There’s frequent discussion now about how AI will help hackers do X and Y.
Phishing and BEC scams are at the top of the list.
And there’s also lots of talk about AI helping with static code analysis,
SOC operations, and lots of other defense-oriented use cases.
So which side will benefit more? Red or Blue?
Here’s my (current) answer.
Red first, then blue
My answer is somewhat simple: AI will most help the attacker side first, and
then it will help defenders more in the long-term.
Here’s how I arrive at that conclusion.
-
Continous Intelligent Monitoring and Analysis: Doing
security at scale requires software. There are too many events and
policies and constantly-evolving situations to handle things properly
using just humans. And even SIEMs put most of the burden on the human
analyst. To protect an organization and do business much better than we
do today,
we need to be able to see and understand as much as possible about
our company all at once. To accomplish this,
software is moving from static queries and databases to a
context-based, LLM-based approach
that I describe in my
SPQA
architecture. In short, the more context we have about the organization
we’re defending the better we can defend it. -
When We Lack Context, Attackers Win: In the early days of AI,
attackers will be able to use AI to automate attacks while defenders
still lack context about their environment. They don’t have AI deployed
yet that understands their networks, their applications, their users,
and their company’s policies. I expect this to last 3-5 years, even for
the fastest-moving organizations. The AI/LLM tech simply isn’t there yet
to be able to parse and understand the complexity of an environment. -
Once Blue Catches Up, Their Internal Context Gives Them the Edge: But once that happens, i.e., once AI is aware of the perimeter, the
apps, the users, the codebases, and the posture that the company is
working to maintain, that’s when the advantage switches to the defender.
Attackers won’t have access to that updated context the way the internal
teams will, so they’ll always be behind. But keep in mind, that will
only apply when they’re attacking targets that have fully context aware
AI systems helping to defend. Where that’s not the case the advantage
goes back to the attacker.
Context wins
Basically whoever can see the most about the target, and can hold that
picture in their mind the best, will be best at finding the vulnerabilities
the fastest and taking advantage of them. Or, as the defender, applying
patches or mitigations the fastest.
And if you’re on the inside you know what the applications do. You know
what’s important and what isn’t. And you can use all that internal knowledge
to fix things—hopefully before the baddies take advantage.
Summary and prediction
-
Attackers will have the advantage for 3-5 years. For
less-advanced defender teams, this will take much longer. -
After that point, AI/SPQA will have the additional internal context
to give Defenders the advantage.
LLM tech is nowhere near ready to handle the context of an entire company
right now. That’s why this will take 3-5 years for true AI-enabled Blue to
become a thing.
And in the meantime, Red will be able to use publicly-available context from
OSINT, Recon, etc. to power their attacks.
NOTES
-
The 3-5 year thing is a range and a guess, obviously. AI defending is
starting already, and many aspects will take 10 years or more to fully
blossom. But I think 3-5 is a good range for where Blue will retake
the AI advantage from Red in the most savvy organizations.
Related Posts
Technical Analysis: 4 Stocks with signs of death crossovers to keep an eye on
HDFC Bank & 3 other fundamentally strong stocks trading above 200 DMA to keep an eye on
Falling Channel Breakout: Multibagger NBFC Stock Shows Bullish Momentum on Daily Chart
4 Fundamentally strong stocks to buy for an upside potential of up to 36%; Do you hold any?
Markets tumble as Trump puts pressure on Federal Reserve
NLSC: SENIOR THREE AGRICULTUREAgriculture,New Lower Secondary Curriculum,Ordinary Secondary 
NLSC: SENIOR THREE CHEMISTRY
NLSC: SENIOR THREE GENERAL SCIENCENew Lower Secondary Curriculum,Ordinary Secondary,Sciences 
NLSC: SENIOR THREE NUTRITION AND FOOD TECHNOLOGYFood and Nutrition,New Lower Secondary Curriculum,Ordinary Secondary 
NLSC: SENIOR THREE CHRISTIAN RELIGIOUS EDUCATION
colline mwangaENG/P/7: RIGHTS, RESPONSIBILITIES AND FREEDOM- Aheebwa JosephDP: Digital Pedagoggy Assignment7
- Aheebwa JosephDP: Digital Pedagogy Assignment5
- Aheebwa JosephDP: Digital Pedagogy Assignment4
- Aheebwa JosephDP: Digital Pedagogy Assignment2
- Aheebwa JosephDP: Digital Pedagogy Final Project
SENIOR FIVE SUB ICT END OF YEAR EXAM ONE 2023
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
English
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sundanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu
0 responses on "Who Will AI Help More—Attackers or Defenders?"