AI Configures Vulnerabilities for You

Claude, Anthropic’s large language model, is being used to automate the configuration of vulnerable instances across a range of security appliances—SonicWall, Fortinet, F5, Citrix—so analysts can focus on testing rather than manual setup. The speaker demonstrates asking Claude to “enable” a newly disclosed CVE, receiving a set of CLI commands, and then iterating with the model to resolve licensing and reboot requirements before the vulnerable feature is live in the lab.

The interaction highlights two practical insights: AI can supply near‑ready configuration snippets, cutting the time needed to become an expert on each vendor’s platform; however, the output is not plug‑and‑play and still demands human verification, web research, and proper licensing, as illustrated by the need for a trial license on the F5 device.

A memorable moment occurs when Claude responds, “Ooh, Paul, we have this in the lab. We can configure this to be vulnerable,” prompting the analyst to say, “Make it so.” The model’s enthusiasm is paired with concrete results, and the analyst notes that the associated IOCs were published by F5, allowing realistic detection testing.

For security teams, this workflow promises faster, more scalable vulnerability labs, enabling rapid proof‑of‑concept exploits and detection rule validation. At the same time, reliance on AI‑generated configurations underscores the importance of rigorous validation to avoid misconfigurations that could skew test outcomes.