Cloning Attacker Tradecraft: Why AI Pentesting is Becoming Essential – Ido Geffen – RSAC26 #1

This episode is sponsored by
Full Segment Notes
Key Moments
  • 0:00 - RSAC 2026 Interview – AI Pen Testing with Novee Security
  • 0:22 - What is Novee Security? AI Vulnerability Scanning Explained
  • 0:50 - Can AI Prevent Exploits Before Hackers Strike?
  • 01:29 - Nation-State Expertise Behind AI Security Tools
  • 02:00 - Custom AI Models vs Open Source LLMs in Cybersecurity
  • 02:25 - Training AI to Detect Vulnerabilities at Scale
  • 03:28 - Building the “Novee Gym” Cyber Range for AI Training
  • 04:07 - What Are Business Logic Vulnerabilities?
  • 04:31 - Real Example: Payroll Data Access Security Risks
  • 05:19 - Customizing Security by Company & Application Logic
  • 06:23 - Avoiding False Positives in Vulnerability Scanning
  • 07:37 - AI Exploitability Scanning vs Traditional Pen Testing
  • 08:40 - How AI Finds & Validates Exploitable Vulnerabilities
  • 09:20 - Automated Remediation & Security Fix Recommendations
  • 10:24 - Personalized Defense Based on WAF & Infrastructure
  • 11:07 - Continuous Security Testing for Modern Applications
  • 13:08 - Why AI Pen Testing is Better Than Basic Vulnerability Scans
  • 13:48 - Testing Custom Apps, APIs & AI Systems (Prompt Injection)
  • 15:09 - AI Pen Testing Announcement at RSAC 2026
Guest
CEO and Co-founder at Novee Security

Ido Geffen is the CEO and co-founder of Novee, the leader in AI-powered penetration testing. He brings over 20 years of experience across offensive and defensive cybersecurity, including nation-scale operations, vulnerability exploitation, and defense.

Through his work on national defense, he and fellow Novee co-founders Gon Chalamish and Omer Ninburg saw enterprises facing an impossible challenge: deploying code continuously while testing security only quarterly, even as attackers operate 24/7 with AI-powered tools. They founded Novee in May 2025 to clone their combined expertise into an agent that runs continuously, finding zero-days, business logic flaws, and complex attack chains that traditional tools miss.

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

You can skip this ad in 5 seconds