Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Contact Sales
Contact Sales

Find Evil! — SANS Launches the First Hackathon for Autonomous Incident Response

SANS launches Find Evil!, the first hackathon for autonomous incident response. Build AI agents on Protocol SIFT to triage attacks, hunt threats, and produce reports at machine speed.

Authored bySANS Institute
SANS Institute

SANS Institute is launching Find Evil!, the first hackathon dedicated to building autonomous AI agents for incident response.

In November 2025, Anthropic's security team published findings on GTG-1002, a Chinese state-sponsored operation where attackers used Claude Code, MCP, and security tools to run autonomous reconnaissance, exploitation, and lateral movement at 80-90% autonomy, at request rates Anthropic described as "physically impossible" for human operators.

The goal of Find Evil! is to give defenders the same architecture: an AI agent that thinks like a senior analyst, sequences its approach, recognizes when something does not add up, and responds at the speed of the attack.

Participants build on Protocol SIFT, a proof-of-concept framework that connects AI agents to the SIFT Workstation's 200+ incident response tools through Model Context Protocol (MCP). The SIFT Workstation is the open-source incident response platform the DFIR community has developed for 19 years, with 60,000+ downloads annually.

Who Should Join the Hackathon?

  • Security professionals: you’ve been finding evil manually for years. Build the AI partner you wish you had at 3 AM during an active incident.
  • AI/ML engineers: apply your skills to a domain where speed determines whether attackers win. Real case data, real tools, no toy datasets.
  • Students and early-career builders: no IR background required. The SIFT Workstation is your on-ramp to the most in-demand intersection in tech.
  • Open-source contributors: every submission lives on as a community tool. Build something thousands of responders will use.

No incident response background required. Teams of 1 to 5.

$22,000 in prizes, including SANS Summit passes, hotel, and OnDemand courses for team members. First place: $10,000 plus a full Summit package for every team member. Winning code gets reviewed for integration back into Protocol SIFT.

Registration is open now. Hackathon starts April 15. Submissions due June 15.

Registration and rules at findevil.devpost.com.

Built by the community, for the community.

Meet Your Author

SANS Institute
SANS Institute

SANS Institute

Launched in 1989 as a cooperative for information security thought leadership, it is SANS’ ongoing mission to empower cybersecurity professionals with the practical skills and knowledge they need to make our world a safer place.

Read more about SANS Institute