Sign up to save your podcasts
Or
Share "The primary sources of near-term cybersecurity risk" by lc
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
"The primary sources of near-term cybersecurity risk" by lc
[Some ideas here were developed in conversation with Chris Hacking (real name)]
I have tried and failed to write a longer post many times, so here goes a short one with little detail.
Discourse has primarily focused on models' ability to develop new exploits against important software from scratch. That capability is impressive, but the tech industry has been dealing with people regularly finding 0-day exploits for important pieces of software for more than twenty years. Having to patch these vulnerabilities at a 10xed or even 100xed cadence for six months is annoying, but well within the resources of Mozilla, the Linux Foundation, and Microsoft. Additionally, the lag time between "patch shipped" and "patch reverse engineered and weaponized by a criminal organization" was longer than the cadence between high-severity CVEs for this software anyways. And importantly, such capabilities are dual sided; the defenders will have access to them and
There are lots of capabilities that are not like this, however:
I have tried and failed to write a longer post many times, so here goes a short one with little detail.
Discourse has primarily focused on models' ability to develop new exploits against important software from scratch. That capability is impressive, but the tech industry has been dealing with people regularly finding 0-day exploits for important pieces of software for more than twenty years. Having to patch these vulnerabilities at a 10xed or even 100xed cadence for six months is annoying, but well within the resources of Mozilla, the Linux Foundation, and Microsoft. Additionally, the lag time between "patch shipped" and "patch reverse engineered and weaponized by a criminal organization" was longer than the cadence between high-severity CVEs for this software anyways. And importantly, such capabilities are dual sided; the defenders will have access to them and
There are lots of capabilities that are not like this, however:
- Weaponizing recently patched exploits for common software. Right now, for widely used C projects, we get enough publicly disclosed vulnerabilities to develop exploits with. Every amateur computer hacker has the experience of seeing a CVE for a [...]
First published:
May 14th, 2026
Source:
https://www.lesswrong.com/posts/gutiw8MBrYDiD2u5z/the-primary-sources-of-near-term-cybersecurity-risk
---
Narrated by TYPE III AUDIO.
View all episodes
By LessWrong
4.8
1212 ratings
[Some ideas here were developed in conversation with Chris Hacking (real name)]
I have tried and failed to write a longer post many times, so here goes a short one with little detail.
Discourse has primarily focused on models' ability to develop new exploits against important software from scratch. That capability is impressive, but the tech industry has been dealing with people regularly finding 0-day exploits for important pieces of software for more than twenty years. Having to patch these vulnerabilities at a 10xed or even 100xed cadence for six months is annoying, but well within the resources of Mozilla, the Linux Foundation, and Microsoft. Additionally, the lag time between "patch shipped" and "patch reverse engineered and weaponized by a criminal organization" was longer than the cadence between high-severity CVEs for this software anyways. And importantly, such capabilities are dual sided; the defenders will have access to them and
There are lots of capabilities that are not like this, however:
I have tried and failed to write a longer post many times, so here goes a short one with little detail.
Discourse has primarily focused on models' ability to develop new exploits against important software from scratch. That capability is impressive, but the tech industry has been dealing with people regularly finding 0-day exploits for important pieces of software for more than twenty years. Having to patch these vulnerabilities at a 10xed or even 100xed cadence for six months is annoying, but well within the resources of Mozilla, the Linux Foundation, and Microsoft. Additionally, the lag time between "patch shipped" and "patch reverse engineered and weaponized by a criminal organization" was longer than the cadence between high-severity CVEs for this software anyways. And importantly, such capabilities are dual sided; the defenders will have access to them and
There are lots of capabilities that are not like this, however:
- Weaponizing recently patched exploits for common software. Right now, for widely used C projects, we get enough publicly disclosed vulnerabilities to develop exploits with. Every amateur computer hacker has the experience of seeing a CVE for a [...]
First published:
May 14th, 2026
Source:
https://www.lesswrong.com/posts/gutiw8MBrYDiD2u5z/the-primary-sources-of-near-term-cybersecurity-risk
---
Narrated by TYPE III AUDIO.
More shows like LessWrong (Curated & Popular)
View all
Macro Voices
3,072 Listeners
Odd Lots
1,993 Listeners
EconTalk
4,270 Listeners
Conversations with Tyler
2,461 Listeners
Philosophy Bites
1,532 Listeners
ChinaTalk
291 Listeners
ManifoldOne
97 Listeners
Machine Learning Street Talk (MLST)
101 Listeners
Dwarkesh Podcast
551 Listeners
Clearer Thinking with Spencer Greenberg
137 Listeners
Razib Khan's Unsupervised Learning
208 Listeners
"Econ 102" with Noah Smith and Erik Torenberg
147 Listeners
Money Stuff: The Podcast
403 Listeners
Complex Systems with Patrick McKenzie (patio11)
143 Listeners
The Marginal Revolution Podcast
91 Listeners