Security Experts: AI Hacking Tools Help Defenders More Than Attackers
What Happened
Schneier examined Anthropic's restricted "Mythos" model and a UK AI Security Institute finding that OpenAI's GPT-5.5 performs comparably at detecting security flaws. He concludes the dual-use technology favors defenders long-term: attackers exploit individual bugs, but defenders can systematically scan and patch entire codebases. He extends the argument to spotting tax loopholes and regulatory gaps.
My Take
The instinct is to panic — "AI can find vulnerabilities!" — but Schneier's reframe is the one executives should internalize. Offense gets one shot per bug; defense gets to run the scanner across everything it owns, continuously. AI tilts that asymmetry toward whoever has the most to protect. The practical takeaway: if your security team isn't already running AI vulnerability scanning against your own code, your competitors' attackers will. This becomes table-stakes audit practice by year-end, not a nice-to-have.
Read Original Source