Using Large Language Models to Automate Penetration Testing; The Effect of Machine Learning Algorithms on Social Media on the Privacy and Mental Health of LGBTQ+Users

The development of OpenAI’s ChatGPT 3.5 in 2022 sparked many companies to pour funding into research on building better Large Language Models (LLMs) and incorporating LLMs into other fields. One way that this is being done is by companies building websites and services that act as wrappers around ChatGPT or other LLMs. This surge of artificial intelligence innovation has captured my interest, particularly in its implications for security and pivacy. Motivated by these interests, I explored two separate but related threads for my capstone projects. For my technical project, I focused on using a locally hosted LLM to automate penetration testing, the process of simulating cyberattacks on a network to identify and assess vulnerabilities. Meanwhile, for my STS research paper I investigated how machine learning algorithms on social media platforms affect the privacy and mental health of LGBTQ+ users, especially in cases where queer identity is criminalized or politically targeted. While one project focuses on using artificial intelligence (AI) to provide better security for users and the other project looks into protecting a marginalized community from potential harm that AI brings, both projects focus on a wider theme of how AI technologies affect access to information and redistribute power within digital environments.
In my technical project, I built a locally hosted LLM-powered penetration testing platform using Django and OpenSearch and leveraging a dataset from HackTheBox, a platform to help users learn ethical hacking. For the LLM I used Mixtral-8x7B, developed by Mixtral of Experts, which is reported to work at the same level as ChatGPT 3.5. The system takes in IP address scan data from Nmap commands and interprets the results. After deciding on important information learned from a command the system suggests next-step commands to the user using a chain-of-thought reasoning process. This reduces the barrier to entry for ethical hacking by
helping users who may not have extensive training in cybersecurity. While the LLM successfully recommended useful commands and found information relating to web servers and web frameworks for a network, it also struggled when given excessive input data, highlighting the limitations of current models and the importance of structured inputs. The project raises ethical questions about how such tools could be misused if made public without restrictions, especially in an era of increasing cyberattacks and digital espionage.
My STS paper shifts the focus from the capabilities of AI to its consequences. I examine how social media algorithms affect LGBTQ+ individuals by analyzing how platforms infer identity, curate content, and expose users to risks, looking at all of these factors through an Actor-Network Theory (ANT) lens. The methodology for this research paper is a meta review of academic articles published after 2010, corroborating these findings with real-world examples that occurred after 2010. This analysis incorporates both a United States and international perspective to get a view of how a country's laws and public attitudes affect the algorithmic systems that impact queer users. The findings reveal three overarching themes: first, machine learning has enabled social media companies and third parties to identify queer users with striking accuracy; second, misclassification and efforts to hide one’s identity often diminish a user's ability to fully engage with these platforms; and third, in countries with punitive policies toward LGBTQ+ individuals, social media becomes both a tool for government surveillance and a space for queer users to build community and identity. The ANT framework reveals how queer visibility and safety are not simply outcomes of technical systems, but are co-produced through dynamic interactions among users, algorithms, platforms, and state actors. The findings also challenge the myth of algorithmic neutrality and underscore how power is embedded in technical infrastructures.
Taken together, these two projects demonstrate how LLMs and machine learning algorithms are not isolated technical tools—they are embedded within complex sociotechnical systems that affect how people work, express themselves, and stay safe. As a developer, I see the promise in using AI to make powerful tools more accessible. As a researcher, I see the dangers in assuming that these same tools will always be used ethically. Understanding both sides is essential for building a future where AI serves not just efficiency, but equity and accountability.

School of Engineering and Applied Science

Bachelor of Science in Computer Science

Technical Advisor: Briana Morrison

STS Advisor: Karina Rider