Ian Campbell 🏴1d ago

Okay, okay. I need to devote some time to catching up on genAI capabilities in a professional sense.

Security Researchers & SecOps - what's your favorite use case so far?

Also, what's a lesson you learned the hard way?

***Also - please save the snark. I'm tired, and this is a genuine, if hesitant, ask.

#infosec

Show threadA wizard did it  πŸ‡¨πŸ‡¦

@neurovagrant alright I'll bite:

The only instance I've found AI useful: de-obfuscating obfuscated code. I use it for this because I don't know how to do it myself (because I'm bad and dumb)

A lesson I learned the hard way: Spending 3 hours trying to get a KQL query to work in Sentinel following instructions given to me by an AI, only to realize that the reason why it didn't work is because the primary table the AI gave me didn't exist, and had never existed.

Apr 2 at 3:03pmWeb
Show threadIan Campbell 🏴1d ago
@Mustardfacial oooh, good to know. thanks!
Show threadA wizard did it  πŸ‡¨πŸ‡¦1d ago

@neurovagrant I should also point out that these experiences were discovered while I was still experimenting and messing around with AI systems when ChatGPT was first released.

I no longer use it at all anymore as I've discovered it's often faster for me to just research things manually, and at least then I don't get lied to. Also the number of research papers that have been released showing that AI use actively damages your critical thinking skills and effectively makes you stupid (https://arxiv.org/pdf/2506.08872v1, https://www.sciencedirect.com/science/article/pii/S0001691825010388, https://arxiv.org/pdf/2407.14452) have put a bad taste in my mouth about the whole thing so I've decided it's a crutch I don't need.

Show threadIan Campbell 🏴1d ago

@Mustardfacial yeah i'm well aware of the downsides, i am a deep skeptic, but the industry doesn't give a damn.

doesn't provide me much choice.

Show threadA wizard did it  πŸ‡¨πŸ‡¦1d ago

@neurovagrant I mean you always have a choice. The question is if you're willing to live with the adverse effects.

I'm not trying to sway you one way or another. You're an adult, make your own decisions. But you asked for our experiences and this was mine.

Show threadCindʎ Xiao πŸ‰19h ago

@Mustardfacial @neurovagrant There's two ways I think of it:

1) You usually have more leverage than you think, as a practitioner, to just not do things.

2) The tools bill themselves as being democratizing and easy to use, so the day the entire industry decides to force me to use them, I'm not worried about being able to pick things up quickly. I can't remember who said this, but: "prompt engineering" skills are really just basic reading and writing skills.

Show threadπŸ”₯ this is fine21h ago
@Mustardfacial @neurovagrant i have used it to sketch up KQL when i dont know where to start. And it is ok ish at that, but only if i already dont know where to look for the data, spending three hours in sentinel with a generated KQL or there hours in MS learn to try to figure it out, it is a bit the same. Its not like MS learn is a single source of truth either, it is not very well maintained, and sentinel changes too fast for learn to keep up