BSides Tallinn 2025

Generative AI promises to revolutionize how security operations teams and investigators detect and respond to threats but, how much of this promise is real and how much is just hype?

In this talk, we go beyond vendor marketing to explore what practitioners and experts really think about GenAI’s place in modern detection and response workflows. Drawing from a Delphi study I conducted with global SOC leaders and AI specialists as part of my academic research with Luleå University of Technology in Sweden, we’ll uncover:

• Where GenAI is already making an impact (and where it's not) for detection and response workflows

• Key opportunities for GenAI in threat detection, triage, and investigation

• Real-world challenges: hallucinations, trust issues, operational risks, and more

• How security analyst roles and skills are evolving in the face of GenAI adoption

• Practical considerations for integrating GenAI into existing detection and response SOC processes

Expect an honest, evidence-based discussion, free of buzzwords, and grounded in what the experts are actually experiencing on the ground.

Whether you're skeptical or optimistic about AI in detection & response workflows, this session will give you a grounded view of the path forward.

In this hands-on workshop, participants will walk through the core steps of a threat hunt - from forming a threat hypothesis to testing it against real-world data. You’ll learn how to frame hypotheses based on attacker behaviors, identify the right data sources, and validate your findings using structured hunting techniques. Whether you're new to threat hunting or looking to sharpen your approach, this session will give you practical skills to hunt smarter.