SANS Institute

Sources: SANS Institute (homepage) · GIAC certifications · SIFT Workstation

Information-security training and certification organisation; operates GIAC certifications and maintains the SIFT Workstation for digital-forensics and incident-response work. Rob T. Lee (Chief AI Officer; Chief of Research) presented SIFT — FIND EVIL!! I Gave Claude Code R00t on the DFIR SIFT Workstation at the Unprompted Conference (March 2026).

The talk, branded Protocol SIFT, pairs the SIFT toolchain with Claude Code over MCP and cites the Anthropic GTG-1002 report — which assesses that the AI executed 80–90% of tactical operations independently — as the threat baseline that justifies defender-side automation.

Strategic Briefing Co-Authorship

See also