Aaron Ott
Cybersecurity leader & AI security researcher — helping teams bridge security, AI, and resilience.
I believe security should be human‑centered and AI‑resilient. That’s why I write, test, and share here.
Featured
Pen Testing With Claude 4.5
Post
Claude 4.5 ran a 15 minute pen test on my lab, finding 21 real vulnerabilities — powerful but with notable blind spots like XSS.
When Do You Trust AI
Post
Exploring the 'trust thermometer' problem with AI: how to balance efficiency, verification, and judgment when working with inconsistent outputs.
Building a Local Prompt Injection Lab
Project
A reproducible Docker lab for testing LLM agent prompt injection and AI resilience.
About
I’m Aaron — OSCP/CISSP/CSSLP and an application‑security leader focused on building AI‑resilient systems. I write playbooks, ship tools, and help teams move fast without breaking everything important.
- Focus areas: NIST CSF 2.0, AppSec leadership, AI security & resilience
- Currently exploring: prompt‑injection labs, AI‑first DR, threat modeling for startups
- Human stuff: dogs, hiking, and whiskey
Latest writing
-
Pen Testing With Claude 4.5
I gave Claude 4.5 access to a Kali box and an intentionally vulnerable app. In 15 minutes it found 21 real vulnerabilities — useful, but with notable blind spots. When is AI useful for pentesting, and when should humans stay in the loop?
-
When Do You Trust AI
Exploring the 'trust thermometer' problem with AI: how to balance efficiency, verification, and judgment when working with inconsistent outputs.
-
Coding With Chatgpt vs Claude Code
I built a lightweight analytics stack: ChatGPT for fast scaffolding, Claude Code for surgical repo edits—steal the prompts, guardrails, and NGINX lessons.
-
Building a Local Prompt Injection Lab
Reproducing and extending the 'Cybersecurity AI: Hacking the AI Hackers via Prompt Injection' whitepaper with a local Docker lab and LLM integration.