SANS Institute

Information-security training and certification organisation; operates GIAC certifications and maintains the SIFT Workstation for digital-forensics and incident-response work. In the context of this wiki, SANS appears via Rob T. Lee (CAIO; Chief of Research) at [[unprompted-conference-march-2026|[un]prompted March 2026]] — “SIFT — FIND EVIL!! I Gave Claude Code R00t on the DFIR SIFT Workstation” (Day 1 / Stage 2 / 11:10).

The talk pairs SANS’s SIFT toolchain with Claude Code via MCP, and cites the Anthropic GTG-1002 report — adversaries running Claude Code at 80–90% autonomous execution — as the threat-environment baseline justifying defender-side automation. 40+ hours of testing, “SIFT!! Find Evil!” demo.

See also

• [[unprompted-conference-march-2026|[un]prompted March 2026]] — talk venue