The root cause of breaches is usually lack of insight into existing technology used by the organization that is being targeted. Computer security is a field where expertise matters and there is a huge gap in education and knowledge for cyber defenders.
If we walk through some of the most notable computer security incidents of the past: Experian, Target, Marriott Hotels, SolarWinds, MOVEit, Snowflake and even the recent Crowdstrike hiccup, it can be observed that a tiny oversight often leads to a big outcome like a data compromise. The tiny oversight is usually due to lack of insight or understanding of certain technical features. Organizations often can't afford to hire deeply technical talent to evaluate their systems and point out what's relevant for security. Penetration Testing is often only done annually to satisfy the compliance requirement and is expensive if done by qualified practitioners.
The education gap or lack of understanding of how existing systems work often lead to blind spot or a "weakness" that cyber-criminals are waiting for...
What can be done to address this Gap? Does everybody need to go through 4 years of computer science training to be on the same page with the technology that organizations have in place? Do you need to hire penetration testers more often to identify the technical gaps? It all sounds very time-consuming and expensive..
In certain cases, organizations have to deal with over-security for the same reason: lack of understanding of technicalities of existing systems. The standard solution today is MFA everything, set up off-site backups, put security agents on every device to prevent users from downloading malware, etc..
If you are technical enough you may discover that those security agents could be the cause, not protection from a disaster. They increase the attack surface for your org. Does it mean that you should not buy those products? No. It means that you should have insight into how exactly they work before using them.
Cyber-security is not going to the store and filling your shopping cart with products, it's about being careful of what products to pick and how to use them. It's about thinking about risk with every change, even when you are buying a security product.
The Promise of LLM Technology
Luckily, we have this new technology called LLMs. The multi-dimensional vector database of all the words in this world, is like a sponge that ingests all knowledge and stores it in the most concise and efficient form, you can ask it anything you want and it answers with examples and actionable insights.
This technology has been used by students to cheat on tests and represents a "threat" to education since many simply substitute their own cognitive ability with copying and pasting answers from the LLM. There is no doubt that when used improperly, technology can be harmful. But it can also be used to learn quicker than when reading a book or listening to a lecture, because it gives the user a real-time interactivity the student needs to truly understand the concept being learned.
Bridging the Knowledge Gap
Suppose you are an IT intern at an organization that employs a website with a file upload functionality that automatically unzips the contents of uploaded files. To a layman person, this feature doesn't represent risk, and no matter how many times you tried to explain it to your boss he simply doesn't get how it may represent risk. A hacker does. You may think it's risky but you are struggling to articulate why or how the risk exists. You lack the knowledge or education to produce a proper exploit to show your boss how it can be used maliciously, even though you are right.
What if you had a LLM-like tool that would produce such an exploit and then you could manually execute it after getting permission from your boss? That would close the technical gap and take care of the cause for a potential disaster essentially shielding your organization.
Speed and Efficiency
Another advantage of LLM technology is the sheer speed at which it can unravel tasks that typically erode a tester's schedule. Let's step back to our file-upload scenario: uncovering that the upload pipeline automatically unzips the contents of uploaded files isn't a two-click reveal: it demands patience, methodical probing, and a fair amount of creative hacking. If you have spent any time in the trenches you know that no two upload features are identical, different frameworks, MIME checks, storage back-ends, post-processing pipelines. Very often the quickest route to proper coverage is a tailor-made script that enumerates file-handling logic, probes extension filters, and automates upload variations. Crafting that harness by hand might burn half a day, longer if the workflow is unconventional. A security-oriented LLM tool, on the other hand, could turn a concise prompt into a fully documented tool in seconds. Instead of fighting with socket libraries and edge-case parsing you would be back to doing what matters, pushing the application, interpreting its inner workings, and letting the intern uncover the dangerous auto-unzipping behavior.
That time savings has a second, equally valuable, ripple effect on defensive operations. Staying ahead of the threat curve means tracking freshly disclosed CVEs, understanding how they affect your tech stack, and replicating exploit conditions before an adversary does. Traditionally this requires combing through mailing lists, NVD entries, vendor advisories and proof-of-concept repos, a ritual that can swallow hours every week. A security-based LLM would handle the heavy lifting: it could ingest public advisories as they land, distill the impact to a specific product version, and even outline reproduction steps or compensating controls. Instead of wading through dozens of browser tabs you would receive an instant, curated briefing that targets the exact middleware or library you deployed. The result is obvious, more time spent hardening, less time sorting signal from noise.
Advanced OSINT Capabilities
Taking a step further, imagine launching a full OSINT sweep with a single prompt, "Check example.domain.com." In seconds you would receive a neatly parsed inventory of open ports, service banners, and low-hanging exposures, all without juggling Nmap, WHOIS lookups, and a half-dozen browser tabs. Need to dig deeper? You could fire off "Search mentions for [word] on the dark web" to surface chatter on hidden forums, or "Find emails associated with domain.com" to gather public addresses ripe for phishing-resilience tests. What once demanded a cocktail of tools and an entire afternoon of copy-pasting could be distilled into a brief conversation that would let you pivot instantly from reconnaissance to hands-on exploitation.
Addressing the Concerns
What are some negative effects of such a tool to be available to the public? Obviously cyber-criminals can also use it to learn and exploit systems without authorization faster. It speeds things up for both the good cause and the bad cause. Technology and knowledge itself don't affect the decision to do good or bad. It's just means to achieving a certain goal.
The self-feeding Ransomware problem exists for the same reason: skill gap. A few highly skilled pros are taking advantage of companies who largely employ low-skilled technical labor. What if everybody had the same skill level? This problem would cease to exist.
This is why we created HackerGPT.