Keynote | From Theory to Tradecraft: Building Detection Systems to Track AI-Enabled Adversaries

Everyone's asking the same question: how much is AI actually accelerating attackers? From an AI lab's front-row seat, I'll share what we're seeing—and more importantly, how defenders can adapt.

This talk examines the real-world intersection of generative AI and cyber threats. Drawing on experience building detection systems at Anthropic, I'll explore what AI-enabled adversaries actually have looked like in the wild, which capabilities we believe will be genuinely accelerated over the next year, and how CTI teams can evolve their detection strategies accordingly.

We'll cover:

- The emerging role of AI for intelligence teams—both as a threat vector to monitor and a tool to leverage defensively

- Tracking AI-enabled adversaries and emerging TTPs: what patterns distinguish AI-augmented operations from traditional attacks, and how to identify them

- Principles for building detection systems that catch AI-enabled threats without drowning in false positives or blocking legitimate use

- Frameworks for threat modeling, including how approaches like MITRE ATT&CK mapping can help prioritize which AI-enabled techniques warrant the most attention

Attendees will leave with practical mental models for assessing AI-driven threat actors, a peek at the detection strategies we use, and a clearer picture of where tradecraft is evolving towards.