Every week it’s the same headline: AI this, AI that, capped off with “Cybersecurity is DEAD, AI will replace it in X years!!!!” Im calling BS, but instead of just ranting into the void, I want to actually break it down: whats doable right now, whats not. And, of course, why we are far off from AI replacing pentesters.
Who am I
If youre not coming from my linkedin - nice to meet you. I am a web application pentester by r-tec, just shy of 2 years in the company, with a lot of experience before this in CTFs and Bug Bounty.
My niche? Probably weird CLNT/INPV-01 vulns and a lot of ATHZ (Another blogpost about this is Coming_soon_TM). Also browser exploitation (I hope I will get the chance to publish my dirty work in the future).
The last couple of months I was really digging deep into doing LLM-Driven (Local AND Claude) WSTG-Coverage projects (so yeah, Im not going to tell you about VIBEHACKING here, the point was to really cover the whole app from A to Z), and well, I am here to tell you my journey and why AI-Apocalypse is certainly not coming yet.
Why now?
Well, the answer is really simple - Im just tired of explaining each and every time to all my friends and not-so-techy people why my work is not DOOMED. Im certainly not an AI hater, but I want to give a realistic view on things as I see it right now.
What I am planning on covering
- P1: Current landscape. Mostly me ranting about the current “Automatic Pentests with AI” trend, and why it is certainly NOT the way.
- P2: Whats working right now. My experience playing around with AI and what it can do (or, at least, what is working good enough from my perspective).
- P3: Whats NOT working. Other side of the battlefield and the main point - what is not working and probably will never really work. Again, with my hands-on experience and maybe some snippets here and there.
First one (P1) should be up in about a week. Expect some code and prompt snippets along the way - but not a lot, I am not going to dump my whole internal infra on you.
And NO, its not another AI-written slop (well, it will proofread for me, but the content IS mine), so I hope it will be somewhat interesting to read. These are my ideas and my discoveries, and I am always open to discuss what I am writing about and correct myself where I am wrong.
If you want to yell at me, correct me, or just say hi - my linkedin is open. Also you can always write a comment or reach me per email Nin3TailedF0x@protonmail.com. See you in P1.
comments