[{"content":"AI this, AI that and after that comes \u0026ldquo;Cybersecurity is DEAD, it will be replaced with AI in X years!\u0026rdquo;. But does this really stand? I just want to write a big series about what is currently doable and whats not, and, generally, why are we far off from AI replacing pentesters (and specifically web pentesters as myself).\nWho am I If youre not coming from my linkedin — nice to meet you. I am a web application pentester by r-tec, just shy of 2 years in the company, with a lot of experience before this in CTFs and Bug Bounty.\nMy niche? Probably weird CLNT/INPV-01 vulns and a lot of ATHZ (Another blogpost about this is Coming_soon_TM). Also browser exploitation (I hope I will get the chance to publish my dirty work in the future).\nThe last couple of months I was really digging deep into doing LLM-Driven (Local AND Claude) WSTG-Coverage projects (so yeah, Im not going to tell you about VIBEHACKING here, the point was to really cover the whole app from A to Z), and well, I am here to tell you my journey and why AI-Apocalypse is certainly not coming yet.\nWhy now? Well, the answer is really simple — Im just tired of explaining each and every time to all my friends and not-so-techy people why my work is not DONE. Im certainly not an AI hater, but I want to give a realistic view on things as I see it right now.\nWhat I am planning on covering P1: Current landscape. Mostly me ranting about how I hate whats populated in the current \u0026ldquo;Automatic Pentests with AI\u0026rdquo; trend and why it is certainly NOT the way. P2: Whats working right now. My experience playing around with AI and what it can do (or, at least, what is working good enough from my perspective). P3: Whats NOT working. Other side of the battlefield and the main point — what is not working and probably will never really work. Again, with my hands-on experience and maybe some snippets here and there. First one (P1) should be up in about a week. Expect some code and prompt snippets along the way — but not a lot, I am not going to dump my whole internal infra on you.\nAnd NO, its not another AI-written slop (well, it will proofread for me, but the content IS mine), so I hope it will be somewhat interesting to read. These are my ideas and my discoveries, and I am always open to discuss what I am writing about and correct myself where I am wrong.\nIf you want to yell at me, correct me, or just say hi — my linkedin is open. Also you can always write a comment or reach me per email Nin3TailedF0x@protonmail.com. See you in P1.\n","permalink":"http://blog.ninetailedf0x.com/posts/can-we-really-automate-with-ai-p0/","summary":"Kicking off a series on whether AI can actually replace web pentesters — who I am, why I\u0026rsquo;m writing this, and what\u0026rsquo;s coming in P1-P3.","title":"Can we *really* automate with AI?"}]