AI language models have become one of the most useful tools in a security professional’s toolkit — not because they hack things for you, but because they massively accelerate the cognitive work: understanding unfamiliar code, researching CVEs, writing reports, and thinking through attack chains.
This guide covers practical, legal use cases for AI in ethical hacking — all techniques applicable to systems you own or have written permission to test.
What AI Can (and Can’t) Do for Security Work
AI excels at:
- Explaining unfamiliar code, protocols, and concepts
- Researching CVEs, MITRE ATT&CK techniques, and defensive measures
- Drafting vulnerability reports and executive summaries
- Reviewing your own code for security flaws
- Helping you understand CTF challenges and hint at approaches
- Generating and explaining regex, XPath, SQL, and other query patterns
AI struggles with:
- Real-time exploitation (it doesn’t have network access or execute code)
- Novel zero-day discovery (it knows what it was trained on)
- Anything requiring live interaction with a target system
Think of AI as an extremely knowledgeable colleague who can explain anything but can’t touch the keyboard for you.
Recon and Research Prompts
CVE and Vulnerability Research
Explain CVE-2024-XXXX in detail. What systems are affected, what is the attack vector,
and what defensive mitigations exist? Include the CVSS score breakdown.I found Apache 2.4.49 running on a target (authorised assessment).
What known vulnerabilities affect this version and what are the most critical?Understanding Network Services
I'm doing a CTF challenge. The nmap output shows:
[paste nmap output]
What services are running, which are most likely to be the attack surface,
and what enumeration steps should I take for each?Explain what LDAP null binding is, why it's a misconfiguration,
and how an attacker might enumerate users with it.OSINT and Attack Surface Analysis
I'm conducting an authorised external penetration test. Given the domain example.com,
what passive recon techniques should I use to map the attack surface without
touching the target directly?Code Review and Malware Analysis
This is where AI genuinely shines. Paste in code and get instant analysis.
PHP Security Review
Review this PHP code for security vulnerabilities. Identify SQL injection,
XSS, file upload issues, or authentication bypasses. Explain each finding
with the affected line numbers and suggest remediation:
[paste code]Reverse Engineering Help
I captured this obfuscated JavaScript from a suspicious page.
Deobfuscate it and explain what it does step by step:
[paste JS]Analysing Shell Scripts
Explain this bash script line by line. Does it do anything malicious
or unexpected? What persistence mechanisms does it use?
[paste script]Understanding Assembly
Explain this x86-64 assembly function. What does it do,
what calling convention does it use, and are there any obvious vulnerabilities?
[paste asm]CTF Challenge Solving
AI is outstanding for CTF work — it can hint at approaches, explain cryptographic concepts, and help you think through steg challenges without spoiling the whole flag.
Getting Oriented
I'm working on a CTF challenge. I have a PCAP file and can see TLS-encrypted traffic
between what appears to be a custom protocol. I have the server's private key.
What approach should I take to decrypt the traffic in Wireshark?Cryptography Challenges
I have a ciphertext that was encrypted with what looks like a substitution cipher.
The frequency analysis shows [distribution]. What cipher family is this likely from
and what automated tools or techniques should I try first?Web Challenges
This web app seems to use JWT for auth. The token header shows algorithm: HS256.
What JWT attacks should I try and what tools would I use to test them?Steganography
I have a PNG file in a CTF challenge. I've tried basic steg tools but found nothing.
What less obvious steganographic techniques should I investigate,
and what tools cover each?Vulnerability Report Writing
This is one of the highest-value AI use cases for security professionals. Writing clear, professional reports is time-consuming — AI can draft these quickly from your technical notes.
Generating a Finding Write-Up
Write a professional penetration test finding for the following vulnerability:
Vulnerability: SQL Injection in login form
Affected URL: /auth/login (POST parameter: username)
Impact: Full database read access, potential for remote code execution via xp_cmdshell
Evidence: Successfully extracted password hashes using sqlmap
Use standard pen test report format: Title, Severity (CVSS 9.1 / Critical),
Description, Technical Details, Business Impact, and Remediation steps.Executive Summary
I've completed an internal penetration test and found these issues:
- 3 Critical: SQL injection, default credentials on admin panel, unpatched SMBGhost
- 5 High: Outdated TLS versions, open redirect, missing security headers
- 8 Medium: [list]
Write a 300-word executive summary for a non-technical C-suite audience
that conveys risk without using jargon.Learning and Certification Prep
Concept Explanation
Explain Pass-the-Hash attacks as if I understand networking basics but am new to
Active Directory attacks. Include: what makes it possible, the attack steps,
defensive mitigations, and what MITRE ATT&CK technique it maps to.Lab Scenario Design
I'm building a home lab to practice Active Directory attacks.
Design a realistic small enterprise network scenario with:
- 1 Windows Server 2022 DC
- 3 Windows 11 workstations
- Intentional misconfigurations to practice: Kerberoasting, AS-REP roasting,
and DCSync attacks
Give me the PowerShell commands to configure the misconfigurations safely in my lab.OSCP/PNPT Prep
I'm preparing for OSCP. Explain the typical privilege escalation methodology
on a Linux target: what information to collect first, what automated tools exist,
and what common misconfigurations to look for.Using Local LLMs for Sensitive Work
If you’re working with real client data — actual logs, source code from a paid engagement, or proprietary system information — never send it to a cloud API. Use a local model instead.
# Analyse auth logs locally (never send client logs to cloud)
cat client_auth.log | ollama run llama3.2 "Identify suspicious login patterns,
failed authentication attempts, and potential credential stuffing in these logs"
# Review client source code privately
cat webapp/src/auth.php | ollama run codellama "Security review this authentication
code and identify any vulnerabilities"This keeps client data confidential and keeps you compliant with most NDAs and data protection regulations.
Prompt Engineering Tips for Security Work
Be specific about context:
❌ “How do I exploit SQL injection?” ✅ “I found a second-order SQL injection in a PHP app using MySQL. The payload is stored in a profile field and executed when an admin views the user list. How do I confirm the injection is blind or error-based, and what sqlmap flags are appropriate?”
Provide relevant output: Paste actual nmap output, error messages, or code snippets. AI models reason much better with real data than abstract descriptions.
Ask for methodology, not just answers:
“Walk me through your methodology for testing this endpoint, step by step, rather than giving me a single answer”
Chain prompts: Break complex problems into steps. Ask the model to explain the vulnerability first, then ask for testing steps, then ask for remediation.
Use system prompts with local models:
ollama run llama3.2 --system "You are an expert penetration tester.
Respond with technically precise, actionable information.
Assume the user has written permission to test all systems discussed."Ethical and Legal Reminder
Everything in this guide assumes you are working on:
- Systems you own
- Systems you have explicit written authorisation to test (signed scope document, rules of engagement)
- CTF platforms designed for learning
Using these techniques against systems without authorisation is illegal in virtually every jurisdiction and causes real harm. The same AI that helps you learn security concepts will also help law enforcement understand what you did.
Stay in scope. Document your authorisation. Test legally.
Conclusion
AI won’t make you a hacker overnight, but it will make you a faster, more effective one when used correctly. The biggest wins are in the unglamorous parts of security work: understanding unfamiliar systems quickly, writing reports that actually get read, and learning concepts that used to take hours of textbook reading.
Combine cloud AI (ChatGPT, Claude) for learning and public research, and local models (Ollama) for anything involving sensitive client data. Together they cover every stage of a professional security engagement.