Intro

Over the last few months, I’ve been participating in Berkeley’s online course discussing LLM Agents. It’s been a once-per-week lecture with guest lecturers from cutting edge companies like OpenAI, Anthropic, and Google DeepMind, as well as academics from Stanford and Berkeley. You can find the syllabus and link to the livestream here.

While not all of the lectures were of direct interest to me in the Red Team space, as with network-based Red Teaming I think it’s imperative to understand overarching architectures along with selective deep-dives into the technology to learn how it should be used, how those uses can lead to abuse, and potential gaps that we can slip through. That’s where I’ve spent a lot of my learning time this year, and this course was a welcome addition, particularly on the ‘breadth’ front.

The course is very accessible - no math requirements and no real need to understand things like Deep Learning or how LLMs actually do what they do. The course is focused more on the application of LLMs and provided a neat tour around how some of the biggest players are thinking about this technology, whether that’s building multi-modal assistants, aiding enterprise workflows, or helping build better brains for robotics.

As I’m working on CrowdStrike’s LLM-based application testing line with Brian Chamberlain, Alex Bernier, and Kevin Hamako, lectures from this course provided good exposure to the types of setups or goals our customers will be using or aiming toward with their own implementations. You can find the announcement post for that here.

Some Takeaways

Let’s dig into some of the things that stuck with me from the course.

While some of how deep learning works still feels like magic, I enjoy the correlation to human thought and the insights that that provides both in better understanding AI topics and humans.

Although not related to Red Team or agents directly, the concept of using language as the medium to reason and solve problems was a bit of a light bulb moment for me in my relationship with my wife. One day 10+ years into our relationship, I found out she doesn’t actually have an inner monologue. Somehow, she thinks exclusively in pictures and abstract thoughts/feelings, which stands in sharp contrast to my experience with life: violently arguing with myself about the best next step or observing the world around me with descriptive language, rather than images.

Between the two of us, I enjoy the strategy games and tend to win them more than she does. While she’s absolutely smart and capable, I have an easier time providing rationale for something than she does. She excels on the empathizing side of the house. And while we both enjoy creative pursuits, she gravitates to hands-on crafts while I pursue more language-based music/poetry.

The discussion of LLM agents providing the ‘reasoning’ for other, more specialized agents using language as the way to ’think’ about problems, was cathartic. It also provided further insight into how I could approach breaking these agents. While I joke that they’re basically really smart children - capable of doing a lot, but naive - rather than simply ’tricking’ the agent into doing what I want, I could argue it into doing what I want.

I also enjoyed the lecture on enterprise applications, digging into Tape Agents which can provide an aggregated, centralized repository of actions and “knowledge” taken by agents in the same ecosystem but from differing customers to help speed up decision making. Though as a Red Teamer… I see that as a force multiplier for an adversary looking to poison users of XYZ big SaaS platform.

Other topics like how to open-source AI in the face of expensive compute and how to ‘democratize’ development through easy-to-use frameworks were also intriguing and something I’ll be keeping an eye on, as those efforts tend to end up in the environments I’m attacking.

Overall, I recommend the course. Sit back with a dram of scotch and listen, use the tool I put on my GitHub to summarize the live stream transcript if you want to record the notes for your knowledgebase, and benefit from top minds talking about the new hotness.

I’m grateful for places like Berkeley making this information available. I hope other universities and companies do the same - knowledge is power.

---