Mackenzie Jackson

Security Research

Aikido security

Mackenzie is a security researcher at Aikido Security, former founder and CTO of Conpago, and a contributor to global tech outlets, helping developers and DevOps teams build secure systems and understand modern security challenges.

Speaker sessions

From Changelogs to APTs: Weaponizing LLMs for Threat Hunting at Scale

This presentation explores a multi-year research project leveraging Large Language Models (LLMs) to uncover hidden threats within the open-source software supply chain. What began in early 2024 as an experiment in automating changelog analysis evolved into one of the most effective techniques we've seen for discovering silent vulnerabilities and active malware. Our research even allowed us to spy on North Korean APT group Lazarus as they deployed malware to launch a supplychain attack.Our approach led to the discovery of over 900 security vulnerabilities in popular open-source packages, none of which had been assigned CVEs or disclosed publicly. Alarmingly, 25% of these we rated high or critical severity. They included widely used libraries like Axios and Apache’s eCharts. This practice, often referred to as silent patching, occurs when maintainers knowingly fix security issues without public notification, leaving users unknowingly exposed.In parallel, we deployed LLMs to analyze newly published packages on public registries like NPM. By training our models to detect human behavioral signals—such as suspicious descriptions, unexpected obfuscation, or unusual dependency patterns, alongside traditional scanning techniques. We discovered thousands of malicious packages being uploaded monthly, including packages from state-sponsored APTs, and even caught a potentially catastrophic supply chain attack on the official XRP SDK. This talk delivers a technical deep dive into the design of our LLM-based detection systems, our validation process, and the most impactful findings from our research. It also discusses the broader implications for vulnerability disclosure, software supply chain security, and the emerging role of LLMs in real-world threat hunting.