Phil Stokes, Author at SentinelOne

fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet

Vitaly Kamluk & Juan Andrés Guerrero-Saade / April 23, 2026

A previously unknown 2005 cyber sabotage framework patches high-precision calculation software in memory to silently corrupt results.

labs

AI Research

Building an Adversarial Consensus Engine | Multi-Agent LLMs for Automated Malware Analysis

Phil Stokes / March 19, 2026

Single-tool LLM analysis produces reports that look authoritative but aren't. A serial consensus pipeline catches artifacts and hallucinations at source.

labs

AI Research

From Narrative to Knowledge Graph | LLM-Driven Information Extraction in Cyber Threat Intelligence

Aleksandar Milenkoski & Razvan Gabriel Cirstea / March 9, 2026

LLMs can turn CTI narratives into structured intelligence at scale, but speed-accuracy trade-offs demand careful design for operational defense workflows.

labs

AI Research

Silent Brothers | Ollama Hosts Form Anonymous AI Network Beyond Platform Guardrails

Gabriel Bernadett-Shapiro & Silas Cutler (Censys) / January 29, 2026

Analysis of 175,000 open-source AI hosts across 130 countries reveals a vast compute layer susceptible to resource hijacking and code execution attacks.

labs

AI Research

LLMs in the SOC (Part 1) | Why Benchmarks Fail Security Operations Teams

Gabriel Bernadett-Shapiro & Edir Garcia Lazo / January 20, 2026

LLM cybersecurity benchmarks fail to measure what defenders need: faster detection, reduced containment time, and better decisions under pressure.

labs

AI Research

Inside the LLM | Understanding AI & the Mechanics of Modern Attacks

Phil Stokes / January 13, 2026

Learn how attackers exploit tokenization, embeddings and LLM attention mechanisms to bypass LLM security filters and hijack model behavior.

labs

AI Research

LLMs & Ransomware | An Operational Accelerator, Not a Revolution

Gabriel Bernadett-Shapiro, Jim Walter & Alex Delamotte / December 15, 2025

LLMs make competent ransomware crews faster and novices more dangerous. The risk is not superintelligent malware, but rather industrialized extortion.

labs

AI Research

Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware

Alex Delamotte, Vitaly Kamluk & Gabriel Bernadett-Shapiro / September 19, 2025

LLM-enabled malware poses new challenges for detection. SentinelLABS presents groundbreaking research on how to hunt for this new class of threats.

labs

Adversary

Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms

Aleksandar Milenkoski, Sreekar Madabushi (Validin) & Kenneth Kinion (Validin) / September 4, 2025

DPRK-aligned threat actors abuse CTI platforms to detect infrastructure exposure and scout for new assets.

labs

macOS.ZuRu Resurfaces | Modified Khepri C2 Hides Inside Doctored Termius App

Phil Stokes & Dinesh Devadoss / July 10, 2025

ZuRu malware continues to prey on macOS users seeking legitimate business tools, adapting its loader and C2 techniques to backdoor its targets.