- By BPR
- 0 comments
AI-Assisted Penetration Testing
At Best Path Research, we recently completed a black box web application penetration test for a major Japanese company. By combining manual testing with AI-driven tools, we identified critical vulnerabilities more quickly and effectively than we could have done with manual methods alone. We were able to successfully mitigate a number of serious potential vulnerabilities before the site was released publicly.
Reinforcement Learning use in Penetration Testing
Based on modern generative AI (genAI) and machine learning (ML), we’re now applying reinforcement learning (RL) techniques to further automate parts of the web application testing process, starting with popular, and potentially high-risk, open-source blogging and website software. These RL-based agents learn to autonomously identify and probe common security flaws and mis-configurations in an isolated environment, mimicking the ways in which an experienced, malicious, human hacker might attempt to discover and exploit the same vulnerabilities.
Mitigating LLM Exploits in Public-Facing Systems
We’re also focusing on securing public-facing large language models (LLMs) which can be susceptible to exploits through prompt injection or jailbreak techniques which can leak sensitive information or execute unintended actions. Such exploits are conceptually similar to classic SQL injection vulnerabilities which were a focus in our recent web application pen-testing work. Our future work includes testing frameworks and safeguards to help companies safely deploy LLMs in production.
Generative AI Threats
The flip side to the many positive uses of genAI is that they are already being used by attackers to craft convincing phishing emails and realistic social engineering attacks. Recent hacks even use audio and video genAI models to trick employees into revealing sensitive information during telephone calls or in video messages. With our decades of combined experience in AI and ML, we’re also developing tools to detect and defend against these evolving threats before they reach end users.
At Best Path Research, we’re using AI to strengthen both offensive and defensive security capabilities, helping companies stay safe and secure in a rapidly changing threat landscape.