When ChatGPT dropped more than three and a half years ago, there was a gasp of excitement from many, while for others, there was a healthy dose of trepidation. Most alarmingly, the release raised concerns over loss of control—the risk that an AI system diverges from its authorized constraints. An open letter called on AI labs to pause “giant AI experiments.” National security experts emphasized the importance of catalyzing security in AI governance, warning that a lack of governance could lead to a number of scenarios, all the way to loss of control. For many in the cybersecurity community, top concerns centered around the cybersecurity of the AI labs and the models themselves, as well as AI’s potential applications in offensive and defensive security.
This spring Mythos, Project Glasswing, and similar programs generated another gasp, again raising concerns over national security, cybersecurity, and loss of control. Of course, the fact that AI model capabilities have continued to expand should come as no surprise. Yet for a number of reasons, including a lack of meaningful incentives that encourage building in security from the outset, we have been too slow or too disconnected as a community to adequately prepare. There are several steps we can take to avoid an ongoing cycle of hyperventilation, including leveraging the cybersecurity community’s decades of expertise and experience and being honest about what has—and has not—worked, and acknowledging known unknowns, like just how bad our legacy technical debt is and how we can overcome it.
First, we should take stock of what we know. When it comes to defending against cybersecurity risks posed by these models’ offensive capabilities, we actually collectively know a lot. By leveraging existing tools, processes, and relationships, the security community has already produced actionable guidance like Building a “Mythos-ready” Security Program, which builds on the Cyber Security Framework and other proven resources. We cannot afford to pause or slow the pace on these important efforts, but we are certainly not starting from scratch.
We also know that many frontier labs are aware that their models pose significant cybersecurity risks, and are actively exploring ways to address these risks, including through programs like Glasswing. Governments are likewise evaluating voluntary and regulatory approaches to manage the risks presented by these models–which will never be less capable than they are now. Europe’s AI Act establishes a regulatory framework with mandatory rules for AI production and deployment. And in the United States, a recent Executive Order prioritizes vulnerability discovery, validation, and remediation through a voluntary approach.
Yet we also know that while we understand what to do to manage the rapid pace of cybersecurity risk, actually executing it is the hard part. It is well established that many organizations lack the defenses we already know are effective–whether because they lack the skills to do so, the resources, or, most troublingly, both. Put simply, “patch and patch faster” is not working, and even with the recent Executive Order on Promoting Advanced AI Innovation and Security, little has changed to alter that reality. Fear, uncertainty, and doubt (FUD) are terrible incentives for driving adoption of cybersecurity best practices—unless, of course, you happen to be a regulated entity!
Which brings us to what we don’t know, which we need to be clear-eyed about. For the “cannots,” those who may not know that they need to act, how to do it, or how to pay for it, we lack a clear picture of how big the problem actually is.
What exactly is “the problem” here? There are several, including how we plan to scale and fund the long road ahead for the cyber “have nots.” An even bigger problem we face is one of legacy technology. Across economies large and small, state, local, tribal, and territorial governments, small and medium-sized enterprises, and some critical infrastructure sectors, we know many of them run software that is beyond end of life or rapidly approaching it. We don’t know exactly which software, nor do we know which sectors are most vulnerable. Some organizations may be able to manage for a period of time by staying disconnected from the internet—a temporary, compensating control if we learn that they are vulnerable but no patch exists or deploying it would result in a worse outcome. But we don’t know which organizations can disconnect, or for how long.
We also do not yet have a plan to disseminate results from early vulnerability previews, nor how to best equip the broad spectrum of organizations who will be granted access to them. If an organization already struggles to patch quickly, handing them a longer vulnerability list isn’t an automatic fix. Prioritization is key, but how should that organization prioritize or respond when attackers can chain multiple vulnerabilities together? In a recent webinar, my colleagues highlighted that our vulnerability management infrastructure, including the CVE program, is also lagging behind the threat.
Where does this leave us? For one, it gives us all a place to focus our collective energies. But we already knew that. What we also desperately need now is a candid conversation about the right mix of incentives, not only to prevent history from repeating itself as we get hit with the latest wave of “AI slop” software, but also to build and implement near-term compensating controls that help us mitigate and eventually clean up our technical debt, so that we leave a legacy we can all be proud of.
Megan Stifel has worked at the intersection of national security, law, and technology for more than two decades. She is currently the Chief Strategy Officer at the Institute for Security and Technology, where she also serves as Executive Director of the Ransomware Task Force. Megan previously served as a Director for International Cyber Policy at the National Security Council and in the US Department of Justice as Director for Cyber Policy in the National Security Division, as well as in the Criminal Division’s Computer Crime and Intellectual Property Section. She also worked for the US House of Representatives Permanent Select Committee on Intelligence. Megan is a Member of the Aspen Global Leadership Network and a Fellow at the National Security Institute.