2025-10-14 –, Main Track
Artificial intelligence is no longer just a tool for defenders. It’s a decisive force multiplier for attackers. A new adversary class is emerging: the AI.Attacker. Autonomous agents capable of reconnaissance, planning, and execution at machine speed. Unlike traditional threats, these systems adapt, self-learn, and scale campaigns beyond human operational limits. What once took days or weeks in the intrusion kill chain: recon → resource development → delivery → exploitation, can now collapse into minutes.
Yet this speed also exposes their Achilles’ heel: the pre-attack phase. Before execution, AI.Attackers require accurate, timely intelligence to map targets, identify vulnerabilities, and prepare infrastructure. This is the best, and often only, moment to disrupt them.
This talk presents real-world examples of AI-driven recon, resource development, and exploitation, then introduces a live demo of “AI.Attacker Recon and Exploitation Prevention” a technique and tooling suite that detects and prevent hostile AI reconnaissance. Attendees will leave with a forward-shifted defense model and practical tactics to prevent AI reconnaissance, tipping the balance before the first shot is fired.
Detailed Outline (40–60 minutes)
Introduction (5 min)
• AI’s double-edged role in cyber operations
• Defining the AI.Attacker: architecture, capabilities, and tempo shiftDissecting an AI-Powered Campaign (10 min)
• Kill chain compression: from weeks to minutes
• Case examples:
o Multi-domain reconnaissance using LLMs & vision models
o Instant spear-phishing content generation
o Automated zero-day reconnaissance & exploit matchingThe AI.Attacker’s Achilles’ Heel (8 min)
• Pre-attack phase dependencies: why reconnaissance is the bottleneck
• Environmental mapping, data harvesting, and OSINT ingestion pipelines
• Real disruptions seen in simulated AI attack chainsShifting Defense Left (7 min)
• Exposure intelligence & high-value asset mapping
• Early-warning detefction of AI.Attack infrastructure
• Reconnaissance poisoning: inserting misleading, decoy, or high-noise dataLive Demo: AI Recon in Action (10 min)
• Setup: Simulated AI attacker pipeline running automated recon & target profiling
• Step 1: Detection: identifying hostile autonomous scanning and data scraping
• Step 2: Disruption: feeding deceptive metadata, false topology, and bait domains
• Step 3: Measurement: showing increased error rates in AI targeting & slowed attack timelines
• Outcome: Pre-Attack reliability drops >70%, attack execution delayedCase Studies & Impact Metrics (5 min)
• Pre-attack disruption reducing attacker speed from minutes to days
• Defender ROI: time gained, noise introduced, attacker resource burnAction Plan & Frameworks (5 min)
• Integrating preemptive tactics into NIST CSF 2.0 & MITRE ATT&CK
• How to prepare teams, telemetry, and IoPA assets for AI threat actorsQ&A (5 min)
Target Audience
• CISOs, red team leads, SOC managers, and threat intelligence analysts
• Blue team operators responsible for external attack surface defense
• Security researchers exploring AI-enabled threats
Prerequisites
• Familiarity with intrusion kill chain concepts
• Exposure to AI/ML concepts in cybersecurity
• Basic understanding of reconnaissance and OSINT workflows
Key Takeaways
1. Understand how AI changes the speed and nature of attacks
2. Recognize the pre-attack phase as the decisive interception point
3. See a working PoC for detecting & disrupting hostile AI reconnaissance
4. Adopt a forward-shifted defensive posture that reduces risk before exploitation
Pre-Attack Prevention
Tal professional cyber security experience goes +20 years back. Dealing with threats as a cyber security engineer at various companies, through technical selling of cyber security solutions to enterprise and governments, to innovating new solutions and productizing it, all the way to co-founding malanta.ai, the first Pre-Attack Prevention platform.