Asymmetric Security operates on the assumption that AGI is inevitable. This 'AGI-pilled' worldview shapes their strategy to completely rethink cyber defense, preparing for a world with a virtually unlimited supply of intelligent labor, rather than just automating current tasks.
Beyond typical IP theft, North Korea runs a program where state-backed operators secure remote tech jobs in Western companies. Their goal is not just espionage but also earning salaries to directly fund the regime, representing a unique and insidious state-sponsored threat.
Large cybersecurity incumbents are not fully embracing an AGI-centric strategy for forensics. Their focus on existing product revenue, combined with a cultural skepticism among security professionals about AI's true capabilities, means they are undervaluing the paradigm shift. This inertia provides a crucial opening for 'AGI-pilled' startups.
The current cyber defense model is reactive, using triage for endless alerts. Asymmetric Security's AGI-premised strategy is to shift this paradigm to proactive, continuous digital forensics. AI agents provide the 'infinite intelligent labor' needed to conduct deep investigations constantly, not just after a breach is suspected.
For cybersecurity incident response firms, the primary go-to-market channel isn't direct sales to enterprises. Instead, they must get on the pre-approved vendor panels of cybersecurity insurance companies. When an insured company is hacked, the insurer dictates which response firm they can use, making these carriers key distribution gatekeepers.
Unlike software engineering with abundant public code, cybersecurity suffers from a critical lack of public data. Companies don't share breach logs, creating a massive bottleneck for training and evaluating defensive AI models. This data scarcity makes it difficult to benchmark performance and close the reliability gap for full automation.
The skills for digital forensics (detecting intrusions) are distinct from offensive hacking (creating intrusions). This separation means that focusing AI development on forensics offers a rare opportunity to 'differentially accelerate' defensive capabilities. We can build powerful defensive tools without proportionally improving offensive ones, creating a strategic advantage for cybersecurity.
A paradox of powerful AI is that it can be 'GDP-destroying.' When AI substitutes for a service you would have paid for (e.g., hiring a contractor), it creates immense personal value but removes a transaction from the economy. This makes GDP a poor metric for AI's true economic contribution, which may be understated.
A practical definition of AGI is its capacity to function as a 'drop-in remote worker,' fully substituting for a human on long-horizon tasks. Today's AI, despite genius-level abilities in narrow domains, fails this test because it cannot reliably string together multiple tasks over extended periods, highlighting the 'jagged frontier' of its abilities.
To overcome the lack of public cybersecurity data, Asymmetric Security employs a services-first business model. Their human-AI teams handle real incidents, ensuring customer reliability while simultaneously generating a unique, high-quality dataset of forensic investigations. This data becomes a key asset for training their AI to achieve full automation.
