Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Contact Sales
Contact Sales

The Deep Dive: New Details from the SANS Top 5 Keynote Panelists

What happened when the audience got the microphone the morning after the RSAC keynote.

The SANS Top 5 Most Dangerous New Attack Techniques keynote at RSAC has always been a sprint: five critical threats, six minutes each, one moderator keeping the clock. The format works because it forces clarity, but it also means the panelists leave a lot on the table.

This year, RSAC added something new: a follow-up session the next morning where the same panelists took unfiltered questions from the audience. Ed Skoudis, Joshua Wright, Robert M. Lee, Heather Barnhart, and Rob T. Lee sat down at 8:30 AM on Wednesday, and for 50 minutes the conversation went places the keynote stage couldn’t. Here’s what came out of it.

A Small Utility Beat China’s Best Hackers with the Basics

Robert M. Lee shared what he called his favorite case study: a small electric and water utility in Asia that was targeted by a top-tier Chinese state actor. The attackers ran a sustained campaign for over 300 days, attempting to penetrate the utility’s operational technology environment. They got into the IT networks. They could not reach OT.

The reason was not sophisticated tooling or a massive security budget. The utility’s general manager had put fundamental controls in place and built a security culture across the organization. When the intrusion was detected, the utility called in its response teams and won.

Lee used the story to push back on the narrative that small organizations are helpless against nation-state adversaries: “All these discussions about how offensive operations are unstoppable against small players. This general manager put all the basics in place and built a good security culture, and when China’s A-team came at them, they couldn’t be successful.”

He was equally blunt about what most of the industry’s 55,000 power systems actually need. Ninety-seven percent of the nation’s 3,880 utilities generate less than $100 million in revenue. Many share a single contractor across six organizations and some still lack a basic firewall. For these organizations, Lee’s recommendation was not AI-driven detection or autonomous response. It was direct: “Just buy the firewall.”

The AI Logging Problem Nobody Is Talking About

When an audience member asked about logging AI systems, Rob T. Lee gave the most candid response of the session. AI logs, he argued, are fundamentally different from traditional application logs because they can contain deeply sensitive content that organizations have never had to manage at this scale: queries about drugs, conversations about suicide, private corporate strategy discussions, personal health information.

“When you look at AI logs, you get a little bit disturbed,” Lee said. “Are you comfortable with having that type of insight as a business? Are you violating privacy laws already enacted by the EU AI Act?”

His warning extended to liability: if a breach exposes an organization’s AI systems and there are no guardrails documented, regulators will ask where the logs are and who established the controls. The implication is that organizations deploying AI internally need to think about AI logging the way they think about data classification, not as a technical afterthought but as a governance requirement with legal exposure.

Joshua Wright built on this with the other side of the coin: the responsibility-of-care argument. Sensitive information is flowing into AI systems from vulnerable users, including children. At the same time, platforms like Meta have disabled end to end encryption for Instagram direct messages because law enforcement has no visibility into grooming and exploitation happening on those channels. “There are no easy answers to what we capture and how we capture it,” Wright said, “and what our responsibilities are to protect those that are vulnerable.”

A Free 720-Page Incident Response Book

Wright announced a major community resource: a comprehensive modern incident response book, 18 months in the making, that will be released for free under a Creative Commons license. At 720 pages, it covers practical incident response application across different attack types and industries, and is intended as a successor to Stephen Northcutt’s foundational IR work from 2001.

“Someone asked me, ‘Do you like writing?’” Wright said. “I say, ‘No, I like having written.’ That’s a different thing altogether. But I wrote this book because I kept seeing the same problems over and over again.”

The book will be available for download at no cost. Rob T. Lee framed it as part of a broader pattern of SANS giving back to the community: “SANS does so much more than training, we really focus so much on giving back to the community, from free resources to toolkits.”

Stress-Testing Protocol SIFT in Public

Heather Barnhart announced a hope to “murder board” Protocol SIFT, the AI-augmented forensics capability Rob T. Lee demonstrated during the keynote. The concept: put Lee behind a keyboard with forensic tool developers like Eric Zimmerman (whose tools are integrated into SIFT), tool builder Steve Sndon and Barnhart herself throwing adversarial scenarios at the system. The session will be recorded and released as a public webinar.

Barnhart, who has been vocal about the risks of irresponsible AI adoption in digital forensics, confirmed she believes Protocol SIFT will hold up: “I am a skeptic. I’m always skeptical on AI. I try to protect the craft, so I’m really cautious with it. But I do think this will work.”

Lee provided additional logistics on the Protocol SIFT hackathon launching April 15: $10,000 first prize, $7,500 second, $3,000 third, hosted on Devpost with Discord for team-matching. He’s actively recruiting judges from the community, with a specific call for skeptics: “If you’re a skeptic, I want you to ask hard questions. Come up to me and say, ‘I would love to be a judge.’” The goal is to emerge from the 60-day hackathon with two to three installable packages the community can choose from.

Supply Chain Proof in Real Time

Wright opened the session with a live example of the supply chain threat he presented the day before: a malicious Python package for AI service provider LiteLLM, mimicking a legitimate AI provider library, that executes code automatically on install without even importing the module. Just starting Python triggers the payload. “We’re seeing this as an impending threat,” Wright said, “and these two areas, AI zero days and supply chain, really are pushing each other.”

He also gave the clearest articulation yet of what organizations should do about it: extend zero-trust principles to every layer of the supply chain, demand vendor attestation for all third-party dependencies, and revisit incident response processes to iterate on scope with every new indicator rather than following a linear preparation-through-recovery path that hasn’t fundamentally changed since 1990.

The Vulnerability Apocalypse Is Closer Than Post-Quantum

Skoudis closed with a framing that stuck: organizations are investing heavily in post-quantum cryptography readiness for a threat that may be 2, 5, or 15 years away, while the AI-driven vulnerability surge is happening right now and organizations are not ready for it either. The federal government’s 2030 deadline for post-quantum readiness is getting attention. The vulnerability wave that’s already breaking is not.

Wright reinforced the point: NIST is underfunded and falling behind on CVE enrichment, with the National Vulnerability Database unable to keep pace with the current volume. “If we don’t continue to invest in that resource, it will be taken over by somebody else, and I don’t think that’s in anyone’s best interest.”

The deep dive surfaced what a six-minute keynote slot can’t: the specific numbers, the case studies with outcomes, the candid admissions about what the experts themselves don’t yet understand. If the keynote was the warning, this was the working session. The problems are the same. The detail is what makes them actionable.

The SANS Top 5 Most Dangerous New Attack Techniques deep dive session took place at RSAC 2026 on Wednesday, March 25, 2026. The Digital Forensics & AI and Incident Response & AI frameworks referenced by Heather Barnhart have been released as community resources.

The Protocol SIFT hackathon, Find Evil, launches April 15.