ujval

Banning Mythos represents a basic misunderstanding of AI cybersecurity The evidence we have now points to defenders currently benefiting more from frontier models than attackers. Every security professional within any large, complex organization knows they are sitting on a mountain of security technical debt they are not resourced to dig out of, and is not surprised when penetration testers reliably make it through their defenses. Defenders are deeply, deeply bottlenecked by labor. Attackers, who already have the advantage, have less comparative advantage to rush to AI adoption. While new zero-days can be of incremental help, they have reliable TTPs today, which is why today's AI capabilities haven't generated a discontinuous surge in attacks. The hope of frontier AI is that it could finally resource defenders in a way that's commensurate with the size of their sand hill of security tech debt; for every human security engineer we might eventually field a hundred agents that find and fix bugs in code, identify misconfigurations and exposures, work alongside people to remediate them, and in time remediate them autonomously, finally reversing or equalizing the attacker/defender asymmetry. Of course, realizing this will take an enormous amount of innovation from the security community itself, including from security engineers inside the thousands of CISO organizations around the world, the open source enthusiasts and the pink-haired attendees of defcon, the graduate students and professors publishing in this area, etc.; these folks need open access to great models. I don't think what I'm saying is controversial to hands-on security folks who've lived through similar dual-use regulation pushes around crypto and pen-testing tools. So how did we get here? I think one reason is the makeup of the AI policy conversation. I've moonlighted in AI security policy meetings since ChatGPT shipped in 2022, and have observed an ecosystem of character types: There is the sharp Georgetown grad who works for a national security think tank in Washington; the frontier-lab AI safety constituency, focused on the coarse-grained claim that scaling laws will deliver catastrophic cyber capabilities; the AI luminary, whose deep fluency in machine learning buys a currency that licenses them to opine on cybersecurity despite having thought very little about it and holding only a toy model of how the domain works. I'm friends with many of these folks and they're brilliant. But there are too few people -- who I admire deeply -- who carry real cybersecurity backgrounds into these conversations, and who, predictably, tend to treat most of what I have said above as obvious. We need to inject far more people with deep, practical cybersecurity backgrounds into the spaces where the framings and metaphors get set.

I think this goes both ways. You can acknowledge that the precedent here is not good and still call out the naivety that invited it Anthropic, of all companies, should have foreseen that loudly branding its model a natsec-grade cyber weapon while actively courting this administration would hand it a straightforward rationale to move against them. This admin in particular has already shown, repeatedly, the inclination to act opaquely and arbitrarily. Anthropic itself experienced that firsthand with the supply chain risk designation (but apparently took no lesson from it). People are right not to let that level of naivety slide