Daniel Miessler on the AI Attack/Defense Balance_SCHNEIER:C1E75F66CE18F62857DD6FDE425254FF

Description

His conclusion:

> Context wins
>
> Basically whoever can see the most about the target, and can hold that picture in their mind the best, will be best at finding the vulnerabilities the fastest and taking advantage of them. Or, as the defender, applying patches or mitigations the fastest.
>
> And if you’re on the inside you know what the applications do. You know what’s important and what isn’t. And you can use all that internal knowledge to fix things--hopefully before the baddies take advantage.
>
> Summary and prediction
>
> 1. Attackers will have the advantage for 3-5 years. For less-advanced defender teams, this will take much longer.
> 2. After that point, AI/SPQA will have the additional internal context to give Defenders the advantage.

>
> LLM tech is nowhere near ready to handle the context of an entire company right now. That’s why this will take 3-5 years for true AI-enabled Blue to become a thing.
>
> And in the meantime, Red will be able to use publicly-available context from OSINT, Recon, etc. to power their attacks.

I agree.

By the way, this is the SPQA architecture.

Visit Original Source

Basic Information

ID SCHNEIER:C1E75F66CE18F62857DD6FDE425254FF

Published Oct 2, 2025 at 16:19

{
    "lastseen": "2025-10-02T18:44:26",
    "description": "His conclusion:\n\n> Context wins\n> \n> Basically whoever can see the most about the target, and can hold that picture in their mind the best, will be best at finding the vulnerabilities the fastest and taking advantage of them. Or, as the defender, applying patches or mitigations the fastest.\n> \n> And if you\u2019re on the inside you know what the applications do. You know what\u2019s important and what isn\u2019t. And you can use all that internal knowledge to fix things\u00ad--hopefully before the baddies take advantage.\n> \n> Summary and prediction\n> \n>   1. Attackers will have the advantage for 3-5 years. For less-advanced defender teams, this will take much longer. \n>   2. After that point, AI/SPQA will have the additional internal context to give Defenders the advantage.\n\n> \n> LLM tech is nowhere near ready to handle the context of an entire company right now. That\u2019s why this will take 3-5 years for true AI-enabled Blue to become a thing.\n> \n> And in the meantime, Red will be able to use publicly-available context from OSINT, Recon, etc. to power their attacks.\n\nI agree.\n\nBy the way, this is the SPQA architecture.",
    "published": "2025-10-02T16:19:59",
    "modified": "2025-10-02T16:19:59",
    "type": "schneier",
    "title": "Daniel Miessler on the AI Attack/Defense Balance",
    "source": "",
    "references": "",
    "id": "SCHNEIER:C1E75F66CE18F62857DD6FDE425254FF",
    "bulletinFamily": "blog",
    "cwe": null,
    "cvelist": [],
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://www.schneier.com/blog/archives/2025/10/daniel-miessler-on-the-ai-attack-defense-balance.html",
    "category_name": "News",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

💭 Join the Security Discussion ❌ Cancel Reply