Paul's Security Weekly (Audio) AI Vulnerability Hunting - PSW #913
6 snips
Feb 12, 2026 They dig into AI-powered vulnerability scanning and the risks of prompt and agent injection. Discussion covers Claude Opus 4.6 finding zero-days and whether AI can replace human pentesting. Lots of home-lab talk: cheap hardware, MITM gateways, firmware research, and self-hosted backups. Also explored are exposed IoT instances, Shelly garage-door Wi‑Fi flaws, Arista command injection, and DKnife edge implants.
AI Snips
Chapters
Transcript
Episode notes
OpenClaw Instances Left Exposed
- Josh pointed to dclawed.io showing 157,000 exposed OpenClaw instances being discovered and mapped in real time.
- Paul warned that attackers could already be weaponizing them into botnets or free LLM compute farms.
Cheap Homelabs Scale Learning
- Build a homelab with small-form-factor used machines (e.g., Lenovo 720q) for under $1k to learn virtualization and infra.
- Cluster multiple inexpensive nodes with Proxmox or KVM to practice containers, AD, and networking affordably.
Use An Adversary-in-the-Middle Gateway
- Create an adversary-in-the-middle gateway in your lab to monitor IoT and firmware traffic and control DNS/DHCP for testing.
- Route vulnerable devices through that gateway to observe calls, block internet, and analyze behavior safely.