Skip to main content

Search

Request Info Apply Now

Undergraduate Certificates
Begin or advance your cybersecurity career at any age with our hands-on certificate programs.
Bachelors Degree
Transfer your credits to SANS.edu and become one of the most job-ready candidates in cybersecurity.
Graduate Certificates
Gain job-specific skills in highly technical certificate programs designed for working professionals.
Master’s Degree
Take your InfoSec career to the highest levels—developing both hands-on technical skills and the ability to lead.
Single Courses
Start with a course, advance to a cybersecurity certificate or degree
All Academic Programs
Explore hands-on undergraduate and graduate programs for every stage of your cybersecurity career.

Featured Program

Hands typing on a laptop

Applied Cybersecurity Certificate (ACS)

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

Why SANS.edu?
How To Apply
Tuition & Funding

Join us for a free online info session to learn more.

Resources for Veterans

Learn how to get the most from your Veterans Education Benefits.

Women in Cybersecurity

Empowering women to thrive in cybersecurity.

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

Research Overview
Learn how SANS.edu research is strengthening the field of cybersecurity.
Cybersecurity Research Papers
Explore real-world solutions to pressing issues across AI, cloud security, digital forensics and more.
Internet Storm Center
Discover the world's largest global cyber threat detection network.

Featured Research

Research Review Journal 2026

Explore the latest research from SANS.edu graduate students—professionals on the front lines of cybersecurity—tackling today’s toughest threats across AI, cloud security, digital forensics, zero trust, malware detection, and more.

Download the Journal

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

About Us
Students
Alumni
- Alumni Resources Alumni Resources
- Alumni Outcomes Report Alumni Outcomes Report

Launch Your Cyber Career

Let SANS.edu guide you on a proven path to success.

Sentinels Referral Program

Get recognized for your impact on the SANS.edu community.

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

Search

Request Info Apply Now

Cyber Research Papers
/Shining a Light on AI: Ensuring Vendor Transparency in Data Sourcing and Delivery

Cyber Research Papers

Shining a Light on AI: Ensuring Vendor Transparency in Data Sourcing and Delivery

Amidst the proliferation of AI solutions, the focus lies in evaluating transparency, undisclosed system modifications, and data exfiltration within the privacy policies of vendors providing desktop applications, browser plug-ins, and browser-only AI solutions.

SANS_Shining_a_Light_on_AI_Ensuring_Vendor Transparency in Data Sourcing and Delivery - Publ (PDF, 0.93MB)

29 Jan 2024

ByBrian P. Mohr

Share

All papers are copyrighted

No re-posting of papers is permitted

Related Content

2026 SANS SOC Survey Insights: A Decade of Evolution in Cyber Defense

SANS 2026 SOC Survey findings that dive into: where SOCs are investing, where they are struggling, and where the gap between high-performing teams and everyone else is widening.

15 Jun 2026
Christopher Crowley

From Alert to Evidence: Evaluating AI Agents for Cyber Forensic Triage

Cyber defense teams are beginning to experiment with large language models in security operations, but their usefulness in digital forensics and incident triage is still uncertain.

11 Jun 2026
Connor Blackard

Secure By Design: An Exploration of the Application of Generative AI in Threat Modeling Technical Design Documents

This paper explores the efficacy of large language models (LLMs) for creating comprehensive threat models by analyzing technical design documents, particularly when provided with additional contextual information about the product's underlying infrastructure and deployment environment.

27 May 2026
Mark Oswald

Leveraging Large Language Models for Cross-Vendor Firewall Configuration Migration: A Comparative Case Study of Claude and ChatGPT

This paper investigates how two current-generation large language models (LLMs) perform on a single, representative firewall migration task.

12 May 2026
Omar Zaman

Autonomous Defense Induced Disruption: How AI-Driven Automated Response Can Be Manipulated to Disrupt Enterprise Operations

The research highlights the need for governance controls, privilege-aware safeguards, and system-level constraints to prevent autonomous containment from causing operational disruption.

12 May 2026
Marcio Enriquez

Your Sensitive Data Has Left the Chat: LLMs as Sensitive Data Detectors

This paper seeks to evaluate the hypothesis that language models, large and small, can perform well at sensitive data classification and to offer a solution for companies trying to detect contextually sensitive data in their AI workflows.

12 May 2026
Colten Davis

Leveraging Generative AI for Password Cracking Efficiency Under Resource Constraints

The purpose of this research is to investigate whether generative AI can alleviate the hardware and financial burdens of password cracking (password recovery) while maintaining or even improving cracking success rates.

20 Mar 2026
Wesley Keller

AI-Human Collaboration in Modern SOCs

Enterprises face upwards of 3,000 security alerts daily, and according to the SANS 2025 SOC Survey, two-thirds of security operations center (SOC) teams cannot keep pace.

17 Mar 2026
Mathias Fuchs

Detecting AI Pickling

This study examines whether static analysis is a dependable "certification gate" for ingesting third-party, pickle-based AI model artifacts from open-source model hubs into a trusted internal registry.

12 Mar 2026
Bryan Nice

How Many LLMs Does it Take to Classify a Suspicious Email?

This study examines the accuracy, reliability, and operational behavior of three widely available LLMs using a dataset of 2000 human-written emails containing both legitimate and suspicious messages.

12 Mar 2026
Bridget Bartell

Autonomous Threat Emulation and Detection Using Agentic AI

Traditional threat emulation frameworks struggle to capture the dynamic and adaptive behaviours of modern Advanced Persistent Threats (APTs), leaving defenders reliant on static tests that quickly become obsolete.

10 Mar 2026
Marcus Dillion Yin

Evaluating Configurations for Reducing Problematic Emotional Engagement in Enterprise LLM Deployments: Implications for Insider Threat Risk

The risks of Large Language Models (LLMs) include triggering psychological drivers associated with malicious insider threat behavior. This study utilized AWS Bedrock to demonstrate that specific system-level configurations and guardrails can effectively mitigate these risks by reducing problematic human-AI engagement.

2 Mar 2026
J. Wolfgang Goerlich

No-Cost Detection of Endpoint Hard Drive Removal

This paper analyzes low-cost detection methods, using existing hard drive counters from Self-Monitoring, Analysis, and Reporting Technology (S.M.A.R.T.) and the Windows Registry, for their fidelity in detecting hard drive removal.

19 Nov 2025
Ryan A. Graham

Structural Vulnerability: Autodesk Revit Server WAN Exposure Versus Cost of Autodesk Construction Cloud

Autodesk Revit Server, a critical collaboration tool in the architecture, engineering, and construction (AEC) industry, was designed to operate within trusted networks.

7 Nov 2025
Joshua Hall

Automating Generative AI Guidelines: Reducing Prompt Injection Risk with 'Shift-Left' MITRE ATLAS Mitigation Testing

Automated testing during the build stage of the AI engineering life cycle can evaluate the effectiveness of generative AI guidelines against prompt injection attacks.

7 Nov 2025
Adam Wilson

Can Your Security Stack Handle AI? An Empirical Assessment of Enterprise Controls Versus Generative AI Risks

Enterprise security teams face a critical dilemma. Executives want AI productivity gains, but it remains uncertain if existing security controls can handle the risks.

6 Nov 2025
Blake Roth

Evaluating Large Language Models for Automated Threat Modeling: A Comparative Analysis

This study investigates the use of Large Language Models (LLMs) as an assistant to conduct threat models of systems or applications.

6 Nov 2025
Eric Sekercan

Privacy Protections: Are Stronger Laws Changing What We Reveal?

As U.S. states enact privacy laws aimed at giving consumers more control over their personal data, little is known about whether privacy legislation influences individuals’ willingness to disclose their identity on public platforms.

26 Sep 2025
Katie Christensen

Forensic Investigation of Bluetooth-Based Credit Card Skimmers

Hidden Bluetooth Low Energy (BLE) credit skimmers are a growing threat to credit card fraud. Criminals can set up practical and inexpensive systems built on top of modules, such as the HM-19, to collect and transmit stolen data covertly across wireless channels.

3 Sep 2025
John Passaro

Fixing What You Broke: Can AI Be Used to Thwart AI-Generated Malware?

This paper will compare the results of AI-generated malware analysis using legacy tools and various AI models and prompts to develop best practices to protect organizations of all sizes.

3 Sep 2025
Owen Slubowski

Cybersecurity is all we teach, and nobody does it better.

Research
Resources
Learn More

Privacy Policy
Terms and Conditions
Admissions
Do Not Sell/Share My Personal Information
Cookie Notice

© 2026 The Escal Institute of Advanced Technologies, Inc. d/b/a SANS Institute.

Our Terms and Conditions detail our trademark and copyright rights. Any unauthorized use is expressly prohibited.

SANS Institute
Internet Storm Center