nethoxa

The Iranian navy, which has been destroyed eight times, has apparently closed the Strait of Hormuz again, because the United States, for the seventh time, won the war that wasn’t a war, so now the United States has to open the Strait of Hormuz that was already open before the not-war began. The not-war began because Iran had uranium that was totally, completely, beautifully obliterated, so they can’t build the nuclear bomb they weren’t building, which is why the United States had to start the not-war it definitely didn’t start. Now the United States, which has nuclear weapons, is threatening to use nuclear weapons to stop Iran from getting nuclear weapons, because nuclear weapons are far too dangerous for countries with nuclear weapons to allow other countries to have. If the United States saw the United States doing what the United States does in other countries, the United States would invade the United States to liberate the United States from the tyranny of the United States.

This article gives a good glimpse into the future Security with LLMs is not just about "finding 0days". LLMs give attackers new capabilities. PROMPTSPY is a good example: an AI-enabled backdoor that can interpret context and decide follow-on actions A lot of people say security researchers will have less work. Looking at how fast attackers are adapting to LLMs, the opposite could happen

You can’t have a lasting competitive advantage if LLMs are in your critical cognitive path. Whatever you do will be at best limited to the same capabilities and constraints as what everyone else is doing. You’ll find the same bugs as everyone else, build the nth clone of the same app, trade using the same strategy. Using an llm while keeping it out of the critical path isn’t easy. If your bug leads are LLM generated — you will be constrained by the bugs that can be found by LLMs. No amount of prompting or composition will give you more than a small margin over your competitors that tends to collapse to zero. If all your code is LLM generated you are constraining your product to the universe of code LLMs can write — which is the same code your competitors can easily write. Even adding human input and review doesn’t necessarily change the picture. No amount of context, human generated hints, or iteration, can force a model to produce something that diverges too much from it’s training data. The cost of doing something through an LLM scales exponentially as you move further away from sample. That’s not something the next model will fix. **It’s a mathematical necessity** Past a certain level of novelty making the model do the work requires more human mental work than just doing it yourself. But you take a long time to notice it, because the LLMs nudges you back to doing what it’s good at. For coding it just keeps writing something that isn’t exactly what you asked and you keep telling yourself it’s close enough. For finding bugs the cost shows up as not finding the bugs as the model keeps looking for typical vulnerabilities. For s bug hunter it means spending compute without revenue. For a protocol it can mean getting rekt. You have a brain evolved over millions of years with priors that match the real world in a way a statistical model of text cant. Your brain can legitimately extrapolate beyond what others thought in the past in a way that is impossible **even for an LLM with arbitrarily large compute power** Use it.