Unlike software engineering with abundant public code, cybersecurity suffers from a critical lack of public data. Companies don't share breach logs, creating a massive bottleneck for training and evaluating defensive AI models. This data scarcity makes it difficult to benchmark performance and close the reliability gap for full automation.
Related Insights
The primary barrier to deploying AI agents at scale isn't the models but poor data infrastructure. The vast majority of organizations have immature data systems—uncatalogued, siloed, or outdated—making them unprepared for advanced AI and setting them up for failure.
The cybersecurity landscape is now a direct competition between automated AI systems. Attackers use AI to scale personalized attacks, while defenders must deploy their own AI stacks that leverage internal data access to monitor, self-attack, and patch vulnerabilities in real-time.
Security expert Alex Komorowski argues that current AI systems are fundamentally insecure. The lack of a large-scale breach is a temporary illusion created by the early stage of AI integration into critical systems, not a testament to the effectiveness of current defenses.
The public narrative about AI-driven cyberattacks misses the real threat. According to Method Security's CEO, sophisticated adversaries aren't using off-the-shelf models like Claude. They are developing and deploying their own superior, untraceable AI models, making defense significantly more challenging than is commonly understood.
AI tools drastically accelerate an attacker's ability to find weaknesses, breach systems, and steal data. The attack window has shrunk from days to as little as 23 minutes, making traditional, human-led response times obsolete and demanding automated, near-instantaneous defense.
The long-term trajectory for AI in cybersecurity might heavily favor defenders. If AI-powered vulnerability scanners become powerful enough to be integrated into coding environments, they could prevent insecure code from ever being deployed, creating a "defense-dominant" world.
While AI gives attackers scale, defenders possess a fundamental advantage: direct access to internal systems like AWS logs and network traffic. A defending AI stack can work with ground-truth data, whereas an attacking AI must infer a system's state from external signals, giving the defender the upper hand.
The skills for digital forensics (detecting intrusions) are distinct from offensive hacking (creating intrusions). This separation means that focusing AI development on forensics offers a rare opportunity to 'differentially accelerate' defensive capabilities. We can build powerful defensive tools without proportionally improving offensive ones, creating a strategic advantage for cybersecurity.
While content moderation models are common, true production-grade AI safety requires more. The most valuable asset is not another model, but comprehensive datasets of multi-step agent failures. NVIDIA's release of 11,000 labeled traces of 'sideways' workflows provides the critical data needed to build robust evaluation harnesses and fine-tune truly effective safety layers.
The old security adage was to be better than your neighbor. AI attackers, however, will be numerous and automated, meaning companies can't just be slightly more secure than peers; they need robust defenses against a swarm of simultaneous threats.
