Risky Business Soap Box: Red teaming AI systems with SpecterOps
7 snips
Mar 27, 2026 Russel Van Tuyl, VP of Services at SpecterOps and red teaming expert behind BloodHound, discusses AI red teaming and testing whole systems. He covers chatbots, RAG integrations, prompt injection risks, non-determinism and logging, explosion of machine identities, AI agents breaking least privilege, and using attack-path tooling across hybrid stacks.
AI Snips
Chapters
Transcript
Episode notes
Test AI As A System Not Just A Model
- AI red teaming must cover both model safety tests and the broader system of systems that use AI, like web apps, databases, and RAG databases.
- Russel Van Tuyl emphasizes most orgs call OpenAI/Anthropic rather than build models, so test integrations not just models.
Chatbots Are The Primary Enterprise AI Risk
- Chatbots are the dominant AI interface in enterprises and frequently connect to internal systems or RAG databases.
- That makes the chatbot token and its integrations a primary pivot for attackers.
Upskill Teams On Prompt Injection And Non-Determinism
- Do upskill offensive security teams on prompt injection and probabilistic AI behavior before running assessments.
- Russel says prompt injection is the main novel attack surface and testers must log many inputs/outputs due to non-determinism.