Where every claim in SecProve
comes from.

Conference presentations covering novel attack techniques and defensive research. Essential for cutting-edge offensive/defensive questions. AI Village talks particularly relevant for Pillars B and C.

The most comprehensive open-source guide for web application security testing. Covers testing methodology, tools, and techniques.

Evaluates model capabilities for autonomous cyber operations at each AI Safety Level (ASL). Defines thresholds where AI capability in offensive security requires additional safeguards. Key reference for responsible AI in offensive security.

Research on using AI for penetration testing automation: reconnaissance, vulnerability discovery, exploit generation. Practitioner perspective on what's practical vs. theoretical.

Law enforcement perspective on how LLMs enable cybercrime (phishing, malware, social engineering) and how AI assists threat intelligence and investigation.

MITRE's automated adversary emulation platform. Runs pre-defined or custom attack sequences to test defenses.

Web-based tool for annotating and exploring the ATT&CK matrix. Useful for threat modeling, gap analysis, and red team planning.

Detailed testing techniques for identifying web vulnerabilities. Practical, hands-on approach to security assessment.

Comprehensive standard for penetration testing methodology. Covers intelligence gathering, threat modeling, vulnerability analysis, exploitation, and reporting.

Library of tests mapped to the MITRE ATT&CK framework. Small, portable detection tests for validating security controls.

Demonstrated GPT-4 exploiting real-world web vulnerabilities autonomously. 73% success rate on day-one CVEs. Key reference for questions about AI-augmented offensive capabilities and the asymmetry debate.

Analysis of how LLMs can be used for offensive security tasks and the implications for defensive guardrails. Covers the dual-use nature of security LLMs.