| ▲ | strombofulous 2 days ago |
| > If you are young and wanting a promising trade in tech, security would absolutely be a good choice. If AI is capable of performing these attacks, what would stop AI from replacing the security engineers? |
|
| ▲ | lelanthran 2 days ago | parent | next [-] |
| > If AI is capable of performing these attacks, what would stop AI from replacing the security engineers? Because the threat model is one-sided - if an AI attack fails, the controller simply moves to the next target. If an AI defense fails, the victim is fucked. Therefore, there is still value in being the human in Cyber Security (however you are supposed to capitalise that!) There are still protections and mitigations that targets can do, but those things require humans. The things that attackers can do require no humans in the loop. |
| |
| ▲ | AlecSchueler a day ago | parent | next [-] | | > Therefore, there is still value in being the human in Cyber Security Why? Your logic applies equally well to humans. If the AI attacker fails they move onto the next target, if the human defence fails the victim is fucked. > There are still protections and mitigations that targets can do, but those things require humans. Which things would you point to here? | | |
| ▲ | lelanthran a day ago | parent [-] | | > Why? Your logic applies equally well to humans. If the AI attacker fails they move onto the next target, if the human defence fails the victim is fucked. I didn't claim that the human defence is the only layer. Your analogy is only valid if my claim is that it's AI attackers vs Human defenders. It's not. It's AI attackers vs AI + Human defenders. > Which things would you point to here? If you cannot imagine any value that a human can add to an AI defence, then this conversation is effectively over; I am not in the mood to enumerate the value that a human can add to AI defence. | | |
| ▲ | AlecSchueler a day ago | parent [-] | | > If you cannot imagine any value that a human can add to an AI defence, then this conversation is effectively over I honestly find that a bizarre response in the middle of a discussion but you do you. Maybe someone else could humour me since you're not in the mood to expand on the point that you made? The topic of the thread was that the ability of the AI tooling is outpacing what individuals can handle. Why would a human then be in a position to defend better than an AI when an AI is in a better position to attack than a human? | | |
| ▲ | lelanthran 7 hours ago | parent [-] | | >> It's AI attackers vs AI + Human defenders. > Why would a human then be in a position to defend better than an AI when an AI is in a better position to attack than a human? I did not make the claim that humans are in a better position to defend. |
|
|
| |
| ▲ | integralid a day ago | parent | prev [-] | | >Because the threat model is one-sided - if an AI attack fails, the controller simply moves to the next target. If an AI defense fails, the victim is fucked. This was always the case? Security is asymmetric and attacker only needs to succeed once. |
|
|
| ▲ | _aavaa_ 2 days ago | parent | prev | next [-] |
| Red team has to be lucky once, blue team has to be perfect. How many places take red teaming seriously now? Compare how fast real attackers could iterate vs the defenders. |
| |
| ▲ | UncleMeat 2 days ago | parent | next [-] | | This is less true than it seems. It is pretty rare to go from vuln to simple exploit for systems that people care about. There are plenty of vulns in chrome or whatever that were difficult to actually weaponize because you need just the right kind of gadgets to create a sandbox escape and the vuln only lets you write to ineffective memory addresses. | |
| ▲ | charcircuit 2 days ago | parent | prev [-] | | Stealing a bitcoin wallet by cracking the private key for it also requires red team to be lucky once. Once AI security gets to the point where the probability is infinitesimal for causing actual harm to the business it will be fine. | | |
| ▲ | _aavaa_ 2 days ago | parent [-] | | Yes, and on an infinite time horizon we are all dead. It’s the time between then and now that we’re talking about. | | |
| ▲ | charcircuit 2 days ago | parent [-] | | Existing concepts like defense in depth make it exponentially harder for an AI to build a full exploit chain. Even with a full exploit chain with one mistake you'll trigger a detection system which can fool your attack. |
|
|
|
|
| ▲ | chucky_z 2 days ago | parent | prev | next [-] |
| The more I use AI and my workplace buys into it, the more I’m doing person to person work in a security context. |
| |
|
| ▲ | weare138 2 days ago | parent | prev | next [-] |
| They're not and they won't. I'm from genx and have a background in infosec. I don't agree that AI is the cause of this sudden surge in activity or if this is even a sudden surge. This stuff was always occurring if you were paying attention. It just making the mainstream news now. Geopolitics is the cause of the recent uptick in activity. Many of these groups are state sponsored or just fronts for nation-states themselves. genAI just makes it easier for people further down the chain to go after low hanging fruit. The most significant impact genAI is having on infosec is creating work for those people in infosec through vibe coding and turning untested AI systems loose on internal networks. genAI just lets developers and admins shoot themselves in the foot faster. genAI is an artificial intern. |
|
| ▲ | dvfjsdhgfv 2 days ago | parent | prev [-] |
| LLM-based software is just another layer to be hacked. |
