AI-Powered Red Teaming: Keeping Pace with Our Adversaries | by Renae Kang | Oct, 2024

As the Adobe Red Team proactively helps strengthen the company’s overall security posture, we often find ourselves needing to develop new capabilities to emulate the growing number of increasingly complex adversarial attacks. Adversaries today are stepping up their attack work by using AI and we need to do the same to stay one step ahead.

Over the past year, we’ve been utilizing AI tools to assist us in scaling our activities effectively and efficiently, particularly as we develop capabilities for our Red Team operations. Using AI has allowed us to work smarter by building out new solutions more quickly — including malware, exploits, and our own custom C2 (Command and Control) systems — while enabling our team members to focus their valuable time on work where their unique expertise adds the most value. Conditions such as running processes and supported code languages can change dramatically between environments, and AI tools quickly provide working (or close-to-working) solutions that match the specific needs of the various situations we encounter.

In this blog, I will illustrate how we use AI in our Red Team operations to emulate adversaries more accurately in our efforts to stay ahead of their attacks.

Using AI to Beat AI-Enabled Attacks

As a Red Team, we must closely monitor the actions of real-world adversaries so we can align with their methods of attack. Our use of AI tooling factors into this knowledge and helps us in our efforts to stay ahead of these adversaries.

By rigorously testing the defenses of our own product teams with the help of AI, we aim to be better and faster at finding, exploiting, and subsequently defending the same targets that these adversaries are targeting. AI-fueled testing aids us in our mission to strengthen Adobe’s ability to withstand sophisticated attacks and protect our company and customer data.

AI Increases Red Team Efficiency

When we prepare and build prerequisite tools and artifacts for a specific test or measurement, we usually do it to support our operational objectives. Aside from delivering results to the company and helping guide security improvements, the Red Team produces much of its value when we conduct actual testing and generate traffic. The logs that result from these tests provide tangible progress towards our ongoing objectives. Freeing up cycles from the preparatory phases of a task enables Red Team engineers to invest more time and focus into executing crucial steps of our attack chains — the hands-on, keyboard functions — needed to reach objectives that directly correlate to Red Team recommendations.

AI also helps our engineers work smarter, not harder, by saving us dozens of hours of studying, learning, and practicing new coding languages during the first draft of tools and supplying code comments that explain the code’s functionality. Offering a low barrier to use, the Red Team then modifies and adjusts the tools to ensure they function the way we intended them to work.

The Adobe Red Team uses different AI tools to speed up our research and development in the following ways:

• Educating Our Operators: AI tools quickly summarize relevant blogs and articles to teach our operators about various adversaries and their objectives in a timely manner. For instance, after the release of an initial blog detailing an adversary’s recent actions, it’s common to see follow-up posts that provide additional insights and perspectives. AI enhances our ability to identify and digest these key insights and perspectives by gathering, synthesizing, and summarizing all relevant data, allowing our operators to analyze the information easily and probe deeper where needed.
• Building Tools: AI supports quicker and more efficient drafting of tools for different aspects of Red Team operations. This can include building scanning tools to use during reconnaissance, exploit tools to help us obtain initial access, and C2 modules to help us scale post-exploitation actions. Previously, having to review documentation and select the best function for a task slowed down our coding process. Now we can simply ask AI which built-in function to use or even have it write the function for us, which significantly speeds up development.
• Freeing Time and Resources: AI frees time for Red Team members to conduct more tests and reach our objectives quicker. For example, by reducing research time by 30 percent when analyzing adversary behavior, the Red Team can now repurpose that saved time to conduct an additional test. This increased efficiency enables us to yield more results in less time, while focusing on delivering our measurements rather than building capabilities, which ultimately drives greater impact across the company.

AI Enhances Red Team Efficiency

The Adobe Red Team has incorporated AI-generated tools into our operations, which allows us to spend more time executing and achieving effective results. With more time to invest in execution, we’re able to play out adversarial scenarios more realistically and generate traffic that more-closely resembles actual adversary behavior.

Spending less time on resource development also allows us to invest more in enhancing the quality of our presentations. We’ve been able to achieve this by gathering more feedback, reaching a broader range of stakeholders, and sharing security recommendations ahead of scheduled presentations so that relevant product and security teams arrive prepared with their own analysis and work already underway. These advances in communication and reporting have strengthened our influence across the company, driving further investment in security initiatives that help protect our customers.

More to Come

The benefits of integrating AI into Red Team operations are already evident. Our increased focus on execution and delivery of results has helped us improve the quality of both our testing and our reporting. Leveraging AI tools not only boosts our efficiency, but also enhances adaptability across diverse environments, while maintaining the relevance and impact of our efforts.

However, we’re only beginning to uncover the full potential of leveraging AI for Red Team success. As we continue to explore and integrate these tools into our operations, we anticipate even greater enhancements in effectiveness and innovation. Our AI journey is far from over and we’re looking forward to discovering new ways to drive further impact across the company.