Josephine Wolff

I don't know if that is the case or if we're going to sort of hit a little bit of a plateau where everybody has models that can find roughly the same set of vulnerabilities and patch and exploit them to roughly the same degree.

My general instinct has been more the latter.

There is, you know, going to be a very significant improvement in how well we can find vulnerabilities with AI until there isn't, until we, you know, have developed systems that can find most of them.

And then we're going to see more of a leveling off.

In terms of the sort of what do we do when the AI writes all the code and none of us can possibly understand it, I want to emphasize that's a choice, right?

It doesn't mean it won't happen.

But if we decide we're going to replace all of the software powering the Massachusetts electric grid with software written in a language that no human has ever used and has ever tried to code or patch,

we will be making a deliberate decision that that's the kind of software we want to be using.

And I think, I mean, I'm biased because I'm somebody who spends her whole life studying cybersecurity policy.

But one of the reasons I think the policy piece of this picture is really important is because I don't think those are decisions we want to fall into.

I think those are decisions we want to make really carefully and deliberately.

And I absolutely agree.

I think that would be a bad one.

But I don't think it's an inevitable one.

None of this is to say I don't think there are risks here, right?

Definitely, we're going to see cyber attacks where AI is playing larger roles.

We're already seeing some of them, especially in the scam world.

I think there will be a lot of damage and there will be a lot of losses.

Will those be exponentially larger than the damage and the losses we've seen from other cyber attacks?

I genuinely don't know.