2025-11-15 –, Room 402
Like the uncanny valley tin can voice in so many AI generated commercials and ads right now, it’s the weirdness of how the AI threat lives on LAN that betrays it. It looks almost like a user; almost like a service account. Almost.
We’re in a new cyber-era, the age of AI threats. In catching my first malicious AI Agent, arguably a bleeding edge threat, the simplest logs I know of—ARP tables, Switch CAM tables, and packet forensics—revealed the shape of the threat when tools leveraging cber intelligence failed. As Agentic AI threats become the Worm 2.0, analysis of network appliances and packets give security pros the tools to understand the shape of the threat, highlighting the weirdness that betrays AI threats.
We live in a world of IPS, EDR, NDR, Next-Gen Firewalls, even many wireless access points have signature matching and check packets against threat intelligence. That's great for known threats. But the AI threat is inherently zero-day. It’s “polymorphic.” The attack evolves as the AI agent explores possible threat vectors. HR doesn’t do that. Accounting doesn’t do that. IT staff kind of do that a little bit, but we can plan for that. The point is we know the profile, the shape of human network activity.
Evolving doesn’t always mean shiny and new. Don’t neglect the basics. I’ll demonstrate how to detect AI threat activity with the simple network switch, and similar devices.
Dad, Native Plants Enthusiast, and IT Architect specialized in Network Forensics
School:
3 years studying biology. 1 year giving up to study Cisco certs and pivot.
Work:
5 years in the enterprise space in network engineering, 6 years in the vendor space working with Network Detection and Response technology.
Certs:
Some CCNAs, Part of a CCNP
CompTIA A+, Net+, Sec+, CySA+
AWS CCP, AWS-SAA
And sometimes I talk about IT-Sec stuff on YouTube Channel SteveInIT