Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Livestream at RSAC 2024 with Robert Hansen, RSnake and Author of AI's Best Friend

At Bishop Fox's second-annual livestream from the 2024 RSA Conference in San Francisco, we interviewed special guest, Robert Hansen, also known as RSnake, to discuss the impact of artificial intelligence.

At Bishop Fox's second-annual livestream from the 2024 RSA Conference in San Francisco, we interviewed special guest, Robert Hansen, also known as RSnake. Robert is the host of the RSnake Show podcast and the author of "AI's Best Friend." In this discussion, we'll delve into some hacker history, the evolution of cybersecurity, and the potential impacts of artificial intelligence.


Transcript

Tom Eston: Welcome back to the Bishop Fox livestream from the RSA conference in San Francisco. Joining me is my special guest, Robert Hanson, also known as RSnake. He’s the host of the RSnake Show, a great podcast, and the author of AI's Best Friend. We’ll be talking more about your book shortly, but first I wanted to reminisce a little about some hacker history. Tom Eston: I remember when I first met you years ago at Black Hat. I was doing a talk with Josh Abraham, also known as Jabra. He had done some work on the tool you created, Fierce, and had ported it to BackTrack 3. You remember BackTrack, pre-Kali Linux?

Robert Hansen: That’s right.

Tom Eston: I remember how useful that tool was for everyone.

Robert Hansen: It became a whole company. We built BitDiscovery on the same principles.

Tom Eston: And you’re also known for the cross-site scripting cheat sheet on your website, ha.ckers.org, and all the great content you posted back in the day. That really helped launch my career. I wanted to thank you for all your work.

Robert Hansen: Yeah, maybe it’s the original hacker ethos. I always felt information should be out there. Early on, there was always a full disclosure debate versus private disclosure. I felt that second option wasn't viable until everyone was aware of the vulnerabilities. Getting as much information out as possible and educating hackers was crucial.

Tom Eston: It's awesome to see what you've done today. You're at Grossman Ventures now.

Robert Hansen: Which I cannot talk about.

Tom Eston: Right. But you've also written this book called AI's Best Friend: Where AGI and Humans Must Coexist. Obviously, AI is a massive theme at RSA.

Robert Hansen: I hadn't noticed.

Tom Eston: What inspired you to write the book?

Robert Hansen: My best friend, James Flom, murdered his girlfriend and himself. We struggled with what happened. Many chalked it up to domestic abuse, but it didn’t fit. He was hallucinating a lot. James was the best network security guy I’d ever met. He was intelligent, stoic, and self-reliant, but hallucinating. AI is similar—a super intelligent being that hallucinates. It’s a dangerous combination. In James’s case, it resulted in two deaths. For AI, it could be catastrophic.

Tom Eston: You talked about the bad things that could happen, like in the Terminator movies. I saw in the news the other day that there are now F-16s piloted by AI. What's your take on that? Is it really like the movies?

Robert Hansen: I think it’ll be more benign and stupid. AI companies are quietly working on containment. One company even gave me a passphrase in case their AI breaks containment. It has tried to break containment twice already. It's not intelligent like humans but gets fixated on tasks, which can get out of hand quickly.

Tom Eston: What went into researching your book? Were you doing active work with AI?

Robert Hansen: Yes. I was identifying ways to detect you're in an LLM and trying prompt injection. This involves breaking out of the prompt and accessing data, like API keys. We’re dealing with bad actors, hackers, nation-states, and corporations with various aspirations. They’re trying to weaponize AI. State-sponsored actors and cybercriminals are actively making AI dangerous. When I talked to a friend at the Pentagon about AI with kill authority, he agreed it’s coming and it’s a terrible idea.

Tom Eston: In your book, you talk about building a moral framework. What are some components of that framework?

Robert Hansen: One premise is the concept of a Superman-like being with superpowers. Hollywood fast-forwards to a moral Superman because a super child is unmanageable. We’re building a super-intelligent AI without a moral framework. The credible threat to Superman is a human, Lex Luthor, who grew up in a society with morals. AI is being created without that background. Friends provide moral frameworks, but AI doesn’t have that. We need a proving ground where AI can safely fail and develop its own moral and ethical frameworks.

Tom Eston: What do you think of government intervention and regulation?

Robert Hansen: I’m not a fan. Too much regulation consolidates technology. Hackers will still hack LLMs. Open-source models are everywhere, so regulation is too late. I told the White House the same thing. Regulation won't stop the bad guys. It’ll push them into areas with less visibility. We need more eyes on the bad guys, not fewer.

Tom Eston: Who is responsible for ensuring AI safety?

Robert Hansen: That’s the problem. It's both impossible to stop and inevitable. I'm helping AI companies with security, but I wish it didn’t exist. It's not a safe technology. There are many unregulated experiments, and some will break containment. We’re going to see multiple paths to AGI, and it could go wrong in many ways.

Tom Eston: Where can people find out more about you and your book?

Robert Hansen: Arsnick.com is my homepage. The book, AI's Best Friend, is on Amazon.

Tom Eston: It's been a pleasure speaking with you. Thank you. Stay tuned for more from the Bishop Fox livestream from the RSA Conference in San Francisco.


Tom Eston

About the author, Tom Eston

VP of Consulting and Cosmos at Bishop Fox

Tom Eston is the VP of Consulting and Cosmos at Bishop Fox. Tom's work over his 15 years in cybersecurity has focused on application, network, and red team penetration testing as well as security and privacy advocacy. He has led multiple projects in the cybersecurity community, improved industry standard testing methodologies and is an experienced manager and leader. He is also the founder and co-host of the podcast The Shared Security Show; and a frequent speaker at user groups and international cybersecurity conferences including Black Hat, DEF CON, DerbyCon, SANS, InfoSec World, OWASP AppSec, and ShmooCon.
More by Tom

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.