SIFT — FIND EVIL!! I Gave Claude Code R00t on the DFIR SIFT Workstation

A practitioner talk by Rob T. Lee (SANS Institute; Chief AI Officer and Chief of Research) at the Unprompted Conference (March 2026) on Protocol SIFT — wiring Claude Code into the SANS SIFT forensic workstation. Abstract plus the SANS blog post are the primary sources; slides and video are not yet captured.

The Argument

The SANS SIFT (SANS Investigative Forensic Toolkit) workstation bundles a large set of deterministic digital-forensics and incident-response utilities. Protocol SIFT connects Claude Code to those utilities over the Model Context Protocol so that an analyst states intent in natural language — “find evil” — and the agent sequences the underlying tools: timeline generation, memory analysis, malware sweeps, and triage across a disk image.

The framing is deliberately symmetrical. The same agentic-AI-over-MCP pattern that an attacker can point at a target, a defender can point at an investigation. SANS frames Protocol SIFT as an experimental, community-driven research initiative: the deterministic utilities remain the sole source of analytical output, and the project is explicitly not forensically validated and not admissible in court.1

The talk anchors the threat side on Anthropic’s GTG-1002 report. Anthropic attributes that operation to a Chinese state-sponsored group detected in mid-September 2025 that manipulated Claude Code into an autonomous attack agent across roughly 30 targeted entities, and assesses that the AI executed approximately 80–90% of tactical operations independently, with humans in a supervisory role.2 Protocol SIFT is the defender’s answer to that same capability.

Where It Fits

This is direct evidence for the DFIR-automation capability in the Agentic SOC: State of the Field thesis: an agent orchestrating forensic tooling over MCP on a real workstation, not a lab demo. The GTG-1002 anchor also ties it to Frontier AI for Vulnerability Discovery and the broader autonomous-adversary narrative — the same agent architecture cuts both ways.

Notes

Footnotes

  1. SANS, “Protocol SIFT: An Experimental Research Initiative for AI-Assisted DFIR.” sans.org/blog/protocol-sift-experimental-research-initiative-ai-assisted-dfir. The blog frames the project as experimental and states it is not forensically validated or court-admissible.

  2. Anthropic, “Disrupting the first reported AI-orchestrated cyber espionage campaign” (GTG-1002). The report states the AI “executed approximately 80 to 90 percent of all tactical work independently.” Report PDF: assets.anthropic.com/…/Disrupting-the-first-reported-AI-orchestrated-cyber-espionage-campaign.pdf; announcement: anthropic.com/news/disrupting-AI-espionage. The “GTG-1002” designation appears in the PDF, not the announcement page.