alt Hacker NewsAs part of my work in technical diligence, I create medium-long form content marketing material on topics germane to PE investment in tech. In the last six months I did a series (not yet published) on the state of security in the age of gen-AI.
Basically, we are entering the ransomware apocalypse. It is insane what a godsend gen-AI has been to the cybercrime sector. When all you need to do is make something good enough to fool some of the people some of the time, genAI is perfect.
Things that used to work reliably - like trusting google ads or sponsored links not to be malvertizing sites - are meaningless now that gangs can trivially spin up networks of thousands of fake interacting sites and linked profiles to sneak by fraud detection. Phishing attacks are ridiculously sophisticated, combining voice, text, and video impersonation. Supply chain attacks are going to mean package managers are handgrenades. Ransomware gangs are running full on SaSS services allowing script kiddies access to big gun material. Attacks that were previously only in reach of nation-state-sponsored actors are now available for peanuts. And all of this is going to worse because of everyone and their dog using gen-AI to pump out huge amounts of vulnerable code. And then there is the world of prompt engineering for data exfiltration...
If you are young and wanting a promising trade in tech, security would absolutely be a good choice. Shit is going to get CRAZY.
Replies
> If you are young and wanting a promising trade in tech, security would absolutely be a good choice.
If AI is capable of performing these attacks, what would stop AI from replacing the security engineers?
Oh, we're back to not being able to trust Google Ads again?
I recall there being Malvertising campaign problems ~12-15 years ago or so, and then they seemed to get on top of it.
This just seems like the result is people are going to be driven off the internet. It will simply not be safe for the layperson.
> If you are young and wanting a promising trade in tech, security would absolutely be a good choice. Shit is going to get CRAZY.
Yes, but you can't be a CISSP or SOC monkey - that has no future.
You need to be an actual Software Engineer who understands development fundamentals, OS internals, web dev fundamentals, algorithms, etc as well as offensive and defensive concepts.
To many "cybersecurity" graduates in North America aren't even qualified to do L1 IT Helpdesk, which is a shame because the IT to Security talent pipeline is critical (along with the SRE, SWE, and ML to security pipeline).
I get amused that people don't realize that genAI is an existential threat to the internet and everything that has been built on it.
1) One can no longer trust things out on the web. 2) One no longer needs things out on the web.
For 1), I hope the defense mechanism kicks in time to bake security into our computing culture and pervades throughout the stack.