Will AI Make Cyber Swords or Shields: A few mathematical models of technological progress

TL;DR

This paper uses mathematical models to analyze how AI advancements could influence cybersecurity, highlighting potential increases in undetected attacks and the relative benefits for attackers versus defenders.

Contribution

It introduces mathematical models to evaluate the impact of AI on cybersecurity, providing insights into how technological progress may shift attack and defense dynamics.

Findings

AI may increase undetected attacks in phishing.

Advances in vulnerability discovery benefit attackers more.

Automation in exploit writing favors attackers over defenders.

Abstract

We aim to demonstrate the value of mathematical models for policy debates about technological progress in cybersecurity by considering phishing, vulnerability discovery, and the dynamics between patching and exploitation. We then adjust the inputs to those mathematical models to match some possible advances in their underlying technology. We find that AI's impact on phishing may be overestimated but could lead to more attacks going undetected. Advances in vulnerability discovery have the potential to help attackers more than defenders. And automation that writes exploits is more useful to attackers than automation that writes patches, although advances that help deploy patches faster have the potential to be more impactful than either.