This post did not contain any content.

Reply to This post did not contain any content. on Wed, 29 Apr 2026 16:51:37 GMT

beyondmachines1@infosec.exchange — Wed, 29 Apr 2026 16:51:37 GMT

@cR0w your argument assumes full discipline and coverage of the risk assessment.

Wildly optimistic, given that most breaches still boil down to basics like credentials, human factor and misconfigurations.

No horse in the AI race. Just saying the reality is far from "should be everyone at this point"

Reply to This post did not contain any content. on Wed, 29 Apr 2026 16:35:21 GMT

cr0w@infosec.exchange — Wed, 29 Apr 2026 16:35:21 GMT

@DemonHouser If an AI system inadvertently blocks a critical system in my world, really bad things can happen. And if they do, who is accountable? A human making a human mistake is held accountable. An AI system making a "mistake" is just "lol, whoops, it's still learning" and no one is held accountable.

Also, I dislike how now that modern AI has been proven to be hot garbage people are using traditional ML as a counterpoint. They are not the same despite the overlap in their usage.

Reply to This post did not contain any content. on Wed, 29 Apr 2026 16:33:42 GMT

demonhouser@kind.social — Wed, 29 Apr 2026 16:33:42 GMT

@cR0w this also doesn't consider user feelings, because false positives are definitely more likely if using an AI or machine learning element, but I tend to err on the side of false positives fine, false negatives bad no matter the impact.

Again, this is not apologetics for how garbage and damaging AI companies are, because they are very much both of those things, but from a pure performance and security standpoint, structured, layered use of AI to detect and block intrusions can work fine.

Reply to This post did not contain any content. on Wed, 29 Apr 2026 16:32:57 GMT

chillybot@infosec.exchange — Wed, 29 Apr 2026 16:32:57 GMT

@cR0w
1000%. AI favors the defenders my moopsy robot ass. For red teaming just kinda working is good enough blue team doesn't have those luxuries. And that's not even including the attack surface of AI itself

Reply to This post did not contain any content. on Wed, 29 Apr 2026 16:30:27 GMT

demonhouser@kind.social — Wed, 29 Apr 2026 16:30:27 GMT

@cR0w I actually disagree on this one, with a caveat.

If the AI is only allowed to block, not allow, and is part of a layered system that includes traditional safeties, then there is no practical harm in adding AI to a toolset (AI is bad morally, but that's not my point here).

Machine learning has been used to detect IoC's for a while now, I know SentinelOne was announcing that capability around 2019 (the MSP I worked for used them so I got their newsletter).

1/2

Reply to This post did not contain any content. on Wed, 29 Apr 2026 16:11:13 GMT

azuaron@cyberpunk.lol — Wed, 29 Apr 2026 16:11:13 GMT

@cR0w Blue Team practically working for Red Team.

Reply to This post did not contain any content. on Wed, 29 Apr 2026 15:54:54 GMT

cr0w@infosec.exchange — Wed, 29 Apr 2026 15:54:54 GMT

@nyanbinary Tippy top. Highest risk to the org.

Reply to This post did not contain any content. on Wed, 29 Apr 2026 15:53:24 GMT

cr0w@infosec.exchange — Wed, 29 Apr 2026 15:53:24 GMT

@loke Attackers only need to succeed once for initial access but defenders only need to be right once to mitigate after initial access. Those cute little bugs being found by the multi billion dollar AI systems do not imply any legitimate offensive capabilities.

Reply to This post did not contain any content. on Wed, 29 Apr 2026 15:51:31 GMT

cr0w@infosec.exchange — Wed, 29 Apr 2026 15:51:31 GMT

@alerikaisattera Is there another term for people using AI if they aren't required to?

Reply to This post did not contain any content. on Wed, 29 Apr 2026 15:51:09 GMT

cr0w@infosec.exchange — Wed, 29 Apr 2026 15:51:09 GMT

@kirby It may be common on fedi but it certainly isn't common in my experience in industry. I'm surrounded by AI-enabled attacker pearl clutchers and tech bros promising to save the world with their AI SOC magic beans.

Reply to This post did not contain any content. on Wed, 29 Apr 2026 15:49:53 GMT

cr0w@infosec.exchange — Wed, 29 Apr 2026 15:49:53 GMT

@beyondmachines1 AI tools used by attackers has not materially impacted capabilities beyond scope and scale, but that does not change the likelihood of occurrence or the severity of impact to orgs who were already modeling their risk based on the state of the art threats, which should be everyone at this point. Defenders relying on nondeterministic and unaccountable systems are inevitable going to miss things due to the way existing AI tools work.

Reply to This post did not contain any content. on Wed, 29 Apr 2026 15:47:57 GMT

bakachu@infosec.exchange — Wed, 29 Apr 2026 15:47:57 GMT

@cR0w true, i speak under the influence of bias and exhaustion

Reply to This post did not contain any content. on Wed, 29 Apr 2026 15:47:17 GMT

cr0w@infosec.exchange — Wed, 29 Apr 2026 15:47:17 GMT

@bakachu Maybe. It depends on the org's reliance on said third parties.

Reply to This post did not contain any content. on Wed, 29 Apr 2026 15:31:02 GMT

nyanbinary@infosec.exchange — Wed, 29 Apr 2026 15:31:02 GMT

@cR0w where does "execs using AI" rank in this?

Reply to This post did not contain any content. on Wed, 29 Apr 2026 15:26:41 GMT

loke@functional.cafe — Wed, 29 Apr 2026 15:26:41 GMT

@cR0w attackers only need to succeed once. Defenders need to succeed every time.

When using a broad system with lots of capabilities, but also stochastic and unpredictable, guess for which side it's the most useful?

Reply to This post did not contain any content. on Wed, 29 Apr 2026 15:23:24 GMT

alerikaisattera@fosstodon.org — Wed, 29 Apr 2026 15:23:24 GMT

@cR0w more like idiots using AI is a greater risk

Reply to This post did not contain any content. on Wed, 29 Apr 2026 15:21:59 GMT

kirby@freerobuxextremist.com — Wed, 29 Apr 2026 15:21:59 GMT

@cR0w i don't think anybody ever denied this, actually this is the common opinion

Reply to This post did not contain any content. on Wed, 29 Apr 2026 15:08:49 GMT

beyondmachines1@infosec.exchange — Wed, 29 Apr 2026 15:08:49 GMT

@cR0w Why?
not trying to change your mind, but interested to read the thought process

Reply to This post did not contain any content. on Wed, 29 Apr 2026 15:00:34 GMT

bakachu@infosec.exchange — Wed, 29 Apr 2026 15:00:34 GMT

@cR0w and third parties using AI is worse than both put together

Reply to This post did not contain any content. on Wed, 29 Apr 2026 14:54:13 GMT

cr0w@infosec.exchange — Wed, 29 Apr 2026 14:54:13 GMT

@tuban_muzuru Indeed. But given the fact that I'm not familiar with your thoughts on the matter, there is a good chance that you and I disagree on which people are the greatest risk.

Reply to This post did not contain any content. on Wed, 29 Apr 2026 14:52:56 GMT

tuban_muzuru@beige.party — Wed, 29 Apr 2026 14:52:56 GMT

@cR0w

[quiet laughter]

the biggest security risk, anywhere - is people.

Change your mind, right away.

Reply to This post did not contain any content. on Wed, 29 Apr 2026 14:44:43 GMT

huronbikes@cyberplace.social — Wed, 29 Apr 2026 14:44:43 GMT