Black Hat USA 2025 | AI Agents for Offsec with Zero False Positives

Brendan Dolan‑Gavitt opened his Black Hat USA 2025 talk by warning that the promise of AI‑driven offensive security is haunted by a spectre of false positives. Drawing on his decade‑long experience in software security and recent work on GitHub Copilot, he highlighted how chat‑based models routinely flag benign code as vulnerable, flooding bug‑bounty platforms with spurious reports. He explained the statistical root of the problem with a classic base‑rate fallacy example: even a 99% accurate test can be misleading when true vulnerabilities are rare among millions of code lines. AI models, trained to be helpful, often over‑interpret minor anomalies—such as quoting errors or network latency—as exploitable flaws, leading to a flood of convincing yet bogus findings. To combat this, Dolan‑Gavitt advocated deterministic validation techniques. He demonstrated how planting unguessable canary strings (CTF‑style flags) in Docker containers, file systems, or databases provides concrete evidence when an AI agent truly exploits a vulnerability. He also described using evidence‑based proofs—like captured tokens—to force models to prove their claims, turning the vulnerability hunt into a capture‑the‑flag challenge with a guaranteed solution. The broader implication is clear: while future AI agents may eventually self‑verify, today’s security teams must augment language models with deterministic tools and automated canary deployment to keep false‑positive rates low, protect bounty program integrity, and scale reliable offensive testing across open‑source ecosystems.