Niels Provos on why you don't need a frontier model to find zero days, why the Vulnpocalypse is overstated, and how security invariants change the game.

Description

Niels Provos has spent twenty-five years in security, from writing bcrypt to running security at Google and Stripe, and he came on to push back on the panic around AI and vulnerabilities. He explains why finding zero days is an orchestration problem rather than a frontier-model problem, using his Iron Curtain runtime and an open-weight model to surface net-new bugs for the cost of a cheap scan. We get into security invariants and egress control, why remediation is the real bottleneck, why AI coding tools ignore the security abstractions you build, and why someone this technical keeps coming back to incentives over technology.

Key takeaways

• You don't need a frontier model to find zero days. Niels used his Iron Curtain runtime and an open-weight model to surface net-new vulnerabilities, which is why he calls this an orchestration problem rather than a frontier-model problem.
• The Vulnpocalypse framing is overstated. Companies already sit on more vulnerabilities than they can manage, so more findings do not fundamentally change the picture, and the catchy panic mostly drives engagement.
• Security invariants beat patching one bug at a time. An invariant is an infrastructure guarantee enforced without ongoing human judgment, which makes entire classes of vulnerabilities irrelevant instead of chasing each one.
• Egress control is the canonical example. If a production service can only reach a few known domains, most vulnerabilities never get to fetch a second-stage payload, so the exploit chain stalls.
• The log4j story shows why it matters. As head of security at Stripe, egress control meant the malicious download could not execute, so the team had room to patch calmly instead of fighting an emergency.
• Remediation, not discovery, is the harder problem. The quality bar of not breaking working code in production is what keeps fixing slow, and AI has not solved that yet even as it makes finding cheap.
• AI coding tools ignore the security abstractions you build. When Niels asked Claude to add an endpoint to a carefully structured project, it bypassed his abstractions and wrote raw code, which is why frameworks need to be secure by default.
• The harness is the moat. A finite state machine that decomposes vulnerability finding into stages, each with a fresh context and a tight prompt, gets reliable results from weaker models that otherwise lose the plot.
• It is the incentives, not the technology. Companies do just enough security to avoid looking negligent, so without accountability shifting through something like Europe's NIS2, better tooling alone will not change outcomes.
• Open source maintainers need to be empowered. They often cannot afford the latest models or the tokens to run them, yet everyone builds on their free work, so helping them fix vulnerabilities has the broadest payoff in the ecosystem.