Cyber security in general is going to get interesting. Breaking into protected systems often requires more patience than expertise. Attackers often get detected when they take short cuts because of laziness and overconfidence. AI agents have unfathomable patience and attention to detail.l
I don’t really agree with the attention to detail part from my experience. AI agents love to take shortcuts from what I’ve seen, and you have to pay a lot of attention to what they’re doing to make sure they do the right thing.
AI will be good at scaning for known vulnerabilities, but patience and attention to detail? Not in my experience. I use agentic coding agents for work and they are getting better, but they still will regularly get stuck in a loop of running into a bug when running tests, attempting to fix the bug in a stupid way, still erroring, trying another stupid fix, trying the first stupid fix, and so on until a human intervenes. They may be patient (as long as you pay for more tokens), but they aren’t using their time wisely.
AI tends to use the “throw shit at the wall and see what sticks” approach. It’s getting better at writing maintainable code, but it still will generate more-or-less spaghetti code with random unused or deprecated variables, crazy unnecessary functions, poor organization, etc… and requires lots of testing before producing something functional. Which is fine in an environment where you can iterate and clean things up. But as an attack vector, if you need 58 attempts to fully realize a vulnerability, in most secure environments you’re going to get detected and blocked before you finish.
I don’t disagree on the current state. However, it’s not hard to foresee that attack tools will be developed that can maintain “attention” on an attack for days or weeks at a time with privately run agents. I’m sure they are out there already to some degree.
Cyber security in general is going to get interesting. Breaking into protected systems often requires more patience than expertise. Attackers often get detected when they take short cuts because of laziness and overconfidence. AI agents have unfathomable patience and attention to detail.l
I don’t really agree with the attention to detail part from my experience. AI agents love to take shortcuts from what I’ve seen, and you have to pay a lot of attention to what they’re doing to make sure they do the right thing.
AI will be good at scaning for known vulnerabilities, but patience and attention to detail? Not in my experience. I use agentic coding agents for work and they are getting better, but they still will regularly get stuck in a loop of running into a bug when running tests, attempting to fix the bug in a stupid way, still erroring, trying another stupid fix, trying the first stupid fix, and so on until a human intervenes. They may be patient (as long as you pay for more tokens), but they aren’t using their time wisely.
AI tends to use the “throw shit at the wall and see what sticks” approach. It’s getting better at writing maintainable code, but it still will generate more-or-less spaghetti code with random unused or deprecated variables, crazy unnecessary functions, poor organization, etc… and requires lots of testing before producing something functional. Which is fine in an environment where you can iterate and clean things up. But as an attack vector, if you need 58 attempts to fully realize a vulnerability, in most secure environments you’re going to get detected and blocked before you finish.
I don’t disagree on the current state. However, it’s not hard to foresee that attack tools will be developed that can maintain “attention” on an attack for days or weeks at a time with privately run agents. I’m sure they are out there already to some degree.
They have attention to detail, just not the right details. It’s super easy for them to get lost in a never ending train of tangents.