BSides Knoxville 2026

Who is this talk for?
Security folks, tool builders, and tinkerers who are using (or thinking about using) AI in their workflows—and have already noticed it can be equal parts genius and nonsense.


Problem Statement
LLMs are being dropped into security tooling everywhere—writing scripts, reviewing findings, generating reports, even helping with exploitation. The problem is, they don’t actually know anything. They predict what sounds right.

And sometimes what sounds right… ain’t right.

The real danger isn’t obvious failure. It’s when the output looks clean, reads well, and passes a quick glance—but is fundamentally wrong in a way that can waste time, introduce risk, or quietly break your workflow.

This talk takes a practical, slightly hillbilly approach: trust your tools, but verify everything they do.


Key Takeaways
AI will be wrong; and it will be confident about it
“Looks right” is one of the most dangerous failure modes in security
You need deterministic validation, not vibes
Treat AI like a junior: useful, fast, but needs supervision
A little hillbilly common sense; “that don’t smell right” is still one of your best defenses