"AI is giving attackers a huge advantage!"
-
@cR0w @jackryder Asbestos in brake pads and lead in paint did improve the product though. If they weren't so horriffic to human health, we would still be using them. Conversely, I've yet to see an instance where AI has actually improved anything. At best it lets people who are mediocre at their jobs output a higher quantity of mediocre work.
I'm extremely good at what I do - belonging to that mythical home computer generation that started programming in ASM and never stopped learning how _everything_ works. To no one's surprise I'm thus working in cybersec today, partly as an ethical hacker focusing on hw/fw exploits at the really tricky low level stuff.
A few days ago I tested, for fun, having Mistral AI's Devstral-2 model do an analysis of a firmware dump of an eMMC I had just extracted from a fully proprietary ARM-based IoT device.
In a minute or so it had made the same conclusions as I would myself, nicely documented, on not just standard partitions and what they contained but also the fully custom stuff with no standard markers at all - including making "educated guesses" at the likely boundaries between headers and data, and what the data could be based on number of bits/bytes and entropy.
The question is whether you will now consider me to be mediocre.
-
I'm extremely good at what I do - belonging to that mythical home computer generation that started programming in ASM and never stopped learning how _everything_ works. To no one's surprise I'm thus working in cybersec today, partly as an ethical hacker focusing on hw/fw exploits at the really tricky low level stuff.
A few days ago I tested, for fun, having Mistral AI's Devstral-2 model do an analysis of a firmware dump of an eMMC I had just extracted from a fully proprietary ARM-based IoT device.
In a minute or so it had made the same conclusions as I would myself, nicely documented, on not just standard partitions and what they contained but also the fully custom stuff with no standard markers at all - including making "educated guesses" at the likely boundaries between headers and data, and what the data could be based on number of bits/bytes and entropy.
The question is whether you will now consider me to be mediocre.
@troed @cR0w @jackryder No, you're looking for a fight.
What's that thing Socrates said? "I may be the smartest man alive because I know I don't know anything at all"Be humble bro.
-
@rootwyrm @cR0w @jackryder God dammit. This is the worst fucking timeline.
@Mustardfacial @cR0w @jackryder as a subscriber to multiversal theory, I sometimes joke:
Three dimensions over, scientists are debating whether it was ethically right to kill Hitler in the cradle.
Two dimensions over has a supersoldier that punches Nazis into other dimensions.
One dimension over, scientists are debating the ethics of exiling young HIitler to another dimension.
And over here we're going 'where the fuck are all these Hitlers coming from!?' -
@troed @cR0w @jackryder No, you're looking for a fight.
What's that thing Socrates said? "I may be the smartest man alive because I know I don't know anything at all"Be humble bro.
I think the problem is with the "criti-hypes"* who believe they know better than everybody else (those "mediocres" of the world).
*) from https://pluralistic.net/2026/03/12/normal-technology/#bubble-exceptionalism
-
"AI is giving attackers a huge advantage!"
"Yes, it is. It's amazing how quickly it has destroyed dev, sec, ops, management, company missions and priorities, regulations, information literacy, and civil society, making everyone more vulnerable."
@cR0w And even Western gov's are taking decisions using AI-powered chatbots that got trained with data up to the 90's it seems.
-
I think the problem is with the "criti-hypes"* who believe they know better than everybody else (those "mediocres" of the world).
*) from https://pluralistic.net/2026/03/12/normal-technology/#bubble-exceptionalism
@troed @Mustardfacial @jackryder Damn, I already blocked that domain.
-
I think the problem is with the "criti-hypes"* who believe they know better than everybody else (those "mediocres" of the world).
*) from https://pluralistic.net/2026/03/12/normal-technology/#bubble-exceptionalism
-
-
"AI is giving attackers a huge advantage!"
"Yes, it is. It's amazing how quickly it has destroyed dev, sec, ops, management, company missions and priorities, regulations, information literacy, and civil society, making everyone more vulnerable."
@cR0w 2026 Cybersecurity Priority List (according to LinkedIn)
AI
AI for Security
AI Security for AI
Agentic SOC
AI-SPM
CNAPP
CWPP
CSPM
CIEM
KSPM
DSPM
ASPM
.
.
.
Patch your shit
The fucking basics -
@cR0w 2026 Cybersecurity Priority List (according to LinkedIn)
AI
AI for Security
AI Security for AI
Agentic SOC
AI-SPM
CNAPP
CWPP
CSPM
CIEM
KSPM
DSPM
ASPM
.
.
.
Patch your shit
The fucking basics@badsamurai Is asset inventory covered in "the fucking basics" or is it further down?
-
@badsamurai Is asset inventory covered in "the fucking basics" or is it further down?
@cR0w I almost added but I think I blacked out
-
@cR0w I almost added but I think I blacked out
@badsamurai @cR0w It’s absolutely mind-numbing to me, the orgs I encounter who don’t have a god damn asset inventory.
-
@badsamurai @cR0w It’s absolutely mind-numbing to me, the orgs I encounter who don’t have a god damn asset inventory.
-
@badsamurai Is asset inventory covered in "the fucking basics" or is it further down?
@cR0w @badsamurai Asset inventory is covered in "the fucking basics" for system administration, let alone cybersecurity.
-
@badsamurai @cR0w It’s absolutely mind-numbing to me, the orgs I encounter who don’t have a god damn asset inventory.
@scottwilson @badsamurai @cR0w I'll add another caveat: It's mindnumbing the number of orgs that want a pentest but don't have an inventory.
-
@cR0w @badsamurai Asset inventory is covered in "the fucking basics" for system administration, let alone cybersecurity.
@Mustardfacial @badsamurai Right but I was curious on the LinkedIn take on it.
-
@scottwilson @badsamurai @cR0w I'll add another caveat: It's mindnumbing the number of orgs that want a pentest but don't have an inventory.
-
@cR0w @badsamurai Asset inventory is covered in "the fucking basics" for system administration, let alone cybersecurity.
@Mustardfacial @cR0w right. Forget security—how do orgs even do change management without a CMDB (which is unarguably smaller and more targeted than “asset”).
-
"AI is giving attackers a huge advantage!"
"Yes, it is. It's amazing how quickly it has destroyed dev, sec, ops, management, company missions and priorities, regulations, information literacy, and civil society, making everyone more vulnerable."
@cR0w The new insider threat
-
@cR0w The new insider threat
@krypt3ia A lot of us have gotten no traction in that framing of it though.
