Vulnerability economics
Presumably, AIs will clear up the plain stuff first, which implies that any remaining vulnerabilities shall be delicate. Discovering them will take AI computing assets. Within the optimistic situation, defenders pool assets by info sharing, successfully amortizing the price of protection. If info sharing doesn’t work for some purpose, protection turns into far more costly, as particular person defenders might want to do their very own analysis. However prompt software program means far more variety in code: a bonus to the defender.
This must be balanced with the relative price of attackers discovering vulnerabilities. Attackers have already got an inherent approach to amortize the prices of discovering a brand new vulnerability and create a brand new exploit. They’ll vulnerability hunt cross-platform, cross-vendor, and cross-system, and might use what they discover to assault a number of targets concurrently. Fixing a standard vulnerability typically requires cooperation amongst all of the related platforms, distributors, and methods. Once more, prompt software program is a bonus to the defender.
However these hard-to-find vulnerabilities grow to be extra beneficial. Attackers will try to do what the foremost intelligence businesses do immediately: discover “no one however us” zero-day exploits. They may both use them slowly and sparingly to reduce detection or rapidly and broadly to maximise revenue earlier than they’re patched. In the meantime, defenders shall be each vulnerability looking and intrusion detecting, with the objective of patching vulnerabilities earlier than the attackers discover them.
