SEC536: Adversarial AI - Penetration Testing AI Systems


Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsKey findings:
The paper argues that threat hunting is not a single state but a progression tied to an organization's broader security maturity. Prevention tools alone cannot stop focused human adversaries, so the paper frames hunting as a necessary complement: a proactive, hypothesis-driven search for intrusions already underway, rather than a reactive wait for alerts. Its central point is that hunting effectiveness scales with investment in data collection, analytical tooling and skilled, empowered analysts. This is a conceptual whitepaper rather than a data survey; it draws on established industry frameworks (the Hunting Maturity Model, the Sliding Scale of Cyber Security, the Cyber Kill Chain, the Diamond Model of Intrusion Analysis) rather than primary survey data, and is written by two named SANS-affiliated authors.


Rob T. Lee is Chief AI Officer and Chief of Research at SANS Institute, where he leads research, mentors faculty, and helps cybersecurity teams and executive leaders prepare for AI and emerging threats.
Learn more

SANS Fellow and Dragos CEO Robert M. Lee, author of ICS515 and FOR578 and co-author of ICS310, teaches from landmark industrial cyber investigations, turning real adversary tradecraft into visibility, detection, and response skills in OT.
Learn more