Defenders finally have a chance to win, decisively
I’m curious how it will turn out to be in a long term. Are we going to have safer software? Because not only defenders will have a powerful tool, but attackers too. But at the same time, number of bugs is finite… Can we in theory one day achieve literally zero bugs in codebase?
Cyber security in general is going to get interesting. Breaking into protected systems often requires more patience than expertise. Attackers often get detected when they take short cuts because of laziness and overconfidence. AI agents have unfathomable patience and attention to detail.l
AI will be good at scaning for known vulnerabilities, but patience and attention to detail? Not in my experience. I use agentic coding agents for work and they are getting better, but they still will regularly get stuck in a loop of running into a bug when running tests, attempting to fix the bug in a stupid way, still erroring, trying another stupid fix, trying the first stupid fix, and so on until a human intervenes. They may be patient (as long as you pay for more tokens), but they aren’t using their time wisely.
AI tends to use the “throw shit at the wall and see what sticks” approach. It’s getting better at writing maintainable code, but it still will generate more-or-less spaghetti code with random unused or deprecated variables, crazy unnecessary functions, poor organization, etc… and requires lots of testing before producing something functional. Which is fine in an environment where you can iterate and clean things up. But as an attack vector, if you need 58 attempts to fully realize a vulnerability, in most secure environments you’re going to get detected and blocked before you finish.
I’m curious how it will turn out to be in a long term. Are we going to have safer software? Because not only defenders will have a powerful tool, but attackers too. But at the same time, number of bugs is finite… Can we in theory one day achieve literally zero bugs in codebase?
You can achieve zero bugs through liberal use of rm.
deleted by creator
Cyber security in general is going to get interesting. Breaking into protected systems often requires more patience than expertise. Attackers often get detected when they take short cuts because of laziness and overconfidence. AI agents have unfathomable patience and attention to detail.l
AI will be good at scaning for known vulnerabilities, but patience and attention to detail? Not in my experience. I use agentic coding agents for work and they are getting better, but they still will regularly get stuck in a loop of running into a bug when running tests, attempting to fix the bug in a stupid way, still erroring, trying another stupid fix, trying the first stupid fix, and so on until a human intervenes. They may be patient (as long as you pay for more tokens), but they aren’t using their time wisely.
AI tends to use the “throw shit at the wall and see what sticks” approach. It’s getting better at writing maintainable code, but it still will generate more-or-less spaghetti code with random unused or deprecated variables, crazy unnecessary functions, poor organization, etc… and requires lots of testing before producing something functional. Which is fine in an environment where you can iterate and clean things up. But as an attack vector, if you need 58 attempts to fully realize a vulnerability, in most secure environments you’re going to get detected and blocked before you finish.