Schneier on AI-Assisted Vulnerability Discovery Hits Tipping Point
What Happened
Schneier reviews data from Google's OSS-Fuzz, Anthropic's automated security review, and academic projects showing AI systems now account for the majority of disclosed open-source vulnerabilities. He argues this helps defenders more than attackers in the short term because patch cycles compress, but warns the long-term equilibrium depends on who gets access to the most capable models.
My Take
This is the security story of the year and most boards still don't see it coming. If you run a software business, your unpatched N-day exposure window is about to shrink from weeks to hours, which is great — but so is the attacker's zero-day discovery rate on your proprietary code. The pragmatic move is to run your own AI-powered code review internally, continuously, before someone else does. "We'll get to it next quarter" is now an unacceptable security posture.
Read Original Source