Get your free personalized podcast brief
We scan new podcasts and send you the top 5 insights daily.
The cost to secure vulnerable systems isn't just the hardware value. "Deployment costs" for upgrading unpatchable Operational (OT) and Information (IT) Technology—especially in critical infrastructure—will drive total demand to $1.5 trillion in the U.S. alone, far exceeding the book value of the assets themselves.
Related Insights
AI will find vulnerabilities at an unprecedented rate. The real crisis will be the organizational inability to patch them, especially in critical infrastructure with long update cycles and unsupported software where original developers are long gone. The problem shifts from finding flaws to fixing them at scale.
The same AI technology amplifying cyber threats can also generate highly secure, formally verified code. This presents a historic opportunity for a society-wide effort to replace vulnerable legacy software in critical infrastructure, leading to a durable reduction in cyber risk. The main challenge is creating the motivation for this massive undertaking.
As AI models become adept at finding software vulnerabilities, there's a limited time for companies to use these tools defensively. This brief "catch-up" period exists before these powerful capabilities become widely available to malicious actors, creating an urgent, time-boxed need for proactive patching of legacy systems.
Advanced AI cyber tools like Anthropic's Mythos don't create new vulnerabilities; they excel at discovering existing, dormant bugs in human-written code. Their proliferation will catalyze a one-time, industry-wide upgrade cycle, ultimately hardening global infrastructure and leading to a more secure equilibrium between AI-powered offense and defense.
Unlike modern IT systems, Operational Technology (OT) assets like power grids and factory floors are old, difficult to update without operational downtime, and often run on legacy hardware that cannot handle modern security patches. This makes them a highly vulnerable and critical target for AI-driven attacks.
Contrary to fears that AI would replace security firms, the consensus has shifted. Analysts now believe AI massively increases the surface area for vulnerabilities, compounding the need for security. This creates a multi-billion dollar opportunity for firms protecting new AI-driven attack vectors, making cyber a resilient software sector.
The emergence of AI that can easily expose software vulnerabilities may end the era of rapid, security-last development ('vibe coding'). Companies will be forced to shift resources, potentially spending over 50% of their token budgets on hardening systems before shipping products.
AI models are better at finding bad code than writing good code. This capability will rapidly uncover vulnerabilities in open-source, custom, and vendor software that would have otherwise taken 10 years to find. This creates an urgent, large-scale need for patching across all industries.
The traditional cybersecurity model of humans finding and patching vulnerabilities cannot keep pace with AI that discovers thousands of exploits in hours. This fundamental mismatch in speed and scale will require a complete overhaul of how software security is managed.
The AI arms race isn't just about training models on high-end GPUs. Upgrading vulnerable infrastructure will create a second wave of semiconductor demand. IT security will require cutting-edge 3nm chips, while critical OT upgrades will need vast quantities of legacy chips, straining two distinct segments of the market.