SANS Institute
Sources: SANS Institute (homepage) · GIAC certifications · SIFT Workstation
Information-security training and certification organisation; operates GIAC certifications and maintains the SIFT Workstation for digital-forensics and incident-response work. Rob T. Lee (Chief AI Officer; Chief of Research) presented SIFT — FIND EVIL!! I Gave Claude Code R00t on the DFIR SIFT Workstation at the Unprompted Conference (March 2026).
The talk, branded Protocol SIFT, pairs the SIFT toolchain with Claude Code over MCP and cites the Anthropic GTG-1002 report — which assesses that the AI executed 80–90% of tactical operations independently — as the threat baseline that justifies defender-side automation.
Strategic Briefing Co-Authorship
- *The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program* (v1.0, 2026-04-12) — co-published with Cloud Security Alliance, Unprompted, and OWASP Gen AI Security Project. Robert T. Lee (SANS Chief AI Officer + Chief of Research) is one of three lead authors; James Lyne (CEO, SANS) is a contributing author.
See also
- Unprompted March 2026 — talk venue
- Mythos-ready Security Program (Playbook) — operational instrument from the briefing