> to harden a system you need to spend more tokens discovering exploits than attackers will spend exploiting them.

That can't be right, can it? Given stable software, the relative attack surface keeps shrinking. Mythos does not produce exploits. Should be defenders advantage, token wise, no?

▲

rhplus 12 hours ago | parent | next [-]

It’s the classic asymmetric warfare problem:

Defenders have to find all the holes in all their systems, while attackers just need to find one hole in one system.

	▲	lexlambda an hour ago \| parent [-]
		A slight factor differentiating security systems here is involved to the advantage of defenders: Attackers have to find a whole exploit chain, while defenders only need to fix one part of it.

▲

JoshTriplett 11 hours ago | parent | prev | next [-]

> Mythos does not produce exploits.

AI in general will, don't worry. "Move fast and break things" makes more exploits than "move steadily and fix things" does.

▲

paisawalla 12 hours ago | parent | prev [-]

So long as that OSS keeps accumulating features, there isn't quite the equilibrium you're imagining. If you can pin to a stable version, which continues to audited, you're fine. But if the rest of the world moves on to newer versions of the software, you'll have to as well, unless you want to own the burden of hardening older versions.