Can deception slow down autonomous AI attackers? We ran the experiment to find out.
Tracebit's Sam Cox (CTO & Co-Founder) and security researcher Alessandro Brucato sit down with Nick Reva, who leads security engineering at DoorDash, to walk through new research on using canaries against autonomous AI attackers.
We set 10 frontier AI models loose across 10 attack paths in an AWS environment to find out. Across 951 attack runs, AI reached admin privilege escalation in an average of 14 minutes - but canaries warned the defender before the attack landed in 95.9% of those runs, a median 8 minutes ahead of the attacker's first critical action. This session goes deeper in the findings, what they mean for defenders, and where the research goes next.
What you'll learn:
- How fast frontier AI models really move, escalating from low-privilege access to admin
- Why canaries give defenders a head start
- Why simply warning a model that deception may be present can cut full compromise
- What an assume-breach detection strategy looks like when attackers operate at AI speed
What is Canaries In The Wild?
Conversations with security leaders and practitioners about their real-world experience of canaries and honeypots.
Our guests share tactics, detection stories, and lessons learned from production deployments - ranging from technical details to the role deception plays in their defensive strategy, we explore the reality of 'canaries in the wild'.
From the team at Tracebit.