alt Hacker News> I'm assuming it has maintainers (they play the role of defenders).
A maintainer has a full-time job: to develop software. A maintainer who is also a defender has two full-time jobs, and as we all know in such a case one of these jobs will have to be done poorly, and we all know which one that is.
On the other side there’s an attacker with a singular job and a strong incentive to do it well.
> LLMs help them more than they help the attackers, because the attackers are already security experts.
The supposed logic is that an LLM multiplies your skill. If the multiplier is 5, and your attacking skill is 1 before the multiplication, then you get 5 after; if your attacking skill is alreaady at 10, you get 50. You could argue that LLMs are not good enough to act as multipliers, and then my math won’t work.
> A maintainer has a full-time job: to develop software. A maintainer who is also a defender has two full-time jobs,
I don't think so. This is already the situation. Maintainers already fix vulnerabilities when they know about them.
> On the other side there’s an attacker with a singular job and a strong incentive to do it well.
If the situation is that the attacker is focusing on a single project, the attacker will win, as they do already. But the attackers usually need to split their attention over lots of projects.
> The supposed logic is that an LLM multiplies your skill
I don't agree with that logic. Agents bring knowledge with them. That's not a multiplier. Compare how well a 12 year old can do compared to a Roman history professor on questions about Roman history when they both can use an LLM or when they both can't. The LLM will shrink the gap, not increase it.