> 00:14:33.688 Josh Mason: I'm bored and 00:14:34.188 --> 00:14:36.113 Jason Haddix: You talk to my wife more on signal than you talk to me. 00:14:36.543 --> 00:14:39.663 Josh Mason: whoa, whoa, that's gonna, that's gonna be weird. 00:14:40.163 --> 00:14:41.483 That is not true. 00:14:41.983 --> 00:14:42.823 Hi, Julia. 00:14:43.273 --> 00:14:43.873 You're great. 00:14:44.373 --> 00:14:45.573 Jason Haddix: and Julia hi. 00:14:46.073 --> 00:14:46.343 Wade Wells: Yeah. 00:14:46.843 --> 00:14:48.373 Josh Mason: That does sound really weird. 00:14:48.523 --> 00:14:49.333 You gotta admit. 00:14:49.833 --> 00:14:50.163 Yeah. 00:14:50.163 --> 00:14:51.843 The autistic in me is just like that. 00:14:51.843 --> 00:14:53.253 I don't know how to respond to this. 00:14:53.283 --> 00:14:53.613 Okay. 00:14:54.113 --> 00:14:58.163 for everyone who's listening, Jason and Julia are really awesome and, uh. 00:14:58.658 --> 00:14:59.708 Yeah, we're all good friends. 00:15:00.208 --> 00:15:03.508 But Jason's really freaking busy and so Julia handles scheduling anyways. 00:15:04.008 --> 00:15:05.148 Um, okay. 00:15:05.538 --> 00:15:07.298 Whew, way to ask something. 00:15:07.798 --> 00:15:08.428 Wade Wells: Oh man. 00:15:08.928 --> 00:15:10.398 Man, ask something. 00:15:10.458 --> 00:15:13.868 What do you think about I've been looking at all the good, like the new 00:15:13.868 --> 00:15:17.078 detection stuff that's been coming out more for ai, like detections.ai 00:15:17.108 --> 00:15:20.708 we had like their field ciso, Aaron on and stuff like that. 00:15:21.068 --> 00:15:22.838 What do you think about those for right now? 00:15:22.838 --> 00:15:24.488 Do you think that's just natural progression? 00:15:24.778 --> 00:15:24.958 Jason Haddix: I think 00:15:24.988 --> 00:15:25.228 Wade Wells: Yeah. 00:15:25.728 --> 00:15:28.778 Jason Haddix: I think that the I wrote an article on this a while back and 00:15:28.778 --> 00:15:32.828 it was like the, it was also from this experience of going into orgs 00:15:32.828 --> 00:15:36.718 and talking to 'em about ai and I feel like there's there's an adoption. 00:15:37.218 --> 00:15:39.438 Ladder or something like that, whatever you want to call it. 00:15:39.938 --> 00:15:43.878 Stages of adoption and they will be blocked by different things. 00:15:43.878 --> 00:15:46.548 But the stages are, really clear, at least in my mind. 00:15:46.548 --> 00:15:49.328 And it's okay, so I mean you remember when you took Red, blue, 00:15:49.328 --> 00:15:52.208 purple AI and the first thing we talk about is just building A GPT 00:15:52.248 --> 00:15:52.538 Wade Wells: Yeah. 00:15:52.838 --> 00:15:53.228 Jason Haddix: how important. 00:15:53.728 --> 00:15:55.048 System prompts are right. 00:15:55.078 --> 00:16:00.288 And we teach a custom prompt engineering methodology in that class. 00:16:00.288 --> 00:16:03.518 And I've talked about it in talks before, but I really haven't released 00:16:03.518 --> 00:16:04.928 it or anything other than in the class. 00:16:04.928 --> 00:16:07.798 But but prompting is really important. 00:16:07.798 --> 00:16:11.248 So like most orgs they have access to, like what Josh was saying was like, okay, 00:16:11.248 --> 00:16:15.358 we buy access to a co to, or we have Microsoft and we've turned on copilot 00:16:15.358 --> 00:16:16.738 everybody so everybody can make Copilots. 00:16:17.238 --> 00:16:21.858 So the first kind of adoption is building what we call custom bots, right? 00:16:21.858 --> 00:16:25.668 Which is just adding a system prompt to do a task or to build a 00:16:25.668 --> 00:16:28.218 bot to do a single task in copilot. 00:16:28.718 --> 00:16:30.598 And so that's like, level one adoption. 00:16:31.098 --> 00:16:34.488 Like at the end tail level, one odd option you might add rag to it, right? 00:16:34.488 --> 00:16:38.058 Where you add custom documents or data sources to that bot. 00:16:38.058 --> 00:16:40.488 So it can basically have answers to questions that 00:16:40.488 --> 00:16:41.508 are not in the training data. 00:16:41.808 --> 00:16:45.998 And so that's at the end of your kind of like stage one journey. 00:16:46.148 --> 00:16:50.108 And then you move on to stage two where you do things like agents where you break 00:16:50.108 --> 00:16:54.278 out a whole system which has access to individual little bots that do individual 00:16:54.278 --> 00:16:56.048 things and bring them back into a plan. 00:16:56.548 --> 00:17:00.873 and I think right now the general industry at large is still at the tail 00:17:00.873 --> 00:17:04.743 end of probably that first stage where you know, people are starting to learn, 00:17:04.773 --> 00:17:08.313 oh damn, like AI is now good enough to write detection, engineering rules 00:17:08.313 --> 00:17:13.083 in my favorite tool, or help me build signatures or even help me like make 00:17:13.083 --> 00:17:17.348 my EDR better by like doing custom stuff that was never available to me. 00:17:17.423 --> 00:17:19.253 I see this in the red team side all the time. 00:17:19.253 --> 00:17:22.213 It's like I see red teams who didn't have the money to. 00:17:22.713 --> 00:17:26.873 As part of their team, have a tool developer who did custom tooling 00:17:26.873 --> 00:17:30.503 or build custom phishing frameworks or do all this stuff that they 00:17:30.503 --> 00:17:31.853 just, they couldn't do it before. 00:17:32.153 --> 00:17:36.943 And now with ai, they're able to do a lot of this stuff which is, really cool. 00:17:37.443 --> 00:17:42.533 Which often requires a lot of knowledge of some C two or whatever. 00:17:42.533 --> 00:17:46.753 And yeah, so I see a lot of people at that end stage right now in, in the industry. 00:17:47.253 --> 00:17:51.003 Wade Wells: I haven't seen as much talk about or at least in the blue team 00:17:51.003 --> 00:17:55.353 phase, like I don't feel enough people talk about like how essential using rag. 00:17:55.718 --> 00:17:58.418 Is in order to like really build yourself up. 00:17:58.643 --> 00:17:59.093 Jason Haddix: Yeah. 00:17:59.593 --> 00:18:03.133 Wade Wells: I've, I have pretty much profiles of my entire company. 00:18:03.133 --> 00:18:07.453 Our entire tool sack, our logging, how, what's the fields in those 00:18:07.453 --> 00:18:09.223 logs provided that to a bot. 00:18:09.223 --> 00:18:13.003 And now when you wanna build detection, it tells you exactly what logs, the query, 00:18:13.003 --> 00:18:17.913 the, and it's amazing that I I don't know why more people aren't doing it, or people 00:18:17.913 --> 00:18:22.413 at least explaining the customization at some of these like blue team talks, but. 00:18:22.518 --> 00:18:25.908 Jason Haddix: I think that the domain has gone past prompt engineering to now 00:18:25.908 --> 00:18:27.258 what we call context engineering, right? 00:18:27.258 --> 00:18:28.188 Which includes rag, it's 00:18:28.688 --> 00:18:30.943 The whole context engineering thing is, it's a really simple idea. 00:18:30.943 --> 00:18:34.533 It's like how do you add information on top of the model? 00:18:34.893 --> 00:18:41.073 To make the purpose of your bots or your your API call or whatever. 00:18:41.573 --> 00:18:41.843 Way 00:18:41.843 --> 00:18:42.148 better. 00:18:42.648 --> 00:18:44.658 One of the classes that we're building right now is not 00:18:44.658 --> 00:18:45.738 actually a security class. 00:18:45.738 --> 00:18:46.998 It is a class just on that. 00:18:47.028 --> 00:18:47.628 And it's 00:18:47.673 --> 00:18:47.853 Josh Mason: Wow. 00:18:47.898 --> 00:18:49.368 Jason Haddix: do context engineering. 00:18:49.868 --> 00:18:51.878 And it's like rag is one you said, right? 00:18:51.878 --> 00:18:54.688 And How to do really good prompt engineering. 00:18:54.688 --> 00:18:55.888 And what we did is we went out 00:18:55.933 --> 00:18:56.223 Josh Mason: Stop. 00:18:56.578 --> 00:18:59.488 Jason Haddix: at all of these AI first companies and eventually 00:18:59.488 --> 00:19:02.598 their system prompts get leaked on the internet and to GitHub. 00:19:02.598 --> 00:19:05.478 And so we started reverse engineering them and being like, okay, this is 00:19:05.478 --> 00:19:08.058 how they're calling tools reliably. 00:19:08.058 --> 00:19:11.328 This is how they're structuring order of operations for. 00:19:11.773 --> 00:19:15.403 The ai, this is how their agent architecture looks like. 00:19:15.903 --> 00:19:18.333 This is how their rag looks like where they're pulling 00:19:18.333 --> 00:19:19.263 it, how they're pulling it. 00:19:19.263 --> 00:19:21.603 And then we also did that from the model vendors as too. 00:19:21.933 --> 00:19:24.123 So like the model vendors have their system prompt, right? 00:19:24.123 --> 00:19:26.753 There's two layers of system prompt that you know are in. 00:19:26.753 --> 00:19:28.613 Anytime you use open ai, there's the. 00:19:29.113 --> 00:19:31.783 the one set by OpenAI, and then there's also the one set by the 00:19:31.783 --> 00:19:35.083 user, and then you know, the use and then the, or the developer, 00:19:35.083 --> 00:19:36.433 and then the user chats with it. 00:19:36.933 --> 00:19:40.373 All of the model vendors system prompts have also been leaked. 00:19:40.373 --> 00:19:42.833 So we started looking in there too and being like, okay, what 00:19:42.833 --> 00:19:46.403 are the best practices that they use to make these bots better? 00:19:46.403 --> 00:19:52.873 And so it is I don't have any benchmark data or ever whatever, but after doing 00:19:52.873 --> 00:19:57.863 all that research and and implementing some of those things like rag I think 00:19:58.013 --> 00:20:01.493 in, even in the second cohort, we might have said examples of what you want 00:20:01.493 --> 00:20:03.143 output to look like is really important, 00:20:03.143 --> 00:20:03.218 like 00:20:03.718 --> 00:20:03.838 Wade Wells: Yeah. 00:20:03.893 --> 00:20:04.643 Jason Haddix: examples. 00:20:05.063 --> 00:20:09.253 I think we, we said that in the course and and just like structured system prompting 00:20:09.253 --> 00:20:13.273 and like tool calling URLs, all this stuff and like metadata fields that you can add. 00:20:13.753 --> 00:20:15.313 It's like it's night and day difference. 00:20:15.313 --> 00:20:15.943 It is I 00:20:16.018 --> 00:20:16.308 Wade Wells: Yeah. 00:20:16.423 --> 00:20:19.873 Jason Haddix: just in my head, like a 20 percentile effectiveness, 00:20:19.873 --> 00:20:21.193 like increase from just. 00:20:21.558 --> 00:20:23.208 Asking a straight question to the model 00:20:23.653 --> 00:20:24.013 Wade Wells: Oh yeah. 00:20:24.193 --> 00:20:24.523 Yeah. 00:20:24.973 --> 00:20:29.533 Have you seen any other ones telling their bots to use methamphetamines? 00:20:30.033 --> 00:20:31.473 Jason Haddix: I have not for a little while. 00:20:31.863 --> 00:20:36.293 Yeah, so what he is referring to is one of the is one of the tricks in, I guess 00:20:36.293 --> 00:20:40.253 it was prompt engineering at the time, but there was some white paper studies about. 00:20:40.503 --> 00:20:45.453 Urgency prompting of which one was telling your AI that it was on methamphetamines. 00:20:45.753 --> 00:20:49.673 And so that was one of the, what we called in the course, we called 00:20:49.673 --> 00:20:52.043 it like silly machine tricks, 00:20:52.343 --> 00:20:52.563 Josh Mason: Ah. 00:20:52.823 --> 00:20:55.213 Jason Haddix: that we have in our methodology. 00:20:55.713 --> 00:21:00.573 I still use that today and I don't know if my bots that I published publicly would 00:21:00.573 --> 00:21:03.243 be as good as they are if they didn't have all those little tricks in them. 00:21:03.243 --> 00:21:03.723 Honestly. 00:21:03.723 --> 00:21:03.933 And 00:21:04.093 --> 00:21:04.363 Wade Wells: Yeah. 00:21:04.413 --> 00:21:09.463 Jason Haddix: couple new ones I think in the class that, that we have added 00:21:09.963 --> 00:21:12.603 but we have also removed a couple too. 00:21:12.993 --> 00:21:14.433 Yeah it's a evolving field. 00:21:14.433 --> 00:21:17.253 Sometimes the models get good enough, you don't need things like that anymore. 00:21:17.753 --> 00:21:21.263 And it's hard to know when too, to really, to remove the silly machine 00:21:21.263 --> 00:21:26.223 tricks because the the you have to do a bunch of benchmarking in order to figure 00:21:26.223 --> 00:21:27.753 out, like if it's having an effect. 00:21:27.873 --> 00:21:30.213 And sometimes we don't have time to do that benchmarking, like right away, 00:21:30.618 --> 00:21:34.628 Josh Mason: yeah, I have like my stupid trick with GPT five 00:21:34.658 --> 00:21:36.578 is think hard about that. 00:21:37.078 --> 00:21:41.748 So that it'll use the pro and then, tell it to go out and search the internet 00:21:41.748 --> 00:21:46.648 to find the, find examples so that it won't just like hallucinate on whatever 00:21:46.648 --> 00:21:48.568 it's trained and it'll go find proof. 00:21:49.068 --> 00:21:51.498 Uh, when you were talking about your new course, I was like, oh 00:21:51.498 --> 00:21:52.728 man, I really want to do that. 00:21:53.118 --> 00:21:57.048 And then it hit me that, uh, I'm going to learn how to do that and 00:21:57.048 --> 00:22:01.298 I'm just going to use it to use a rag to work on my DD campaign. 00:22:01.688 --> 00:22:02.018 And. 00:22:02.228 --> 00:22:02.648 Wade Wells: Oh, yeah. 00:22:02.888 --> 00:22:03.158 Yeah. 00:22:03.658 --> 00:22:05.428 You don't even need a DM anymore. 00:22:05.428 --> 00:22:07.608 You just feed it all to the, bot, and then 00:22:07.608 --> 00:22:07.713 you're 00:22:08.213 --> 00:22:08.348 So and 00:22:08.363 --> 00:22:08.903 Josh Mason: look. 00:22:09.158 --> 00:22:09.818 Wade Wells: What's next? 00:22:09.818 --> 00:22:10.043 Dude? 00:22:10.463 --> 00:22:11.098 Josh Mason: No, Nah. 00:22:11.558 --> 00:22:12.418 It, oh. 00:22:12.488 --> 00:22:12.938 Wade Wells: good enough. 00:22:12.938 --> 00:22:13.568 It's good enough. 00:22:13.568 --> 00:22:15.488 You just drop, you go get a PDF of 00:22:15.988 --> 00:22:16.108 Jason Haddix: the, 00:22:16.213 --> 00:22:16.363 Wade Wells: The 00:22:16.363 --> 00:22:18.553 Dungeons Master Handbook and drop it in. 00:22:19.053 --> 00:22:19.263 Jason Haddix: Yeah. 00:22:19.763 --> 00:22:20.063 Yeah. 00:22:20.408 --> 00:22:25.148 Wade Wells: one, one aspect that I have I, know is giddy is starting to be a little 00:22:25.148 --> 00:22:29.008 bit more a little bit more mainstream is like defending your prompts, right? 00:22:29.008 --> 00:22:31.018 And making sure people can't reverse engineer them. 00:22:31.463 --> 00:22:31.753 Jason Haddix: Yeah. 00:22:32.158 --> 00:22:34.558 Wade Wells: to give an example we all know FedEx. 00:22:35.058 --> 00:22:40.838 I have a well-known bot that does the Palantir's a DS framework and you to 00:22:40.838 --> 00:22:43.688 give it a detection, it completely fills out the whole framework for you. 00:22:44.048 --> 00:22:47.228 And then one day FedEx came to me, he is Hey, here's your exact prompt for this. 00:22:47.228 --> 00:22:51.768 And I'm like, not upset about it but should I be protecting this? 00:22:51.768 --> 00:22:52.548 And he's yeah, man. 00:22:52.578 --> 00:22:53.388 This is your thoughts. 00:22:53.388 --> 00:22:54.558 This is, I'm like, ah, all right. 00:22:54.708 --> 00:22:54.948 What do 00:22:55.023 --> 00:22:55.743 Josh Mason: That's a good point. 00:22:55.743 --> 00:22:56.253 Yeah. 00:22:56.583 --> 00:22:58.353 At what point does a prompt become ip? 00:22:58.853 --> 00:22:59.123 Jason Haddix: yeah. 00:22:59.333 --> 00:23:01.193 So this has been a discussion since the beginning of. 00:23:01.693 --> 00:23:06.783 Of like basically the GPT store and and I think a lot of people originally 00:23:06.783 --> 00:23:09.573 thought, oh, the GPT store on OpenAI. 00:23:10.053 --> 00:23:14.313 It it's basically a user sets up a system prompt and then publishes a bot. 00:23:14.313 --> 00:23:16.233 And so a lot of people have done it and originally they thought they 00:23:16.233 --> 00:23:17.643 were gonna monetize those bots. 00:23:17.643 --> 00:23:24.283 But think that prompt injection being so to use and there's so many bypasses 00:23:24.283 --> 00:23:29.043 to any security control, you even put in the prompt that, you know in when that 00:23:29.043 --> 00:23:33.363 simplistic model of like just a user interacting with one bot and there's no 00:23:33.363 --> 00:23:36.993 classifier or guardrail in the middle or anything, system, prompt level, 00:23:36.993 --> 00:23:41.343 detect protections are like the least effective out of everything basically. 00:23:41.343 --> 00:23:43.833 And so there's always gonna be a way to. 00:23:44.333 --> 00:23:45.563 To dump the system prompt. 00:23:46.063 --> 00:23:50.553 And a lot of the times when you're thinking about defense of system prompts 00:23:50.553 --> 00:23:54.503 or just defending an AI system in general I think I tweeted about it this morning. 00:23:54.503 --> 00:23:57.863 It's like you have to shift away from your normal security mindset of like 00:23:57.863 --> 00:24:00.383 input, validation, because that's where we all go immediately, right? 00:24:00.468 --> 00:24:01.368 Wade Wells: Yeah, I was 00:24:01.493 --> 00:24:01.643 Jason Haddix: app 00:24:02.118 --> 00:24:03.528 Wade Wells: a AI waf, right? 00:24:03.828 --> 00:24:08.373 Jason Haddix: And You're like, oh I'm gonna use I saw some guy no, no 00:24:08.373 --> 00:24:11.553 fault of his, he's a great researcher, but I saw him post on LinkedIn 00:24:11.553 --> 00:24:14.223 and he is he's this is just the same problem we had with web apps. 00:24:14.223 --> 00:24:18.403 And it's we're just gonna make sure that special characters can't 00:24:18.403 --> 00:24:20.323 go through a system or whatever. 00:24:20.623 --> 00:24:25.083 And so I was trying to think about oh, he comes from. 00:24:25.583 --> 00:24:31.063 The web app world and like input input malicious input, detection and then 00:24:31.063 --> 00:24:34.663 output and coding are the the two big things that you learn when you're in 00:24:34.663 --> 00:24:38.353 web apps and, even other protocols when you're hacking other types of stuff. 00:24:38.353 --> 00:24:41.933 But I really feel that input validation. 00:24:42.433 --> 00:24:46.633 Is a losing game with AI because natural language has so many, like a natural 00:24:46.633 --> 00:24:48.403 language system has so many bypasses. 00:24:48.673 --> 00:24:51.553 And like even if you block all special characters, like some of 00:24:51.553 --> 00:24:54.703 the techniques, you can literally just describe them with words. 00:24:55.203 --> 00:24:59.283 And so there's always gonna be a creative bypass in this type of system. 00:24:59.613 --> 00:25:01.833 And so really I feel like a lot of people need to move. 00:25:02.058 --> 00:25:07.118 Move towards like classifiers and guardrails in line with your AI system. 00:25:07.618 --> 00:25:12.318 And those are basically sentiment analysis to see on the output. 00:25:12.618 --> 00:25:14.658 It's okay, does this look like a normal response? 00:25:14.658 --> 00:25:16.878 We usually give the user yes, no. 00:25:17.028 --> 00:25:17.328 Okay. 00:25:17.328 --> 00:25:19.128 Return it to them or Yes. 00:25:19.458 --> 00:25:20.178 Return it to them. 00:25:20.178 --> 00:25:21.588 No, it has like. 00:25:22.088 --> 00:25:26.638 Random agent data, it has all this stuff, no drop, connection or whatever. 00:25:26.638 --> 00:25:30.558 And I think that is a mind shift that a lot of the security people 00:25:31.058 --> 00:25:33.268 are gonna have to make in, this era. 00:25:33.268 --> 00:25:38.128 But of guardrails, classifiers, and prompt based protections, prompt 00:25:38.128 --> 00:25:40.198 based protections are the weakest. 00:25:40.698 --> 00:25:42.078 Usually you're able to bypass them. 00:25:42.578 --> 00:25:45.308 I still think they play a role in defense in depth. 00:25:45.398 --> 00:25:50.488 If you have all three of those and you are also doing several stages 00:25:50.488 --> 00:25:54.888 of routing for a user question does it satisfy these requirements? 00:25:55.128 --> 00:25:56.718 Does it contain these keywords? 00:25:56.838 --> 00:26:00.468 Okay, then I'm gonna route it to the LLM instead of just directly to the LLM. 00:26:00.968 --> 00:26:02.528 If you have all four of those things. 00:26:03.028 --> 00:26:04.018 really hard to crack. 00:26:04.228 --> 00:26:06.478 I've been up against a couple systems really recently that 00:26:06.478 --> 00:26:07.468 had all four of those things. 00:26:07.468 --> 00:26:10.258 So LM based routing that was contextual. 00:26:10.468 --> 00:26:13.408 A classifier, guardrail and system prompt defenses. 00:26:13.678 --> 00:26:15.828 And it was an extremely hard test. 00:26:15.858 --> 00:26:17.438 Extremely hard yeah. 00:26:17.633 --> 00:26:17.873 Josh Mason: Wow. 00:26:18.373 --> 00:26:20.233 Wade Wells: I love the defense in depth reference. 00:26:20.413 --> 00:26:20.983 That's it. 00:26:20.983 --> 00:26:25.573 Like I, I ha The only thing I have thought about that too is exactly 00:26:25.573 --> 00:26:29.173 what you said, like the web app, the waf just like monitoring that. 00:26:29.173 --> 00:26:31.443 But all those other parts that's, pretty crazy. 00:26:31.943 --> 00:26:35.383 Josh Mason: Yeah I've got one of our researchers who I get to 00:26:35.383 --> 00:26:37.213 interview about a zero day that. 00:26:37.713 --> 00:26:41.153 He gets to publish on Tuesday and I'm, excited. 00:26:41.153 --> 00:26:42.563 It's fixed. 00:26:42.563 --> 00:26:46.453 He was demoing it to me and all of a sudden like it stopped working. 00:26:46.953 --> 00:26:48.003 I was like, oh, sick. 00:26:48.503 --> 00:26:50.183 He's got videos of it working. 00:26:50.448 --> 00:26:50.708 Wade Wells: Good. 00:26:51.208 --> 00:26:51.538 Josh Mason: Yeah. 00:26:51.838 --> 00:26:53.158 But it's pretty wild. 00:26:53.658 --> 00:26:54.763 Yeah, and it's good that it's fixed. 00:26:55.263 --> 00:26:57.263 Jason Haddix: I was talking to someone the other day. 00:26:57.263 --> 00:27:01.513 I was telling him that one of our researchers on the team, he found 00:27:01.513 --> 00:27:03.613 like on one of the, I'm not gonna say which one, but one of the 00:27:03.613 --> 00:27:05.383 biggest model vendors out there. 00:27:05.383 --> 00:27:10.203 He found a mass assignment vulnerability, which is I think the first time in, an API 00:27:10.203 --> 00:27:12.363 chat completion or an AI chat completion. 00:27:12.363 --> 00:27:17.503 API I think has had a mass assignment vulnerability in that kind of structure. 00:27:17.503 --> 00:27:21.783 And so I like to tell people we're still in the infancy kind 00:27:21.783 --> 00:27:24.723 of stage where we're finding bugs with these systems at every layer. 00:27:24.723 --> 00:27:28.383 And it'll be like that for the next probably year and a half, two years. 00:27:28.383 --> 00:27:31.893 And it's a great place to do research if you, like doing research and you 00:27:31.893 --> 00:27:35.553 wanna dive into something, there's a whole stack of stuff you could look at. 00:27:35.553 --> 00:27:37.623 You could look at the models, you could look at all of the. 00:27:38.123 --> 00:27:42.553 Apps around the models you can look at prompt based detection, 00:27:42.553 --> 00:27:45.613 prompt based hacking prompt injection methods, like there's so 00:27:45.613 --> 00:27:46.723 much research going on right now. 00:27:46.723 --> 00:27:50.538 It is so cool to go to the conferences and see so many talks yeah. 00:27:51.038 --> 00:27:51.578 Josh Mason: Where's. 00:27:51.598 --> 00:27:52.498 Wade Wells: we're at a time. 00:27:52.798 --> 00:27:53.128 Are do, 00:27:53.563 --> 00:27:54.283 Josh Mason: You asked. 00:27:54.283 --> 00:27:58.123 First, you ask yours and then I'll wrap up with mine because it'll sound. 00:27:58.588 --> 00:28:02.808 Wade Wells: we end the podcast on one question, whereas what's one piece of 00:28:02.808 --> 00:28:04.878 advice you'd give a blue teamer right now? 00:28:05.058 --> 00:28:08.658 Could be someone just starting out, someone with years of experience. 00:28:08.663 --> 00:28:09.153 Doesn't matter. 00:28:09.653 --> 00:28:14.003 Jason Haddix: I guess it's to embrace this new tech, right? 00:28:14.003 --> 00:28:18.753 I think that I meet a lot of people who, you know on, whatever side 00:28:18.753 --> 00:28:22.743 blue or whatever, but who just are not ready to accept that this is 00:28:22.743 --> 00:28:25.773 a mainstream piece of technology that we're all gonna have to use. 00:28:26.273 --> 00:28:28.283 I, fear for people who are very. 00:28:28.783 --> 00:28:30.223 to adopt it just as a tool. 00:28:30.223 --> 00:28:32.713 You don't need to make it your whole life, but understand that it is a 00:28:32.713 --> 00:28:36.403 powerful tool that can do small functions of your job really well and make you 00:28:36.403 --> 00:28:36.733 faster. 00:28:37.233 --> 00:28:40.743 I don't see many complete automations of people out of their jobs right now. 00:28:40.743 --> 00:28:43.383 That is the narrative, but I don't see many of 'em right now. 00:28:43.383 --> 00:28:44.793 There's still human in the loop. 00:28:45.293 --> 00:28:49.793 over the place, but it does make good people fantastic. 00:28:49.853 --> 00:28:51.713 And so embrace the technology. 00:28:51.713 --> 00:28:56.153 Take there's hundreds of getting started with AI classes out there that 00:28:56.153 --> 00:28:58.463 are completely free YouTube channels. 00:28:58.643 --> 00:29:02.033 Just learn how to use some of the front some of the frontier models. 00:29:02.273 --> 00:29:04.223 And then as like we do in the class, right? 00:29:04.223 --> 00:29:07.523 Take your job and think about what are the things I do day to day? 00:29:07.523 --> 00:29:10.423 And then rank them about like, how annoying they are to you. 00:29:10.923 --> 00:29:12.873 It's like what, in this. 00:29:13.373 --> 00:29:18.713 like super annoying or requires me to like transpose data or like glue together 00:29:18.713 --> 00:29:23.663 two systems and then just start chipping away at those micro problems using 00:29:23.663 --> 00:29:26.363 AI and you'll become like a rockstar. 00:29:26.863 --> 00:29:27.003 You just. 00:29:27.383 --> 00:29:28.763 You just do, you build tools. 00:29:29.263 --> 00:29:32.443 You have a bot that helps you do things and then you share it with your team. 00:29:32.943 --> 00:29:36.693 And that, and then when like later on we do get to some automation stuff or 00:29:36.693 --> 00:29:40.133 people are getting displaced maybe, which I don't think we're, it's 00:29:40.133 --> 00:29:43.643 gonna be like crazy, but if it does happen, you're the person they call. 00:29:43.643 --> 00:29:45.443 They're like, oh yeah, you made that bot, you're a, you're our 00:29:45.443 --> 00:29:46.913 AI guy on the blue team, right? 00:29:47.413 --> 00:29:49.893 So, embrace the technology, it's a tool. 00:29:49.893 --> 00:29:53.553 Don't buy into the hype that it's gonna replace everybody and use it as, you Can. 00:29:54.053 --> 00:29:54.468 Josh Mason: Love it. 00:29:54.968 --> 00:29:55.898 My question is 00:29:56.058 --> 00:29:57.138 Wade Wells: last, wait, one last piece. 00:29:57.248 --> 00:29:57.548 Josh Mason: okay. 00:29:57.578 --> 00:29:57.818 Okay. 00:29:58.128 --> 00:29:58.578 Wade Wells: watch 00:29:58.808 --> 00:29:58.958 Josh Mason: yeah. 00:29:58.958 --> 00:29:58.968 Yeah. 00:29:59.388 --> 00:30:00.048 Wade Wells: on YouTube. 00:30:00.528 --> 00:30:00.918 Like 00:30:01.083 --> 00:30:01.363 Jason Haddix: Yeah. 00:30:01.363 --> 00:30:01.603 Yeah. 00:30:01.603 --> 00:30:04.728 Fire is a great content creator around tech and ai. 00:30:04.733 --> 00:30:04.923 Yeah. 00:30:05.298 --> 00:30:07.428 Wade Wells: When, you, I like from that class. 00:30:07.578 --> 00:30:11.178 I learned about him from that class and I've been watching it from then on, but. 00:30:11.268 --> 00:30:11.688 Jason Haddix: He's great. 00:30:11.688 --> 00:30:11.988 Yeah. 00:30:12.438 --> 00:30:12.888 Josh Mason: I love that. 00:30:12.888 --> 00:30:13.338 I love that. 00:30:13.838 --> 00:30:15.788 Where can people, uh, keep up with you? 00:30:15.908 --> 00:30:18.953 What's the best place to, uh, know where you're at, what you're doing? 00:30:19.453 --> 00:30:22.243 Jason Haddix: So I am at J Haddix on Twitter. 00:30:22.743 --> 00:30:26.403 So like my personal ramblings and sometimes our company stuff goes there. 00:30:26.403 --> 00:30:32.133 But our website is ARKanum, A-R-C-A-N-U m-sec.com, 00:30:32.493 --> 00:30:33.723 and we have a blog there. 00:30:34.223 --> 00:30:37.103 Where we talk about research, we also have some resources there. 00:30:37.403 --> 00:30:41.003 We have a GitHub where we have recently been pumping out tools and 00:30:41.003 --> 00:30:43.163 resource sheets for free for everyone. 00:30:43.663 --> 00:30:48.663 So if you find the AR, canem security ar canam information security GitHub, 00:30:48.753 --> 00:30:51.813 there's a bunch of resources on that now, especially on GitHub pages. 00:30:52.313 --> 00:30:53.663 So you can check us out there. 00:30:54.163 --> 00:30:57.433 And then we have a newsletter too, which is it's a newsletter 00:30:57.433 --> 00:30:58.783 called Executive Offense. 00:30:59.053 --> 00:31:02.563 And usually if we have a big tool release or a resource cheat sheet 00:31:02.563 --> 00:31:05.203 or something we're releasing, we'll release it on the newsletter. 00:31:05.203 --> 00:31:08.263 So if you find the Executive Offense newsletter written by Jay Haddocks, 00:31:08.563 --> 00:31:11.923 then you, won't ever you'll always see what we're putting out there. 00:31:12.423 --> 00:31:12.663 Josh Mason: Awesome. 00:31:12.753 --> 00:31:14.343 Those will all be in the show notes. 00:31:14.843 --> 00:31:17.933 So if you can hear it or see this you can find them There. 00:31:18.433 --> 00:31:20.353 Jason, thank you so much for joining us. 00:31:20.383 --> 00:31:22.393 Uh, hope to see you soon. 00:31:22.423 --> 00:31:26.173 Play some d and d, play some, uh, magic with you, uh, or at 00:31:26.173 --> 00:31:27.223 least have a drink and hang out. 00:31:27.723 --> 00:31:28.143 Thanks, Ben. 00:31:28.643 --> 00:31:29.123 Bye y'all. 00:31:29.623 --> 00:31:29.863 Wade Wells: See 00:31:29.973 --> 00:31:30.623 Josh Mason: you, Wade.