Kenneth Hawrylak, July 5 2026

The AI I Wanted Didn't Exist—So I'm Building It

Artificial intelligence is changing almost every industry, and cybersecurity is no exception. Every week there seems to be a new AI tool promising to automate penetration testing, identify vulnerabilities, or replace hours of manual work with a single prompt. While these tools are impressive, they often share the same limitation: they are very good at answering questions, but not particularly good at thinking like an experienced security consultant.

Over the past several months, I've been working on a project that takes a different approach.

Instead of building another AI chatbot, I'm building what I call an AI-assisted cybersecurity consulting platform. The goal isn't to replace the consultant—it is to give the consultant an intelligent partner that remembers, reasons, and learns from experience.

The Problem with AI "Memory"

Many AI systems today rely on what is known as "memory." In practice, this usually means searching through documents or previous conversations to retrieve information that appears relevant.

That works well when asking questions like:

"What is Kerberoasting?"

or

"Summarize my notes on Active Directory."

But real cybersecurity consulting isn't simply retrieving information from documents.

Imagine performing a penetration test on a corporate network. During the assessment, dozens or even hundreds of observations are made. A network scan identifies open services. Authentication attempts succeed or fail. New hosts are discovered. Credentials are found. Some attack paths work while others do not.

An experienced consultant doesn't simply remember everything. They organize what they learn into a logical process.

One observation leads to a hypothesis.

A hypothesis leads to a decision.

A decision leads to a test.

A test produces results.

Results produce evidence.

Evidence supports findings.

That reasoning process is what separates experience from information.

Teaching AI to Think in Steps

One of the earliest design decisions for this project was to stop treating everything as "memory."

Instead, every significant action during an assessment becomes part of a structured reasoning chain.

Rather than simply recording that a command was executed, the platform records why it was executed.

Instead of storing a vulnerability as soon as a tool reports it, the system records observations, develops hypotheses, performs validation, and only creates a finding when enough evidence exists to support the conclusion.

This approach mirrors how experienced consultants already work.

Good consultants don't assume.

They verify.

That philosophy is being built directly into the software.

More Than Just Documentation

One of the interesting realizations during development was that this platform isn't really about documentation at all.

It's about capturing experience.

There is an important difference between knowledge and experience.

Knowledge comes from books, training courses, documentation, research papers, and standards.

Experience comes from actually performing assessments.

Knowledge might tell you that a particular attack is possible.

Experience tells you which techniques tend to work best, which tools produce reliable results, what common mistakes waste time, and which paths are usually dead ends.

Those two types of information deserve to be treated differently.

The platform maintains separate collections for long-term knowledge, practical experience gained during previous engagements, and the current engagement itself.

This allows the AI to answer very different kinds of questions.

One question might be:

"Explain Resource-Based Constrained Delegation."

Another might be:

"Have I successfully used this technique before?"

A third might be:

"What is the next logical step in the current assessment?"

Although all three questions involve cybersecurity, they require entirely different types of information.

Learning Without Forgetting

One of my goals is for the system to become better after every engagement without simply accumulating thousands of random notes.

Anyone can dump documents into an AI.

The challenge is deciding what deserves to become permanent knowledge.

Imagine discovering during a penetration test that one particular tool worked better than another in a specific situation.

That may be a useful lesson worth remembering.

On the other hand, a client's server name, IP address, or internal passwords should never become part of the system's long-term knowledge.

The platform is designed to separate reusable experience from client-specific information.

This protects confidentiality while allowing the AI to improve over time.

Explainable Reasoning

Perhaps the most important design principle is transparency.

Modern AI systems often provide recommendations without explaining how they reached their conclusions.

In cybersecurity, that isn't good enough.

If an AI recommends performing a particular test, it should also be able to explain why.

If it believes a vulnerability exists, it should identify the observations and evidence supporting that conclusion.

Every recommendation should be traceable.

Every finding should be defensible.

The goal is not to create an AI that simply appears intelligent.

The goal is to create one whose reasoning can be understood, reviewed, and challenged.

Building a Personal Knowledge Library

Like many professionals, I've accumulated a large collection of resources over the years.

Course notes.

Research papers.

Technical documentation.

Vendor guidance.

Security books.

Conference presentations.

Personal observations.

Previous reports.

Rather than treating all of these documents as one giant collection of text, the platform classifies them according to their purpose.

Some become reference material.

Some become personal knowledge.

Some become lessons learned.

Some become research.

This allows the AI to understand not only what information exists, but where it came from and how trustworthy it is.

Official documentation should not be treated the same as an informal blog post.

A research paper describing original work deserves different consideration than a quick note captured during a training course.

Context matters.

Remaining Independent of Any AI Model

One of the biggest lessons from the past few years is that AI changes rapidly.

Today's leading model may not be tomorrow's.

Because of that, the platform is being designed to remain independent of any specific AI provider.

The reasoning engine, knowledge management, engagement tracking, and automation remain separate from the language model itself.

Whether the future involves cloud-based AI services or locally hosted models running on private hardware, the knowledge and reasoning components remain the same.

The AI becomes one interchangeable component rather than the foundation of the system.

The Long-Term Vision

Today, the project consists primarily of a carefully designed architecture and an expanding collection of software components.

Eventually, the vision is much larger.

Imagine starting a new penetration test.

The platform automatically creates a new engagement, organizes evidence, tracks observations, records every meaningful decision, remembers previous lessons, recommends logical next steps, avoids repeating unsuccessful techniques, and produces an auditable chain of reasoning from the very first observation to the final report.

Instead of simply answering questions, the system maintains situational awareness throughout the engagement.

It understands what has already been done.

It understands what remains to be tested.

It understands why each decision was made.

Most importantly, it understands the difference between evidence and conclusions.

Building Something Different

This project has evolved considerably since it began.

Originally, the objective was simply to explore modern AI-assisted penetration testing.

As development progressed, it became clear that the real opportunity wasn't building another chatbot.

It was building a platform that captures the way experienced consultants actually think.

That means emphasizing careful reasoning over automation, verification over assumption, and experience over raw information.

Artificial intelligence is undoubtedly changing cybersecurity.

I don't believe the future belongs to AI systems that replace experienced professionals.

I believe it belongs to systems that amplify their expertise, preserve their knowledge, and help them make better decisions.

That's the system I'm building.

Not an AI that thinks for me.

An AI that thinks with me.

Written by

Kenneth Hawrylak

Older Feynman Learning Coach