> If AI is capable of performing these attacks, what would stop AI from replacing the security engineers?

Because the threat model is one-sided - if an AI attack fails, the controller simply moves to the next target. If an AI defense fails, the victim is fucked.

Therefore, there is still value in being the human in Cyber Security (however you are supposed to capitalise that!)

There are still protections and mitigations that targets can do, but those things require humans. The things that attackers can do require no humans in the loop.

Red team has to be lucky once, blue team has to be perfect. How many places take red teaming seriously now?

Compare how fast real attackers could iterate vs the defenders.

The more I use AI and my workplace buys into it, the more I’m doing person to person work in a security context.

They're not and they won't. I'm from genx and have a background in infosec. I don't agree that AI is the cause of this sudden surge in activity or if this is even a sudden surge. This stuff was always occurring if you were paying attention. It just making the mainstream news now.

Geopolitics is the cause of the recent uptick in activity. Many of these groups are state sponsored or just fronts for nation-states themselves. genAI just makes it easier for people further down the chain to go after low hanging fruit.

The most significant impact genAI is having on infosec is creating work for those people in infosec through vibe coding and turning untested AI systems loose on internal networks. genAI just lets developers and admins shoot themselves in the foot faster. genAI is an artificial intern.

LLM-based software is just another layer to be hacked.