Automation or Innovation?
-
Automation or Innovation?
Absorption or Containment?
"Does AI-assisted vulnerability discovery represent a categorical innovation in offensive cyber capability — a new class of finding previously unreachable by any combination of human and tool — or does it represent the automation and scaling of methods that already existed in the security-research repertoire?
The policy responses appropriate to each framing diverge sharply."
-
Automation or Innovation?
Absorption or Containment?
"Does AI-assisted vulnerability discovery represent a categorical innovation in offensive cyber capability — a new class of finding previously unreachable by any combination of human and tool — or does it represent the automation and scaling of methods that already existed in the security-research repertoire?
The policy responses appropriate to each framing diverge sharply."
-
@aristot73 Agreed! I'd add that cost collapse isn't the whole story though. Some searches wouldn't happen at any price because some software/bugs might simply be uninteresting to people.
-
@aristot73 Agreed! I'd add that cost collapse isn't the whole story though. Some searches wouldn't happen at any price because some software/bugs might simply be uninteresting to people.
@meartur fully agree! there must be a measurable "return" to justify any, even negligible, investment.
The best source i could find on the attacker perspective on this issue was the paper below.
According to the the paper, attackers will squeeze all the juice out of a working exploit before looking for a new one. Attackers will keep "harvesting" the same field (subset of software) as long as it remains fertile (i love analogies
).This was pre-LLM. We may have to wait for some empirical evidence...on modern farming practices.
Allodi, L., Massacci, F. and Williams, J. (2022), "The Work-Averse Cyberattacker Model: Theory and Evidence from Two Million Attack Signatures."
-
R relay@relay.infosec.exchange shared this topic
️ 