Post by SANS Institute

A powerful analogy for working with LLMs today came from our DC CISO event this morning: babysitting Jack-Jack from The Incredibles. Think about how most of us actually prompt these models. We tell them they're a "security researcher." We promise a $200 tip. We say "try harder, you can do it" and "I'll be upset if you give up." We are bribing and coaxing a toddler with reality-bending powers and no off switch. The point underneath the jokes was a serious one. We don't understand LLMs the way we understand systems we built from first principles. Studying attention internals is interesting, but it doesn't tell you why the model does what it does in front of you, any more than embryology tells you why a baby is crying. You learn the behavior by living with it. And the behavior has changed. Early models acted like babies. Today's models act more like teenagers: capable, opinionated, occasionally ignoring you entirely. For security teams, that reframes the problem. The job isn't to fully explain the model. It's to supervise it well, set boundaries, and know what it does when no one is watching. Rob T. Lee T Lee and Rich Mogull opened the day again. Strong room, sharp questions. What's your version of the $200 tip?