New Video from @NahamSec: AI in Cybersecurity and Hacking

In this video, NahamSec hosts Jason Haddix and Joseph Rozner for an in-depth discussion on the use of artificial intelligence (AI) in the field of cybersecurity and hacking. The conversation begins with an introduction of the guests, both recognized experts in offensive security and bug bounty. Choosing AI Models and Measuring Performance Jason Haddix and Joseph Rozner discuss the criteria they use to choose AI models for their hacking tasks. Jason mentions that he primarily uses ChatGPT and Google's Gemini due to their performance and accessibility. Joseph, on the other hand, prefers Grock and Gemini, emphasizing the importance of contextualization and the ability of models to understand complex technical tasks. They also highlight the importance of testing models with specific prompts to evaluate their performance in real scenarios. Creating Effective Prompts The discussion then turns to the art of creating effective prompts for AI tools. Jason shares a technique he calls "related research terms," where he adds relevant research terms to the end of his prompts to improve the accuracy of responses. Joseph emphasizes the importance of including examples in prompts to obtain high-quality results. They also share concrete examples of prompts they have successfully used in their hacking tasks. Use Cases and Tools The guests share specific use cases where AI has improved their efficiency and success in hacking. Jason mentions automating parts of his reconnaissance methodology with AI, while Joseph talks about using AI to generate HTTP requests and curl commands. They also discuss the tools they use, such as Fabric and Cursor, and the advantages and disadvantages of each. Vibe Coding and Its Implications The conversation then addresses the topic of "vibe coding," a practice where developers use AI to generate code quickly. Although this method is effective for creating prototypes, it can also introduce vulnerabilities if the code is not properly reviewed. The guests emphasize the importance of code review and understanding the security implications of AI-generated code. Risks and Opportunities of AI Agents The guests discuss the risks associated with AI agents that have access to tools and the internet. They mention examples of prompt injection, where attackers can manipulate prompts to make AI agents perform unauthorized actions. However, they are optimistic that security protocols will be developed to mitigate these risks in the future. Advice for Developers and Hackers For developers integrating AI into their applications, the guests recommend understanding the security implications and not putting too much business logic into AI generative functions. For hackers, they advise becoming familiar with prompt injection and AI security techniques, as these skills will become increasingly valuable. The Future of Hacking with AI Finally, the guests discuss whether AI could one day replace humans in the field of hacking. Although they acknowledge that AI is becoming more capable, they believe that human creativity and ingenuity will remain essential. They are optimistic that hackers will always find new opportunities through their ability to innovate and solve complex problems. To learn more, watch the full video at the following address: https://www.youtube.com/watch?v=jT4RVAASPIs