About
Jackson Reed is the founder of Barding Defense and a member of BT6, a top AI red team that frontier labs engage for pre-release security testing of models and products. He spent four years rebuilding and leading Target's red team and before that built and led a Department of Defense red team through NSA certification. He spends his time at the intersection of AI and offensive operations, and writes about cybersecurity and AI at twelvetables.blog.
Sessions
The Skill Wave: The AI threat we aren't preparing for
What you will learn:
-Current AI adoption by both criminals and defensive vendors is accelerating the existing speed/scale threat, not signaling where the threat is heading. The genuinely new risk is the skill wave: cheap stealth, patience, and adaptive tradecraft available to financially-motivated actors for the first time. -"Penetration depth" determines who gets hit by which wave; shallow organizations get savaged by speed and scale, while deep organizations are protected only as long as traversing depth requires expensive human skill, a condition AI is rapidly eliminating. -AI-augmented attackers won't need domain admin. DA is a shortcut that lets shallow attackers achieve impact despite limited depth, but attackers operating at depth won't route through the security bottlenecks we've built around high-criticality accounts. Metrics like "domain admin in n seconds" assume a shallow attack model where DA equals impact, and as AI makes depth cheap to traverse, benchmarks built around positional speed become dangerously misleading. -Speed, scale, and skill are reinforcing dimensions (scale creates emergent skill through cross-target intelligence, skill enables sustainable scale by preventing eviction) and their interactions will generate novel payout models that don't exist in our current threat taxonomy, just as ransomware emerged unpredictably when its enabling conditions converged.