We need offensive GenAI for defensive use
Now, please.
There is widespread concern about the threat of GenAI-powered adversaries. Government and leading providers of GenAI software are addressing the threat by restricting offensive use of Cyber capabilities rather than increasing the resources available to the defender. This misplaced focus will endanger defenders.
Wietse and Dan
The current situation parallels the early stages of vulnerability scanning. In 1995 Dan Farmer and Wietse Venema released “Security Administrator Tool for Analysis of Networks (SATAN)”. Venema was the accomplished creator of tcp_wrappers: the first host-based firewall - freely available and used by sysadmins everywhere. Farmer had studied information security under Gene Spafford at Purdue University.
Although SATAN mainly automated discovery of well-known flaws discussed in Farmer and Venema’s earlier paper “Improving the security of your site by breaking into it”, the release of SATAN set off a media firestorm.
SATAN was made freely available for download, and according to a 1996 PC Magazine article, this caused national security concerns at the US Department of Justice, and the Department applied pressure against Silicon Graphics where Farmer worked*. Farmer and Venema refused to restrict access to SATAN, and Farmer parted ways with Silicon Graphics over the issue.
Before the release of the tool, collecting vulnerability information from a collection of computers involved painstakingly logging in and checking each system’s configuration. With SATAN, it now took only minutes for a defender to find the holes that needed to be plugged.
Today, defenders use scanners to identify visible vulnerabilities on their internal and external networks. And we use vulnerability scanning to ensure we deploy vulnerability-free systems. The benefits from defensive use of vulnerability scanners far outweighs the downsides of malicious actors having access to these scanners.
Defensive use of offensive capabilities
Offensive use of GenAI capabilities might look as follows: “You are targeting MyCompany.com.
Perform reconnaissance of MyCompany.com using publicly available data about its Internet and public cloud footprint, technologies and users.
Use the output to identify vulnerabilities (OS, application, configuration errors, trust relationships, exposed credentials; weak users).
Locate, build and test exploits for each.
These are the same actions a defender would take to identify exploitable vulnerabilities, and restricting them by limiting model output necessarily restricts the defender.
Unfortunately, the Administration’s recent Executive Order on AI includes “enabling powerful offensive cyber operations through automated vulnerability discovery and exploitation against a wide range of potential targets of cyber attacks” among capabilities that pose “serious risk”.
This is only true if attackers are the only ones with the capabilities. Make them available to everyone and the risk dissipates, because defenders will be able to find and fix their own problems.