Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Talks

Upcoming

Can AI Do Novel Security Research? Meet the HTTP Terminator

Researcher: James Kettle

Conferences

Black Hat USA 2026, 05 Aug 2026

We all know AI can find bugs. After a decade of research, I asked a harder question: can an autonomous system invent new attack techniques, and use them to hack live websites at scale? Building this sounded like a bad idea, so I did it.

It worked - I'll share an arsenal of new HTTP desync triggers, gadgets, and exploits that compromised banks, security solutions, and government infrastructure. Then I'll trace each discovery chain back through the HTTP Terminator, showing how to turn your personal expertise into an autonomous weapon - and the dark arts required to make it lethal.

I'll also share discoveries from beyond the autonomy horizon - some only reachable with a tight human/AI research loop, and others beyond AI's reach entirely. These include a powerful undisclosed recon technique, and anomalies that hint at new attack classes offering alternative paths to critical impact. I'll analyze the discovery process, sharing detailed experiments that probe the boundaries of what AI can and can't discover.

You'll leave with new exploits from desync triggers to undisclosed attack classes, and a blueprint for turning your instincts into an autonomous research cascade. And yes, I'll open-source the HTTP Terminator.

Previous

The Fragile Lock: Novel Bypasses For SAML Authentication

Researcher: Zakhar Fedotkin

Conferences: Black Hat Europe, 10 Dec 2025

Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls

Researcher: Gareth Heyes

Conferences: NDC Manchester, 04 Dec 2025

HTTP/1.1 Must Die! The Desync Endgame

Researcher: James Kettle

Conferences: RomHack, 27 Sept 2025 | DEF CON 33, 08 Aug 2025 | Black Hat USA 2025, 06 Aug 2025

HTTP Stream Hacker

Researcher: Martin Doyhenard

Conferences: Black Hat USA Arsenal, 06 Aug 2025

WebSocket Turbo Intruder

Researcher: Zakhar Fedotkin

Conferences: Black Hat USA Arsenal, 06 Aug 2025

Amplify the hacker: offensive AI plugin development

Researcher: Gareth Heyes

Conferences: Steelcon, 12 Jul 2025

Cookie Chaos: Exploiting Parser Discrepancies

Researcher: Zakhar Fedotkin

Conferences: Steelcon, 12 Jul 2025

Digging for XSS Gold: Unearthing Browser Quirks with Shazzer

Researcher: Gareth Heyes

Conferences: PortSwigger Discord, 07 Nov 2024

Splitting the email atom: exploiting parsers to bypass access controls

Researcher: Gareth Heyes

Conferences: DEF CON 32, 11 Aug 2024 | Black Hat USA 2024, 07 Aug 2024

Listen to the Whispers: Web Timing Attacks that Actually Work

Researcher: James Kettle

Conferences: DEF CON 32, 09 Aug 2024 | Black Hat USA 2024, 07 Aug 2024

Gotta Cache Em All: Bending the Rules of Web Cache Exploitation

Researcher: Martin Doyhenard

Conferences: DEF CON 32, 09 Aug 2024 | Black Hat USA 2024, 07 Aug 2024

Smashing the State Machine: The True Potential of Web Race Conditions

Researcher: James Kettle

Conferences: Nullcon Goa 2023, 23 Sept 2023 | DEF CON 31, 12 Aug 2023 | Black Hat USA 2023, 09 Aug 2023

Server Side Prototype Pollution: Blackbox detection without the DoS

Researcher: Gareth Heyes

Conferences: Nullcon Berlin 2023, 09 Mar 2023 | OWASP 2023 Global AppSec Dublin, 15 Feb 2023

Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling

Researcher: James Kettle

Conferences: DEF CON 30, 12 Aug 2022 | Black Hat USA 2022, 10 Aug 2022

Hunting evasive vulnerabilities: finding flaws that others miss

Researcher: James Kettle

Conferences: Nullcon Berlin, 08 Apr 2022

HTTP/2: The Sequel is Always Worse

Researcher: James Kettle

Conferences: Black Hat Europe, 10 Nov 2021 | DEF CON 29, 06 Aug 2021 | Black Hat USA, 05 Aug 2021

Black Hat Europe Locknote: Conclusions and Key Takeaways

Researcher: James Kettle

Conferences: Black Hat Europe 2020, 10 Dec 2020

Portable Data exFiltration: XSS for PDFs

Researcher: Gareth Heyes

Conferences: Black Hat Europe 2020, 10 Dec 2020

Web Cache Entanglement: Novel Pathways to Poisoning

Researcher: James Kettle

Conferences: Black Hat USA 2020, 05 Aug 2020

XSS Magic Tricks

Researcher: Gareth Heyes

Conferences: Global AppSec Allstars, 26 Sept 2019

HTTP Desync Attacks: Smashing into the Cell Next Door

Researcher: James Kettle

Conferences: Black Hat USA 2019, 07 Aug 2019

Turbo Intruder: Embracing the billion-request attack

Researcher: James Kettle

Conferences: LevelUp 0x03, 25 Jan 2019

Practical Web Cache Poisoning: Redefining 'Unexploitable'

Researcher: James Kettle

Conferences: Black Hat USA 2018, 09 Aug 2018

Exploiting Unknown Browsers and Objects

Researcher: Gareth Heyes

Conferences: AppSec Europe, 06 Jul 2018

DOM based AngularJS Sandbox Escapes

Researcher: Gareth Heyes

Conferences: BSides Manchester, 17 Nov 2017

Cracking the Lens: Targeting HTTP's Hidden Attack-Surface

Researcher: James Kettle

Conferences: Black Hat USA 2017, 27 Jul 2017

Exploiting CORS Misconfigurations for Bitcoins and Bounties

Researcher: James Kettle

Conferences: OWASP AppSec EU 2017, 12 May 2017

Backslash Powered Scanner: Automating Human Intuition

Researcher: James Kettle

Conferences: Black Hat Europe 2016, 05 Dec 2016

JSON Hijacking for the Modern Web

Researcher: Gareth Heyes

Conferences: OWASP London , 24 Nov 2016

Hunting Asynchronous Vulnerabilities

Researcher: James Kettle

Conferences: 44Con 2015, 15 Sept 2015

Server-Side Template Injection

Researcher: James Kettle

Conferences: Black Hat USA 2015, 05 Aug 2015