Skip to main content

The Evolution of the Digital Predator: Using AI to Evade Security Controls

Since the advent of the computer, there has been a never-ending game of cat and mouse between those seeking to harm and those seeking to protect the end user.

Download file

SANS_The_Evolution_of_the_Digital_Predator_Using_AI_to_Evade_Security_Controls (PDF, 0.82MB)

20 Dec 2023
ByFoster Nethercott
Share
All papers are copyrighted

No re-posting of papers is permitted

Related Content

From Alert to Evidence: Evaluating AI Agents for Cyber Forensic Triage

Research Paper

Cyber defense teams are beginning to experiment with large language models in security operations, but their usefulness in digital forensics and incident triage is still uncertain.

  • 11 Jun 2026
  • Connor Blackard

Secure By Design: An Exploration of the Application of Generative AI in Threat Modeling Technical Design Documents

Research Paper

This paper explores the efficacy of large language models (LLMs) for creating comprehensive threat models by analyzing technical design documents, particularly when provided with additional contextual information about the product's underlying infrastructure and deployment environment.

  • 27 May 2026
  • Mark Oswald

Leveraging Large Language Models for Cross-Vendor Firewall Configuration Migration: A Comparative Case Study of Claude and ChatGPT

Research Paper

This paper investigates how two current-generation large language models (LLMs) perform on a single, representative firewall migration task.

  • 12 May 2026
  • Omar Zaman

Autonomous Defense Induced Disruption: How AI-Driven Automated Response Can Be Manipulated to Disrupt Enterprise Operations

Research Paper

The research highlights the need for governance controls, privilege-aware safeguards, and system-level constraints to prevent autonomous containment from causing operational disruption.

  • 12 May 2026
  • Marcio Enriquez

Your Sensitive Data Has Left the Chat: LLMs as Sensitive Data Detectors

Research Paper

This paper seeks to evaluate the hypothesis that language models, large and small, can perform well at sensitive data classification and to offer a solution for companies trying to detect contextually sensitive data in their AI workflows.

  • 12 May 2026
  • Colten Davis

Post-Exploitation: C2 Framework Effectiveness Against Advanced Audit Logging

Research Paper

This research paper examines the effectiveness of a sample of open-source Commandand-Control (C2) frameworks in evading advanced audit logging during postexploitation.

  • 20 Mar 2026
  • Benjamin Evans

Leveraging Generative AI for Password Cracking Efficiency Under Resource Constraints

Research Paper

The purpose of this research is to investigate whether generative AI can alleviate the hardware and financial burdens of password cracking (password recovery) while maintaining or even improving cracking success rates.

  • 20 Mar 2026
  • Wesley Keller

AI-Human Collaboration in Modern SOCs

Research Paper

Enterprises face upwards of 3,000 security alerts daily, and according to the SANS 2025 SOC Survey, two-thirds of security operations center (SOC) teams cannot keep pace.

  • 17 Mar 2026
  • Mathias Fuchs

Detecting AI Pickling

Research Paper

This study examines whether static analysis is a dependable "certification gate" for ingesting third-party, pickle-based AI model artifacts from open-source model hubs into a trusted internal registry.

  • 12 Mar 2026
  • Bryan Nice

How Many LLMs Does it Take to Classify a Suspicious Email?

Research Paper

This study examines the accuracy, reliability, and operational behavior of three widely available LLMs using a dataset of 2000 human-written emails containing both legitimate and suspicious messages.

  • 12 Mar 2026
  • Bridget Bartell

Autonomous Threat Emulation and Detection Using Agentic AI

Research Paper

Traditional threat emulation frameworks struggle to capture the dynamic and adaptive behaviours of modern Advanced Persistent Threats (APTs), leaving defenders reliant on static tests that quickly become obsolete.

  • 10 Mar 2026
  • Marcus Dillion Yin

Evaluating Configurations for Reducing Problematic Emotional Engagement in Enterprise LLM Deployments: Implications for Insider Threat Risk

Research Paper

The risks of Large Language Models (LLMs) include triggering psychological drivers associated with malicious insider threat behavior. This study utilized AWS Bedrock to demonstrate that specific system-level configurations and guardrails can effectively mitigate these risks by reducing problematic human-AI engagement.

  • 2 Mar 2026
  • J. Wolfgang Goerlich

Enhancing Security Operations with Google Threat Intelligence

Research Paper

This product review examines how Google Threat Intelligence's extensive data sources, real-time insights, and investigative capabilities can elevate SecOps workflows and strengthen an organization’s defensive posture.

  • 24 Nov 2025
  • Dave Shackleford

No-Cost Detection of Endpoint Hard Drive Removal

Research Paper

This paper analyzes low-cost detection methods, using existing hard drive counters from Self-Monitoring, Analysis, and Reporting Technology (S.M.A.R.T.) and the Windows Registry, for their fidelity in detecting hard drive removal.

  • 19 Nov 2025
  • Ryan A. Graham

Automating Generative AI Guidelines: Reducing Prompt Injection Risk with 'Shift-Left' MITRE ATLAS Mitigation Testing

Research Paper

Automated testing during the build stage of the AI engineering life cycle can evaluate the effectiveness of generative AI guidelines against prompt injection attacks.

  • 7 Nov 2025
  • Adam Wilson

Can Your Security Stack Handle AI? An Empirical Assessment of Enterprise Controls Versus Generative AI Risks

Research Paper

Enterprise security teams face a critical dilemma. Executives want AI productivity gains, but it remains uncertain if existing security controls can handle the risks.

  • 6 Nov 2025
  • Blake Roth

Evaluating Large Language Models for Automated Threat Modeling: A Comparative Analysis

Research Paper

This study investigates the use of Large Language Models (LLMs) as an assistant to conduct threat models of systems or applications.

  • 6 Nov 2025
  • Eric Sekercan

Interrogators: Attack Surface Mapping in an Agentic World

Research Paper

This research introduces the concept of AI agent interrogators and the open-source project Agent Interrogator, an opaque box interrogation framework designed to map the attack surface of agentic systems.

  • 23 Oct 2025
  • Michael Samson

Continuous Penetration Testing: Closing the Gaps Between Threat and Response

Research Paper

This paper examines how Sprocket Security leverages attack surface management (ASM) to provide defenders with much-needed visibility and control.

  • 5 Sep 2025
  • Chris Dale

Fixing What You Broke: Can AI Be Used to Thwart AI-Generated Malware?

Research Paper

This paper will compare the results of AI-generated malware analysis using legacy tools and various AI models and prompts to develop best practices to protect organizations of all sizes.

  • 3 Sep 2025
  • Owen Slubowski