SANS AI Cybersecurity Forum: Insights from the Front Lines

The SANS Faculty, experts and practitioners in cybersecurity, have been working to build and enhance the AI-driven cybersecurity landscape. In this forum, you will get a unique opportunity to hear firsthand accounts of how they utilize the power of Artificial Intelligence and Machine Learning to make significant advancements in cybersecurity. Our experienced experts will provide valuable insights, strategies, and practical solutions to help you stay ahead in this rapidly evolving technological landscape. Join us on the front lines of cybersecurity as we explore the latest innovations and trends in AI and cybersecurity.

This forum will guide you in:

  • Leveraging GenAI to transform your team's approach to cybersecurity
  • Learning the essential elements of establishing an AI Attack surface red team
  • Exploring the innovative world of "Concierge," a customizable, offline AI built on open-source components designed for enhanced security and user control
  • Understanding beyond theoretical knowledge the AI/ML impacts on threat hunting and incident response capabilities

Forum Agenda

10am – Intro by Rob Lee

10:10am – 10:40am – Real Threat Hunting with AI and ML with David Hoelzer

10:40am – 11:10am – The responsible use of generative AI in academic information security research with Johannes Ullrich

11:10am – 11:40am – Your Journey to the New GenAI-DFIR Era Starts Today with Jess Garcia

11:40am – 12:00pm – Break

12:00pm – 12:30pm – Meet Concierge with Mick Douglas

12:30pm – 1:00pm – Go-Go Gadget Cyber: Extending LLMs with Seth Misenar

1:00pm – 1:30pm – Expertise isn't all you need - Building an AI Red Team with Jorge Orchilles & Tim Schulz

Scroll down for more details.

AI Cybersecurity Forum 2024

Full Agenda

TimeDescription

10am

Intro by Rob Lee

10:10am – 10:40am

Real Threat Hunting with AI and ML

David Hoelzer

Forget the hype - what can you do today to leverage AI and ML to find real threats in an enterprise? Listen and follow along as David Hoelzer, chief of operations for a managed security provider and SANS fellow walks you through ways his team is leveraging AI to solve real cybersecurity problems. We’re not talking about policy generation or retrieval augmented generation; this talk and demonstration is hunting and finding real attackers in novel ways at AI makes possible!

10:40am – 11:10am

The responsible use of generative AI in academic information security research

Johannes Ullrich

Artificial Intelligence (AI) and Machine Learning (ML) methods have become a hot topic in information security research. More and more researchers are expanding the use of these methods and using them to conduct their research. In doing so, researchers need to consider these methods’ ethical and technical pitfalls carefully. Researchers must select methods that describe the problem well, find adequate training data, or choose from existing trained models carefully. In this presentation, we will use some simple examples that are approachable to non-ML experts to illustrate these dangers. You will better understand how to recognize and avoid some of these issues as you approach ML or evaluate existing ML solutions.

11:10am – 11:40am

Your Journey to the New GenAI-DFIR Era Starts Today

Jess Garcia

How exactly will Generative AI (GenAI) change the way Forensicators & Hunters work today?

In this talk Jess Garcia will answer that question by presenting everything you need to know to integrate GenAI in your everyday DFIR tasks and get ready for this new era.

Jess will cover the most important concepts, tools & resources you need to know related to GenAI for DFIR, will describe how to apply them to everyday DFIR tasks and will elaborate on AI-Agents (orchestrators capable of coordinating data sources, LLMs and Tools), the most promising technology today to address many of the complex analysis tasks that Forensicators perform today.

Jess will practically demonstrate how an AI-Agent DFIR Co-Pilot can be easily used to process and analyze forensic artifacts, and how AI-Agents can autonomously solve many of the most challenging tasks that we face in our investigations today.

11:40am – 12:00pm

Break

12:00pm – 12:30pm

Meet Concierge

Mick Douglas

You and your data deserve an AI that's unique to you. Attendees of this session will learn about how Concierge will help dramatically lower the bar to getting started with a local AI where they have full control.

Data Concierge AI (aka Concierge) is a framework that provides some compelling features.

- Answers based on your data, and your data alone

- All answers include clickable links to the file and page used to answer your question

- System prompts are modular and allow different tasks via intuitive web ui

- Default model has a 128K token limit. (vs 4k with GPT 3.5)

- 100% offline RAG

- Exceptionally hallucination resistant

- GPU is optional

- Built with 100% OSS components.

- Quick install method requires just 7 questions!

12:30pm – 1:00pm

Go-Go Gadget Cyber: Extending LLMs

Seth Misenar

In this talk, SANS Faculty Fellow and course author, Seth Misenar will explore potential security implications of extending LLMs beyond their initial self--supervised pre-training. Moving beyond a model’s innate limits can prove advantageous, but some approaches can also materially change the attendant risk profile. Surveying security implications of various extension strategies such as In-Context Learning, (ICL) Retrieval Augmented Generation (RAG), LLM Ensembling, Agentic LLMs, or Fine-Tuning can allow organizations to better navigate the security landscape of extending LLMs.

1:00pm – 1:30pm

Expertise isn't all you need - Building an AI Red Team

Jorge Orchilles & Tim Schulz

Budgets, buy-in, and business - starting up an AI red team requires more than domain specific expertise. Building internal support from senior executives, justifying additional resources, and outlining governance and metrics of success are all crucial components of laying a strong foundation for this dynamic domain. Getting to the point of executing novel attacks on machine learning systems often requires laying out this unappreciated but crucial groundwork. Adding to the complexity is partnering across business units with established Responsible AI teams, Data Scientists, and Machine Learning engineers.

This talk will take attendees through the start of building an AI red team, including shoring organizational support, highlighting milestones for early success, and strategies for laying a solid foundation for internal AI system test and evaluation. Audiences can expect to walk away with resources, strategies, tips, and quick wins related to starting a new AI red team capability.