AI’s Hacking Skills Are Approaching an ‘Inflection Point’ (www.wired.com)

A recent revelation from cybersecurity startup RunSybil has highlighted a critical turning point in the application of AI within cybersecurity. Their AI tool, Sybil, identified a serious vulnerability in a client’s implementation of federated GraphQL—specifically, it inadvertently exposed confidential information. This discovery was significant due to the intricate understanding required to correlate knowledge across various systems, showcasing the advances in reasoning capabilities of multi-modal AI models. According to the co-founders, the ease with which Sybil identified this issue indicates a dramatic enhancement in AI's ability to uncover previously hidden zero-day vulnerabilities, raising alarms about the potential for these same models to be used maliciously. Cybersecurity expert Dawn Song emphasizes that AI's cybersecurity capabilities have sharply improved, as evidenced by the performance of AI models in detecting vulnerabilities during her CyberGym benchmarking project. While AI can facilitate more proactive defenses, like helping cybersecurity professionals identify flaws early, there is also concern that attackers will leverage similar advancements for offensive exploits. As AI models continue to evolve, the balance between offensive and defensive capabilities in cybersecurity will be crucial, necessitating new strategies, such as sharing AI tools with security researchers before public release and adopting a secure-by-design approach to software development.