Using AI for Offensive Security: A Practitioner Guide

After 25 years in offensive security, I've seen a lot of tools come and go. AI-assisted hacking is different — it's not just faster, it's qualitatively different in what's possible for a skilled operator.

What AI actually changes about red teaming

The bottleneck in most engagements isn't capability — it's time. Enumerating 5,000 hosts, triaging findings, writing a report. AI collapses the time cost of these phases dramatically.

# Old workflow: manual triage of nmap XML output
nmap -sV -oX scan.xml 10.0.0.0/24
grep "open" scan.xml | sort -u  # painful

# AI-assisted: pipe directly to an agent
nmap -sV -oX scan.xml 10.0.0.0/24
curl -X POST https://api.openclaw.local/analyze \
  -d @scan.xml \
  --prompt "Identify highest-priority attack surface, explain why"

Where AI genuinely excels

Code review for vulns — Feed a repository to a capable model and ask for security review. It finds logic bugs and injection points that grep-based scanners miss.

Custom payload generation — Describe the target stack and constraints; get a crafted payload. No more hunting HackTricks for the exact syntax.

Report writing — This alone saves 4-6 hours per engagement. Feed findings + evidence; get a client-ready report draft.

Active Directory enumeration reasoning — BloodHound gives you a graph. An LLM can reason about attack paths at a higher level than most analysts.

The limitations (be honest with yourself)

• AI hallucinates CVEs and PoCs. Verify everything before using in a real engagement.
• Models don't have up-to-date exploit databases. They know about vulns up to their training cutoff.
• AI is bad at novel binary exploitation — it's a human skill domain still.

Defensive takeaways

AI-assisted attackers move faster and enumerate more systematically. Your detection needs to catch the behavior patterns, not the tools:

• Velocity-based detection: flag hosts that get enumerated across multiple protocols in short windows
• Credential spray detection: AI finds valid usernames and sprays smarter than humans
• Alert on systematic discovery of high-value assets