Prompt Scan Exploit AI’s Journey Through 0Days and 1000 Bugs
D. Jurado, J. Nogue
DEF CON 33 · Day 1 · Main Stage
This talk, presented by D. Jurado and J. Nogue at DEF CON, delves into the development and capabilities of an autonomous AI-powered penetration testing system. The speakers unveil a sophisticated architecture designed to mimic human pentesting methodologies, from initial reconnaissance and vulnerability discovery to intelligent validation and ethical boundary enforcement. The core innovation lies in its ability to not only identify a wide array of vulnerabilities but also to rigorously validate findings, combatting the common pitfalls of AI such as hallucinations and false positives.
AI review
Jurado and Nogue present a real, working autonomous AI pentesting system with genuine engineering effort behind it — the validator architecture, alloy model ensemble approach, and diminishing-returns resource allocation are legitimate contributions worth hearing about. The talk is hurt badly by the demo getting axed and by a write-up that oversells the novelty; the core ideas are solid but not groundbreaking enough to clear 4 stars without the proof.