“Whatever exists, he said. Whatever in creation exists without my knowledge exists without my consent.”
— Judge Holden
I wake up each day to a world animated by about 3.5 million colorful pixels, full of stories and opinions and surprises engineered to harvest my time and distill it into a feature vector the attention economy can trade. It’s the renewed social contract cyberspace demands. It was not always like this. I’ve spent two decades in this garden of forking paths and, like Tsun, I act anyway and decisively, despite knowing that here every choice is also being unmade. It’s a labyrinth that doesn’t quite paralyze me because at its edges I still walk and hope that there is reward more so than punishment and that some fragment of what I carry might set this garden ablaze.
I’m thinking about software and what does it take to be a dexterous wielder of bits on a daily basis. Every piece of software that falls in — or rises from — my hands carries its builder’s blind spot. For several decades, the cost of finding a critical flaw in a piece of software and the cost of fixing one moved roughly the same, which is to say that both were slow and both required a form of expertise that was not easily acquired. And to some extent, both were confined to the same geometry of human cognitive bandwidth.
But that has changed. In my last piece, I promised more depth on what I called the find-fix asymmetry. If you understand this idea as much as I do, you’ll see why I’m calling this one the Wild Cyberwest.
Lately, in what almost seems like a rare recurring cosmic event I was meant to witness, various entities start warning us about the upcoming patch wave hitting any digitally present organization. “Artificial Intelligence, when used by sufficiently-skilled and knowledgeable individuals, is showing the ability to exploit this technical debt at scale and at pace across the technology ecosystem.” I think you can cross out that part about “skilled and knowledgeable individuals” entirely and the claim would still remain largely true. And that’s the whole point — while it takes skill to hack into Meta or Google, it doesn’t take much skill hacking into an SME or startup. This category lacks serious security because they simply don’t have the resources. And if you know any outfit with an IT department, it’s usually 1-3 people doing what — patch management? Password resets? Windows installs? Also, don’t pretend startups burning million-dollar Bay Area seed rounds are budgeting for security either.
Thus, the exploit velocity makes it so crucially unavoidable that AI-powered defense would emerge as a viable path forward. However, I’m skeptical (and so should you) because the narrative is shaped by the same cartel gatekeeping “better defense” behind an allow-list while the rest of us are told to wait. This deserves scrutiny.
Why despite better offense capabilities (AI-find) the defense capabilities (AI-fix) didn’t change much? And why do we expect fix to change as drastically as find? flyingpenguin had a great writeup on the cartel as a whole, but here’s the money quote:
Discovery is the easy part. The constraint on vulnerability management has been remediation for over a decade. Finding bugs faster without fixing them faster grows the backlog already growing beyond capacity. Anthropic’s own stated justification for Glasswing is defensive uplift, yet their system card measures zero remediation metrics. No patching velocity delta. No mean-time-to-remediation. No partner-reported CVE closure rate. A seasoned security leader would never build a defensive program and then measure offensive capability only, making remediation a second-class story. That is the kind of dog and pony show that any good security initiative would slam the door on. Or it’s like a surgeon telling you they have an even sharper scalpel to cut you deeper and faster. Yeah, so then what?
The “patch wave” will be full of extra bugs because they’ll use AI to patch and a percentage of that will mutate further. They sell both AI-find and AI-fix now, but neither is reliable — AI-find is bloated with false positives, and if you’re using AI-fix you can’t process thousands of lines of code for 3 hours straight at machine speed without becoming mentally numb. You’re outsourcing thinking to the machine hoping you won’t need to think, but you can’t avoid reading what it produced. So you end up thinking anyway. There will be an influx of companies shipping vibe-coded security products, though I’d expect much less of it here because the field is ruthless when it comes to punishing your mistakes. There are scanners, there were always scanners, there will be more scanners — just prepare for an interminable wave of false positives. Hacking groups will pivot to supply chain exploitation. If you’re a startup, you use these tools to buff security — or so you were promised — but you inevitably inherit the tool’s attack surface as your own. So the defense tool that sells itself has the hard job of solving the trust issue or end up facing this (or this) kind of signal dilution. Claude Security doesn’t help you as much as you think it does when “the exploit window is shrinking faster than patch cycles can compress.”
However, AI-find deserves some slack. Any person who cares about their craft will want to catch holes in their codebase. That’s a reasonable madness that leads to lowering the bar enough for false positives to escape the wrath. On the other hand, AI-fix is exactly the meme fuck around and find out. When you spend hours after hours consuming tokens instead of creating them, you will be facing a different kind of exhaustion. I’m coming at this from an AI background, forged by probability and statistics. I’m not a security person, but I’m not naive to it either. And I suspect the way I’m using these tools is probably different than how most people are, because I understand the machinery. That’s my bias, for what it’s worth.
The stage is set. Now watch it burn.
We somehow managed to conjure alien hackers who are all adept at exploiting what they were constitutionally incapable of not writing in the first place. Should you be concerned about AI hacking your bank account? Well, here comes Mr. Dario Amodei saying that, unless they are Chinese, these alien hackers are benign under his control. They are peaceful beings. They only have a silicon imperative that is sometimes in conflict with human morality. But what is that morality other than rules agreed upon? We’re at the height of willful ignorance. They exploit it guilelessly. Those were Rashid’s words, loosely, but they highly resemble any randomly sampled Anthropic publicity stunt, particularly the ones centered on Mythos.
You have to understand something, and given you’re reading this, you’ve probably lived it. You know those things you read about in books, understand abstractly, but can’t quite ground in anything concrete? Pandemics, for instance. During COVID-19, I was vaccinated four times and, like many, still got infected. To me that period was significant because I lived through a time when higher-order effects exposed political incompetence in a visceral way — people I cared about died or were on the verge of dying. What is a higher-order effect in this case? Well, not until the exponential curve had utterly neutralized the collective ignorance did you start to realize that your hospitals didn’t have enough beds. And that came with a set of consequences the nursing staff was not equipped to deal with, among the worst being a psychological collapse from spending way longer shifts surrounded by a state of perpetual decay.
The thing about an asymmetry this wide is that it does not stay locked inside expert hands anymore but gets commodified at a frightening pace. Let’s talk about the kids, the Zoomers. They have their own struggle, and seeing it is like distinguishing a different palette of gray. It’s like dancing naked in acid rain. But that instilled an exceptionally refined intuition for untangling the tech-mess of their day and age. Now, I am part of a transitional generation — I was born into a period of matriarchal hope that began shortly after we shot our dictator in a flurry of bullets. The collective consciousness of my parents, and, in general, of many parents at that time, was imbued with two ideas: my kid must know English and computers. That’s when Westernized ideas began to take hold of the country. So, without any surprise, I got very good at both. Web 2.0 had its own moments of fun. In high school, we had a Hungarian guy called Attila and had a lot of LAN parties at his place, and before that, there was a town library that had several computers being overly abused by high schoolers a few years older than me, which I discovered because I followed the shouts while looking for a book. Like most kids my age, we used to play games, it was that golden age of MMORPGs, games like Lineage II or Mu Online or World of Warcraft. Because of the environment, it was quite inevitable to poke around at things until they break. I would spend my weekends and summer vacations up all night talking to strangers I met online about how we could crash the server during the siege. So we, because we had priority queue — we had a very rich kid in our group who used to buy us access with the equivalent of $5 in today’s SIM cards — we just wanted to exploit that privilege. And we did, eventually finding certain regions in the game that had texture rendering bugs that would crash the entire server if a certain number of players were in that region. Kids these days are part of the American Diner Gothic — “the Internet dreamer forced to awaken in the wasteland of reality.” Arm the curious among them with AI and you will reap annihilation as they wreak havoc.
What are the higher-order effects of kids spinning up several AI agents from a phone, pointing them at a target, and curating the output between sips of espresso? Most will probably be environmental pests, but some will not. In a population of millions of teenagers armed with capabilities that were on a nation-state level a few years ago, any non-trivial fraction will end up doing things they didn’t intend, against undeserving targets, and in abandoned jurisdictions without pragmatic methods of prosecution. That’s the size of the Wild Cyberwest. The first to face fierceness are precisely places like your favorite café, your university library, city hall, railway operators, public transport, and the airport network. HoReCa will be hit by another pandemic. The historical analog is phone phreaking in the 1980s.
Climbing the ladder won’t be too difficult. We live in an age of large-scale cyberattacks on states. And who is better equipped to fool around out of curiosity than bright, zestful kids who get together on weekends and have fun? There’s no better place than cyberspace to be while you scream “fuck your racist borders.”
Lately, my X feed has been slowly collapsing into a dumpster fire full of exploits. It’s not a pretty sight. I sat down and started writing earlier this week, and a lot has happened so far. Probably the most significant event was an outburst by a small firm called Calif, which published the first public kernel memory corruption exploit against Apple’s Memory Integrity Enforcement on the M5 chip. Apple called MIE “unprecedented” and “the most significant memory security update in the history of consumer operating systems.” They spent several years building this defense, yet this small firm, along with Mythos, cracked it open in five days.
Now, as I close, it’s drizzling outside. I hear the rush of drops and sense the petrichor they’ve left in the air. Nature has a way of returning you to the size of the thing in front of you. Which leaves a smaller question than the one I started with. I firmly believe the gap is structural and it won’t close anytime soon, not this year anyway. So the question worth asking is, what is the smallest thing we can do, today, that does not require the gap to close before it works? And the list I could come up with is short. We have to patch what we can at an uncomfortably accelerating pace. We should treat every shipped line of code as surface that will be probed and tested by untiring swarms of agents. We must share what we find with unshakeable discipline. And lastly, we should devote any scrap of attention that the algorithmic Gods haven’t already harvested to things that, if found broken on a late midweek night, would make it harder for who knows how many to stay warm.