Loading…
← Back to schedule
AI-Assisted IR Without the Lies: A Browser Forensics Case Study
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Offensive security teams are deploying autonomous agents that chain vulnerabilities end to end without human intervention. Vulnerability researchers are using LLMs to discover and exploit zero-days at a pace no human team can match. AI is already on both sides of the fight, and the gap between organizations that harness it and those that do not is widening fast.
Incident responders have largely held back, and for a good reason.
In IR, a hallucination is not a minor inconvenience. A fabricated timeline entry, a missed lateral movement path, or a confidently wrong attribution can mean a backdoor stays in the network, exfiltrated data goes unaccounted for, or an organization remediates a fiction while the real compromise remains intact. The stakes are not just technical. IR findings increasingly inform legal proceedings, regulatory responses, and executive decisions. Forensic evidence analyzed by a system that invents facts has no place in that chain.
And yet: if AI can genuinely accelerate triage and scope analysis, the organizations we respond for recover faster. That matters.
In the past months, we have been solving the precision problem rather than avoiding it. We started with one concrete use case: browser forensics. Using a combination of skills and agents, we built a pipeline that accelerates artifact triage and timeline reconstruction on real engagements.
The pipeline fetches browser history directly from the endpoint regardless of OS, parses artifacts across Chrome and Edge, and searches for relevant entries based on the suspicious activity that prompted the investigation, whether that is a domain, a time window, or a combination of both. What previously required an analyst to manually locate, extract, and cross-reference browser databases is now scoped and surfaced automatically, with the agent linking findings back to the original investigation context.
In this talk, we walk through exactly how we built it, how we validated the outputs, where the model failed, and what we put in place to catch it. We will also share what we learned and how we plan to apply those lessons to other elements of IR going forward.
Attendees will leave with a clear picture of how to structure a skills and agents pipeline for forensic analysis, the specific validation techniques we used to constrain hallucinations, and a realistic sense of where AI-assisted IR is ready for production and where it is not.
Speakers
avatar for Kyle Henson

Kyle Henson

Security Engineering Team Leader, Daylight Security
Kyle is an incident response leader with more than seven years of experience in DFIR and threat intelligence. He is currently a Security Engineering Team Lead at Daylight, where he builds agentic security services such as MDR, threat hunting, and incident response that combine automated... Read More →
avatar for Aaron Hau

Aaron Hau

Security Engineering Team Leader, Daylight Security
Aaron is a security researcher with more than five years of experience across various aspects of Cybersecurity including Incident Response, Red Teaming and Security Research. He is currently a Security Engineering Team Lead at Daylight, where he builds agentic security services such... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link