Three Buddy Problem Live from Black Hat: Brandon Dixon parses the AI security hype
6 snips
Aug 7, 2025 Brandon Dixon, a veteran in the threat intelligence community and former Microsoft employee, dives into the intersection of AI and cybersecurity. He discusses Google's Big Sleep project and the potential of AI in code analysis and automation. The conversation critiques modern software development inefficiencies and the impact of corporate acquisitions on cybersecurity tools. Dixon emphasizes the need for collaboration between tech giants and the community while exploring the future of SOC automation and geopolitical issues affecting AI technologies.
AI Snips
Chapters
Transcript
Episode notes
Agentic AI Hunting Open-Source Bugs
- Brandon views Google's Big Sleep as an agentic system fuzzing open-source models and running exploits in containers.
- He thinks it amplifies creativity of generative AI to surface vulnerabilities across dependencies.
AI Eases Analysts’ Mundane Work
- AI is overhyped but maturing fast and can automate many tedious security tasks analysts dislike.
- Brandon expects single-prompt solutions to scale analysts' productivity and improve hygiene.
Fix DevOps First, Then Add AI
- Prioritize instrumented CI/CD and automation before AI transformation to gain real benefit.
- Treat AI as layered on top of solid DevOps practices, not a shortcut around them.