2026-06-01 –, Room 1
LLMs can surface new attack vectors quickly. They also hallucinate issues that are not actually exploitable, wasting valuable time. As a result, having a way to deterministically evaluate their findings is vital.
In this talk, I present an agentic, skill-based workflow that combines fast AI-driven discovery with deterministic integration tests. Every potential attack is validated before publication, protecting against hallucinations.
Using this approach, I identified over a dozen new AWS IAM privilege escalation paths. I'll walk through the open source lab-based infrastructure and testing system that made this validation possible, and show how the approach scales to broader security research. I will also introduce a brand new Metasploit-style exploitation framework for IAM privilege escalation built on the same methodology.
Attendees will learn how to apply deterministic validation to their own AI-assisted research, and leave with new IAM privilege escalation paths to look for in their own environments.
Seth Art is currently a Security Researcher & Advocate at Datadog. Prior to joining Datadog, Seth created and led the Cloud Penetration Testing practice at Bishop Fox. He is the author of pathfinding.cloud, an AWS IAM privilege escalation library, and has published many open source tools including BadPods, IAMVulnerable, and CloudFoxable, and is the co-creator of the popular cloud penetration testing tool, CloudFox.