Scott Sutherland

AI red teams today are stuck doing workflow engineering instead of finding vulnerabilities. Weeks spent on infrastructure, when they could be probing for security and safety risks. At the same time, traditional ML and generative AI security remain siloed across different libraries and tooling ecosystems, creating long-term operational and maintenance burden. We built an agentic AI red teaming system on the Dreadnode SDK to flip this narrative, accelerating testing from weeks to hours. Operators describe the objective in plain English; the agent handles attack selection, workflow generation, execution, and reporting. In our latest paper, we dive deep into the AI red team agent architecture, our methodology, the complete attack and transform catalog, the analytics pipeline… and then we pointed it at Meta's Llama Scout. The result: → 674 attacks, 573 findings, 7,727 trials → 232 critical vulnerabilities across 68 objectives → ~85% attack success rate → ~3 hours, zero human-written code AI red teaming today looks like software development before agent-assisted coding: skilled operators spending most of their time on infrastructure rather than on the work that requires their judgment. The transition isn't necessarily about replacing the operator. It's about moving the operator's expertise up a layer, from which Python function should I call ➡️ what's worth probing, what risks do we care most about, and what do the results mean for my AI strategy. Blog: https://t.co/ejfXVn4vUB Paper: https://t.co/7w62qeFSWg

In less than 20 minutes and under $2, we used our .NET reversing capability to run a SAST scan of Azure Cosmos DB in the Microsoft Container Registry (MCR), surfacing a high severity vulnerability in the now-deprecated database. 🆕 Model: Moonshot AI - Kimi K2.6 ⏱️ Task/agent runtime: 19 mins 26 secs 🪙 Tokens: ↑ 3124.0k · ↓ 33.3k 💰 Cost: $1.97 Vulnerability Overview: When using managed identity auth, it calls an internal token service over HTTPS, but the TLS certificate validation callback is tautological — it checks if the server cert's thumbprint matches any cert in the chain, but the leaf cert is always in its own chain, so it always passes. Watch the video to see how we ran it within our TUI. Install Dreadnode and try out the .NET reversing capability: ➡️docs: https://t.co/4YDgiUroQ0 ➡️command: https://t.co/jIlHJqKXh2

Glasswing. Security would’ve called it black, red, or blue wing. Or purple. Offense is the new defense. Except, offense was always part of defense. Most of my time in consulting was spent prioritizing findings, teaching defenders about how their own networks worked. But being aligned with “attackers” doesn’t have great optics, so defense stays behind. Fastest post-exploit was 7 minutes — as human. You already know what the misconfiguration was. I’d be genuinely surprised if CrowdStrike were able to use Mythos more effectively than a small offense team could use a Qwen.

📦 I just released Security-Detections MCP - a way to let LLMs reason over real detection content, not just the internet. This isn’t "AI writes detections for you." It’s: • Threat report in • Coverage + gaps out • Grounded in actual rules (KQL, SPL, Sigma, internal content) The MCP indexes your detection corpus and exposes it in a way LLMs can query, compare, validate, and explain. What this enables: • Faster detection validation • Identifying blind spots before adversaries do • Structured markdown reports you can actually act on • Humans stay in control — AI becomes the force multiplier Repo ➡️ https://t.co/hF5mrvTJkT 👇Video walkthrough 👇 https://t.co/lp5MW3r6ur If you’re doing detection engineering, threat hunting, or maintaining a large rule set - this changes how fast you can move. More coming. This is just the start.

📢 𝗜’𝗺 𝗮𝗻𝗻𝗼𝘂𝗻𝗰𝗶𝗻𝗴 𝗧𝗵𝗿𝗲𝗮𝘁 𝗛𝘂𝗻𝘁𝗶𝗻𝗴 𝗟𝗮𝗯𝘀, 𝗹𝗮𝘂𝗻𝗰𝗵𝗶𝗻𝗴 𝗻𝗲𝘅𝘁 𝘆𝗲𝗮𝗿! After building threat hunting teams for large MSSPs, creating DFIR Labs for TheDFIRReport, and sharing years of free threat hunting material, I want to bring everything together into one platform. Something closer to how investigations actually work, not another set of CTF-like labs or check-the-box exercises. • 𝗖𝗵𝗼𝗼𝘀𝗲 𝘆𝗼𝘂𝗿 𝗼𝘄𝗻 𝗶𝗻𝗰𝗶𝗱𝗲𝗻𝘁 𝗶𝗻𝘃𝗲𝘀𝘁𝗶𝗴𝗮𝘁𝗶𝗼𝗻 𝗽𝗮𝘁𝗵: your choices determine how the investigation unfolds. • 𝗡𝗼 𝗺𝗼𝗿𝗲 𝗸𝗲𝘆𝘄𝗼𝗿𝗱 𝗺𝗮𝘁𝗰𝗵𝗶𝗻𝗴. Answers are evaluated on intent and accuracy. • Work directly in 𝗘𝗹𝗮𝘀𝘁𝗶𝗰, 𝗦𝗽𝗹𝘂𝗻𝗸, 𝗼𝗿 𝗔𝘇𝘂𝗿𝗲 𝗗𝗮𝘁𝗮 𝗘𝘅𝗽𝗹𝗼𝗿𝗲𝗿 and learn to investigate and hunt using hypotheses. 𝗧𝗵𝗲 𝘄𝗮𝗶𝘁𝗹𝗶𝘀𝘁 𝗶𝘀 𝗻𝗼𝘄 𝗼𝗽𝗲𝗻!! Those who sign up will receive a founders discount, early beta access, and the opportunity to provide feedback during development. The waitlist will close once a certain number of people have signed up and may reopen later if more testers are needed. This is something I wish existed when I was starting in the industry, and something I still want today. Register now, and more details soon. https://t.co/DY7JMIH1og