TL;DR: Applying AI to Security
Clint Gibler
BSidesSF 2024 · Day 1
Clint Gibler, Head of Security Research at Semgrep, delivered a comprehensive and fast-paced talk titled "TL;DR: Applying AI to Security" at BSidesSF 2024. The presentation aimed to provide both a high-level understanding and a wealth of tactical examples for leveraging Artificial Intelligence, specifically Large Language Models (LLMs), to address various cybersecurity challenges. Gibler, who previously expressed skepticism about AI in security in a 2020 blog post, acknowledged the significant advancements in the field and presented a revised perspective, emphasizing practical applications rather than hype.
AI review
The talk provides a rapid-fire overview of current AI/LLM applications in offensive and defensive security. It's a dense, reference-style presentation covering a wide array of use cases from static analysis and exploitation to fuzzing and threat modeling. While it doesn't delve deeply into any single topic, it effectively curates and categorizes a significant amount of recent work, highlighting both promising advancements and current limitations, particularly regarding the reliability and cost of LLM-driven security tools.