Stenobird

Episode

D2DO294: AI in My Vuln Research Workflow

Podcast
Day Two DevOps
Published
Feb 18, 2026
Duration seconds
2034
Processing state
processed
Canonical source
https://packetpushers.net/podcasts/day-two-devops/d2do294-ai-in-my-vuln-research-workflow/
Audio
https://feeds.packetpushers.net/link/20975/17278571/D2DO294.mp3
JSON
/v1/public/podcasts/day-two-devops/episodes/d2do294-ai-in-my-vuln-research-workflow
Markdown
/podcast/day-two-devops/d2do294-ai-in-my-vuln-research-workflow.md

Actions

  • POST https://stenobird.com/v1/public/podcasts/day-two-devops/episodes/d2do294-ai-in-my-vuln-research-workflow/transcription-requests
    Idempotently request low-priority transcript generation for this episode.
  • GET https://stenobird.com/podcast/day-two-devops/d2do294-ai-in-my-vuln-research-workflow.md
    Read the agent-friendly Markdown representation of this episode resource.

Summary

Security researcher Kat Traxler demonstrates how to use LLMs as a 'blackboard' to triage massive codebases for vulnerabilities. The discussion explores the tension between AI-driven automation and the necessity of human expertise in security research.

Topics

  • Vulnerability Research
  • Artificial Intelligence
  • LLM
  • Cybersecurity
  • DevOps
  • Code Analysis
  • Automation
  • Security Engineering

Highlights

  • Main idea: Use LLMs as a 'blackboard' to generate ideas and a 'triage' system to filter them, rather than relying on them for final verification
  • Practical takeaway: Maintain a 'prompt.md' file in projects to provide consistent context to LLMs without repetitive manual instructions
  • Failure mode: Over-reliance on AI for low-level tasks may erode the foundational skills necessary to develop high-level security expertise
  • Practical takeaway: Use different AI models for different roles, such as using Gemini for a holistic view of vulnerability classes
  • Main idea: AI can significantly reduce the search space in large, dense codebases, making manual inspection of thousands of lines feasible

Chapters

  1. 1:00 The AI-Powered Research Workflow: Kat introduces her method of using AI models as a blackboard while she acts as the expert system to triage vulnerabilities.
  2. 3:30 Reducing the Search Space: How to use LLMs to navigate large, dense open-source codebases to find specific vulnerability targets.
  3. 8:30 Multi-Model Strategy: Leveraging Gemini to gain a holistic understanding of different vulnerability classes and memory issues.
  4. 13:35 The Erosion of Expertise: A debate on whether automating entry-level analyst roles will prevent future researchers from gaining essential foundational skills.
  5. 21:00 Real-World Success: Kat discusses a recent discovery of vulnerabilities found specifically through her LLM-augmented workflow.
  6. 31:10 Prompt Engineering with Markdown: Using prompt.md files to streamline context injection and improve the reproducibility of AI-driven research.