| ▲ | tptacek 2 days ago | |||||||
I have no stake in this market, but: human-in-the-loop AI-mediated pentesting will absolutely slaughter billable hours for offensive security talent. Hell, if Fortify and Burp Scanner were actually good, you wouldn't even need the last few years of LLM advancement to accomplish that; the problem is that current automation is not very good. LLM-augmented automation happens, as a weird quirk of fate, to be almost laser-guided at the weaknesses of that technology. | ||||||||
| ▲ | big_youth 2 days ago | parent | next [-] | |||||||
That markets been slaughtered for a while. Pretty much every big tech company has built up strong internal security teams and automated as much as possible. Look up what happened to NCC Group post Matasano acquisitions, I joined within a year of the isec/matasano/intrepedus acquisitions and saw a slow ride down. After 5 years the rate was still $2500 a day and everyone with real talent left to internal teams for much much higher pay. NCC Group is now a scan shop operating out of the phillipines, I still have one friend that works there from the isec days! The exception being some leet places like Trail-Of-Bits. | ||||||||
| ||||||||
| ▲ | Sytten 2 days ago | parent | prev [-] | |||||||
Yes and no, it will kill the "I ran a nessus scanner and charged you 8k for it" kind of pentests but not the core of the service market IMO. Pentesters will be more efficient so I guess this could be considered a slash in hourly rate if they kept the same pace. LLM are good at getting signals but actual hacking it is still meh. Juniors will have a hard time that I agree. The current level of findings of LLM is at their level. | ||||||||
| ||||||||