Just because it’s used everywhere doesn’t mean that we just have to accept it. Also doesn’t mean that AI is a good thing.
I think AI can be used as an (additional!) cyber security analysis tool, that’s honestly the only area in which it seems to be actually useful. And most projects don’t reach the size in which spotting security risks spanning across many different modules is a relevant skill to have. So it should be used sparingly, on things like the linux kernel. Then the cost of it might even be worth it (but I also don’t want to know about the amount of hallucinated bugs it finds).
And I want to add: even LLMs can identify cybersecurity risks, doesn’t mean they are good at cybersecurity. They’re probably just as bad as in any other area. Also questionable if the actual positives outweigh the labor required to find all the false-positives.
Just because it’s used everywhere doesn’t mean that we just have to accept it. Also doesn’t mean that AI is a good thing.
I think AI can be used as an (additional!) cyber security analysis tool, that’s honestly the only area in which it seems to be actually useful. And most projects don’t reach the size in which spotting security risks spanning across many different modules is a relevant skill to have. So it should be used sparingly, on things like the linux kernel. Then the cost of it might even be worth it (but I also don’t want to know about the amount of hallucinated bugs it finds).
And I want to add: even LLMs can identify cybersecurity risks, doesn’t mean they are good at cybersecurity. They’re probably just as bad as in any other area. Also questionable if the actual positives outweigh the labor required to find all the false-positives.