# D2DO294: AI in My Vuln Research Workflow Page: https://stenobird.com/podcast/day-two-devops/d2do294-ai-in-my-vuln-research-workflow Text version: https://stenobird.com/podcast/day-two-devops/d2do294-ai-in-my-vuln-research-workflow.md Podcast: [Day Two DevOps](https://stenobird.com/podcast/day-two-devops) Published: 2026-02-18T14:39:50+00:00 Episode link: https://packetpushers.net/podcasts/day-two-devops/d2do294-ai-in-my-vuln-research-workflow/ Audio file: https://feeds.packetpushers.net/link/20975/17278571/D2DO294.mp3 Processing state: processed JSON: https://stenobird.com/v1/public/podcasts/day-two-devops/episodes/d2do294-ai-in-my-vuln-research-workflow Duration seconds: 2034 ## Resource Security researcher Kat Traxler demonstrates how to use LLMs as a 'blackboard' to triage massive codebases for vulnerabilities. The discussion explores the tension between AI-driven automation and the necessity of human expertise in security research. ## Highlights - Main idea: Use LLMs as a 'blackboard' to generate ideas and a 'triage' system to filter them, rather than relying on them for final verification - Practical takeaway: Maintain a 'prompt.md' file in projects to provide consistent context to LLMs without repetitive manual instructions - Failure mode: Over-reliance on AI for low-level tasks may erode the foundational skills necessary to develop high-level security expertise - Practical takeaway: Use different AI models for different roles, such as using Gemini for a holistic view of vulnerability classes - Main idea: AI can significantly reduce the search space in large, dense codebases, making manual inspection of thousands of lines feasible ## Topics Vulnerability Research, Artificial Intelligence, LLM, Cybersecurity, DevOps, Code Analysis, Automation, Security Engineering ## Chapters - 1:00 — The AI-Powered Research Workflow: Kat introduces her method of using AI models as a blackboard while she acts as the expert system to triage vulnerabilities. - 3:30 — Reducing the Search Space: How to use LLMs to navigate large, dense open-source codebases to find specific vulnerability targets. - 8:30 — Multi-Model Strategy: Leveraging Gemini to gain a holistic understanding of different vulnerability classes and memory issues. - 13:35 — The Erosion of Expertise: A debate on whether automating entry-level analyst roles will prevent future researchers from gaining essential foundational skills. - 21:00 — Real-World Success: Kat discusses a recent discovery of vulnerabilities found specifically through her LLM-augmented workflow. - 31:10 — Prompt Engineering with Markdown: Using prompt.md files to streamline context injection and improve the reproducibility of AI-driven research. ## Actions - request_transcript: `POST https://stenobird.com/v1/public/podcasts/day-two-devops/episodes/d2do294-ai-in-my-vuln-research-workflow/transcription-requests` — Idempotently request low-priority transcript generation for this episode. - read_markdown: `GET https://stenobird.com/podcast/day-two-devops/d2do294-ai-in-my-vuln-research-workflow.md` — Read the agent-friendly Markdown representation of this episode resource. A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed. ## Transcript Full transcripts are not published on public pages unless there is a clear rights basis.