ClearSecLabs is bringing a workshop to REcon 2026 in Montreal: Agentic Reverse Engineering: Building Custom AI Skills with Coding Agents, led by our principal researcher John McIntosh.

We're coming back to REcon. Last year's session focused on MCP-based Ghidra integration, where MCP gave coding agents tool access. This time, Agent Skills give them structured, reusable workflows. We're going to build one end to end.

What I Keep Hearing​

Lately, the same conversation keeps coming up with colleagues, students, and fellow researchers. The shape of it is roughly:

I've started reading and experimenting with AI, and honestly, it's really good. In some areas it's already faster than me. The more I use it, the less I can see what work will be left for us in five years.

The feeling is real, and I've heard it from senior reverse engineers with fifteen years on the keyboard and from people on their first run through Ghidra. The more capable the tools get in your hands, the more your relevance feels uncertain. That's a hard place to operate from.

Here's the part worth holding onto: we've been in this place before. The path out of the worry has been the same every time. Engage with the new tool early. Stay ahead of it by working with it.

If you're curious about how AI can accelerate your reverse engineering workflows, check it out. Especially useful if you're looking to get started with agentic RE.

The video is up from our talk at RE//verse 2026 in Orlando, Agentic Diffing Apple Security Updates.

The powerful AI made it likelier that the consultants "fell asleep at the wheel" and made big errors when it counted. -- Ethan Mollick, Co-Intelligence

Ethan Mollick has a warning for anyone using AI: the better it gets, the easier it is to stop paying attention. When outputs are polished and instant, you stop thinking critically. You stop building skill. You become a passenger.

He's right, but only if you're using AI wrong.

"Reverse engineering workflows are evolving, and local LLMs are reshaping how we analyze binaries, automate tooling, and preserve privacy." – CSL

"It’s exciting to see open-source tools like ghidriff shaping the research frontier. This new paper validates what many of us have been building toward: diffing as the perfect context for LLMs, and agentic pipelines that turn binary changes into actionable security insight." – CSL

"We had an incredible time walking participants through the full arc—from scripting custom CLI tools in Ghidra to launching their own fully functional MCP servers. Watching people connect reverse engineering workflows to natural language interfaces felt like watching the future unfold in real time. The energy in the room was electric and the hands-on breakthroughs made this one of our most rewarding sessions yet. We wrapped up by meeting a ton of brilliant folks at the after party where great ideas and fresh perspectives flowed straight from the community." - CSL

Conference speaking and training opportunity at 44CON, a public event bringing together the best in UK and International information security research and networking opportunities and trainer teaching

"Founded in 1997, Black Hat is an internationally recognized cybersecurity event series providing the most technical and relevant information security research. CSL provided 4-days of training and presented at Blackhat's arsenal.

"While it started as a very small contest in 2008, Insomni'hack has become over the years one of the largest information security events in Switzerland. CSL presented new research Patch Different on *OSX.