The sad thing here is not only that pretty much even the tiniest state actor or determined private baddie can now with impunity devise zero-day attacks, but that the defense infrastructure is just not there.
My guess is that every single zero-day patch still requires a colossal engineering and coordination effort to roll out (we'll see how that works out for routers, and whether, e.g., chrome users will become fed up to update their browsers) going forward.
We'd have to work much harder on the supply chain issues, making sure all, including obscure, dependencies are more tightly locked down than before across the entire surface areas of products.
In other words, the LLMs help much more with offense than defense right now. I don't know how to change it now, or how to have avoided it in the first place. This herd has left the stable. Or the Pandora's box has been opened.
The sad thing here is not only that pretty much even the tiniest state actor or determined private baddie can now with impunity devise zero-day attacks, but that the defense infrastructure is just not there.
My guess is that every single zero-day patch still requires a colossal engineering and coordination effort to roll out (we'll see how that works out for routers, and whether, e.g., chrome users will become fed up to update their browsers) going forward.
We'd have to work much harder on the supply chain issues, making sure all, including obscure, dependencies are more tightly locked down than before across the entire surface areas of products.
In other words, the LLMs help much more with offense than defense right now. I don't know how to change it now, or how to have avoided it in the first place. This herd has left the stable. Or the Pandora's box has been opened.