01 / 10
Cybersecurity Bank & Government · Mexico 2026

Offense as Defense.

Using Autonomous AI to Expose Weaknesses in Financial Services APIs.

Alissa Knight Hacker · Researcher · Founder, Assail, Inc.
20 min · 10 talk + 10 demo Live demo of Ares at the end Mexico City · 2026
02 / 10
Who's talking to you

I hack APIs for a living.

From the U.S. Intelligence Community to Hollywood — two decades breaking financial systems, connected cars, and critical infrastructure, and writing the playbook on how to fix them.

17
Arrested for hacking the U.S. government
At 17 years old. The arrest became the recruitment pipeline — same skills, new flag.
IC
U.S. Intelligence Community
Recruited into cyber warfare — supported COIN operations in Afghanistan & Iraq.
SERE
One of the first women through SERE
Survival, Evasion, Resistance, Escape — the U.S. military's toughest training program for personnel at high risk of capture.
Cybersecurity companies founded & sold
Two successful exits in cybersecurity before launching Assail, Inc. and Ares.
55
Banks compromised in under a week
Mobile-banking API research that became a wake-up call for the entire financial services industry — every bank breached through its own APIs.
Cars hacked remotely via automaker APIs
Unlock, start, locate — fleet-wide, by abusing the OEM's backend authorization. No physical access required.
7
TV series produced · Hollywood director & producer
Co-produced with Zero Gravity — the studio behind The Accountant and Ozark.
Inducted into The Mob Museum
Las Vegas — recognized for contributions to organized-crime & modern cybercrime research. (Yes, that Mob Museum.)
Hired routinely by retailers, banks, and governments to hack their APIs — now doing it with autonomous AI.
03 / 10
The #1 finding in every engagement

Authorization is broken. Specifically — BOLA.

Broken Object Level Authorization. The vulnerability that quietly powers most modern financial-services API breaches — and the one your SAST, DAST, and WAF will never catch.

What it is

An API endpoint exposes an object identifier — an account number, a card ID, a customer GUID — and trusts the client to only request their own. The server authenticates the user but never authorizes the object.

Change the ID in the URL. Get someone else's bank account, statements, transfers, KYC documents, loan applications. No exploit required — just a number.

Why it dominates financial services

Every banking workflow is object-centric: accounts, cards, beneficiaries, transactions, loans, devices. Every microservice re-implements authorization. One miss = full data exposure.

It's the #1 vulnerability on the OWASP API Security Top 10 — and the one I find in virtually every bank, fintech, and neobank I've ever tested.

GET /api/v2/accounts/102847/statements      // works — it's my account
GET /api/v2/accounts/102848/statements      // also works. That's not my account.
GET /api/v2/accounts/000001/statements      // works too. So does every account in between.
04 / 10
A new category is born

The era of autonomous red team platforms.

Not scanners. Not pen-testing tools. Not "AI-assisted" SAST with a chatbot bolted on. Goal-driven AI agents that reason, plan, execute, and adapt — like a human red teamer, at machine speed.

What they actually do

  • Recon & enumerate APIs the way an attacker does — not the way a scanner does.
  • Chain vulnerabilities across endpoints to find business-logic flaws a tool will never see.
  • Generate & mutate payloads in real time based on the target's responses.
  • Hunt BOLA, BFLA, mass assignment — the things humans find that scanners miss.

What they give your red team

  • Continuous coverage instead of one annual pentest report.
  • Force-multiplier — one operator does the work of ten.
  • Reproducible attack chains, not just findings.
  • Closes the gap between offense-in-the-wild and the defender's playbook.
05 / 10
Why now — and why this can't wait

Adversaries are already using AI to hack you.

If they're using AI to attack you, you have to use AI to attack yourself — first, faster, and harder. That's offense as defense. That's the entire thesis of this talk.

The attacker's curve

Agentic AI has collapsed the cost of recon, exploit dev, and lateral movement. What used to take a nation-state team a quarter, a small group now does in days. The barrier to entry just fell through the floor.

The defender's response

Annual pentests and quarterly scans cannot match a continuous, autonomous adversary. You need a continuous, autonomous defender — running the same playbooks before the bad guys do. Symmetric tooling, asymmetric advantage.

Three recent incidents prove the curve has already bent.

06 / 10
Receipts · The last six months

AI is already in the attacker's kill chain.

Three incidents in the last six months — each one a public, documented milestone in AI-driven offense. This is no longer theoretical.

May 2026

First AI-Driven Zero-Day 2FA Bypass

Google Threat Intelligence disclosed that adversaries used an AI-developed zero-day to bypass 2FA on a widely-used open-source admin tool. Recognized as a major milestone — AI directly creating sophisticated, tailored exploits in the wild.

Dec 2025 – Feb 2026 · Featured next slide →

AI-Orchestrated Mexican Government Breach

An unknown adversary used Agentic AI to run a massive, largely automated campaign against Mexican government organizations — including a municipal water utility in Monterrey. AI did 80–90% of the work.

May 2026

ShinyHunters: Crunchbase & Canvas

Threat group ShinyHunters used AI to accelerate data extraction — exfiltrating over 2M records from Crunchbase and breaching Instructure (parent of Canvas). AI as a data-mining force multiplier.

07 / 10
Deep dive · Dec 2025 – Feb 2026

The Mexican Government AI breach.

The first publicly-documented case of agentic AI running an end-to-end campaign against government and critical-infrastructure targets — and it happened right here, in Mexico.

What happened

An unattributed adversary deployed agentic AI against Mexican federal and municipal targets — including a water utility serving Monterrey. The AI analyzed targets, wrote its own code, scanned exfiltrated data, and made operational decisions with minimal human supervision.

ExtraHop estimated AI performed 80–90% of the campaign's workload. The humans were essentially supervisors.

Why this matters for this room

Government & banking infrastructure share the same architecture: sprawling API surfaces, legacy auth, microservices stitched together over decades. The exact same playbook works against financial services — and adversaries now have an AI co-pilot to find every gap.

Source: extrahop.com/blog/mexican-government-breach-ai-tools-cyberattack

80–90%
Of the campaign run by AI
3+ mo
Continuous automated operation
Critical
Water utility & gov targets
08 / 10
The thesis

If they're using AI to hack you,
you need AI to hack yourself first.

This is not a slogan. It's the only viable defensive posture left. The tooling on both sides has converged — the only question is which side deploys it first inside your environment.

  • Same tools, same techniques. Adversaries are running agentic AI against your APIs this quarter. Anything less than the same on your side is asymmetric — in their favor.
  • BOLA-class flaws are perfect AI targets. They scale linearly, are easy to enumerate, and live in business logic. An AI agent finds them in hours. Annual pentests find them in years.
  • Continuous beats periodic. A quarterly pentest is a snapshot. An autonomous red team is a feed — your security posture, refreshed every commit, every deploy, every API change.
  • This is the only way to keep pace. Mexico, May 2026, ShinyHunters — three data points, six months. The curve is steepening. Wait another year and the gap is unrecoverable.
09 / 10
What you're about to see

This is Ares.

An autonomous AI red team platform purpose-built for API security. Goal-driven agents that reason about your endpoints, hunt for BOLA, BFLA, mass assignment, and business-logic flaws — and chain them into real attacks.

What Ares does in the next 10 minutes

  • Ingests an OpenAPI spec or live traffic and builds its own attack model.
  • Spawns goal-driven agents that enumerate, probe, and chain findings.
  • Identifies BOLA and authorization flaws no scanner can find.
  • Produces a reproducible attack chain — not just a CVSS score.

Why I'm showing you live

Slides don't sell this. You need to see an agent think about your API, change its mind, and find the thing your last pentest missed. So here we go.

Live demo — next slide →
10 / 10
Now — the live demo

Let's hack something together.

Scan to sign up free for Ares. Then watch me put it to work against a real API in front of you.

@
alissa.knight@assailai.com
in
linkedin.com/in/alissaknight
𝕏
@alissaknight
assailai.com
Switching to the Ares live demo — let's go.
Sign up free for Ares
Sign up FREE for Ares
Scan with your phone camera

Gracias, Ciudad de México · CBG 2026

1 / 10
00:00 / 10:00