AI is changing the way that we work – in both productive, positive ways and in risky, negative ways. Our adversaries have been training for these moments of disruption, and now have a new set of LOTL techniques available to them based on the LLM tools deployed on our systems. Hunting, disrupting and responding to these new events requires a revised methodology with security chaos engineering and responding to various Indicators of Attack. Outsmarting the AI adversary requires us to think outside the box of defined signature-based blocking methods, instead focusing on the behavior and capturing ephemeral data before threat actors delete their tracks. In this presentation, we will discuss opportunities to enhance our DFIR programs accordingly.
