Loading…
← Back to schedule
Teaching AI to Analyze Malware: How to Encode Practitioner Expertise into an MCP Server
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
AI agents can reason about suspicious files, plan multi-step investigations, and write custom deobfuscation code when standard tools fall short. But generic models produce shallow, unreliable results because they lack practitioner knowledge about which tools to use and when, and access to the tools themselves.
Without domain expertise, an AI agent doesn't know that, for example, capa exit codes follow non-standard conventions, that YARA match counts require context to interpret, or that GetProcAddress appears in virtually every Windows program and is not inherently suspicious. Without tool access, it can only comment on malware but cannot investigate it.
This talk walks through my experience of building an open source MCP server, a standardized interface that connects AI agents to external tools, that bridges both gaps simultaneously. The server connects AI agents to my open source REMnux malware analysis toolkit, encoding practitioner knowledge into tool workflow sequencing and output interpretation. The server runs analysis at three depth levels, and manages context budgets when tool output exceeds approximately reasonable values by automatically switching to summary mode while preserving key findings.
The server also counteracts confirmation bias. Generic AI agents tend to label every API call as suspicious and every string as an indicator of compromise. The server's neutral framing prompts agents to consider benign explanations before concluding malicious intent. This is a critical safeguard when the AI chains dozens of tool calls without human review at each step.
Against real-world samples, the resulting system completed full investigations in about 10 minutes with 25-30 automated tool calls. In one case during my experimentation, the AI agent wrote custom Python to reconstruct a PE from file fragments. In another, it reverse-engineered a proprietary archive format and adapted when initial analysis approaches failed.
The talk covers what worked, what failed, and what surprised me. It addresses the security model required when AI agents have tool access, including prompt injection risks from malicious content in analyzed samples, container isolation as the primary security boundary, and data flow considerations.
Attendees leave with a reproducible pattern for encoding domain expertise into MCP servers, applicable to incident response, cloud forensics, network analysis, or any domain with specialized tools and practitioner workflows.
Speakers
avatar for Lenny Zeltser

Lenny Zeltser

Faculty Fellow, SANS Institute
Lenny Zeltser is a cybersecurity executive with deep technical roots, product management experience, and a business mindset. He has built security products and programs from early stage to enterprise scale. He is also a Faculty Fellow at SANS Institute and the creator of REMnux, a... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link