Robert M
๐ค SpeakerAppearances Over Time
Podcast Appearances
I am not a security professional.
I am a software engineer who has spent more time thinking about security than the median software engineer, but maybe not the 99th percentile.
This section necessarily requires some extrapolation into the uncertain future.
A proper treatment of what's about to happen really deserves its own post, ideally by a subject matter expert, or at least someone who's spent quite a bit more time on thinking about this question than I have.
I nonetheless include some very quick thoughts below, mostly relevant to US-based individuals that don't have access to highly sensitive corporate secrets or classified government information.
Many existing threat models don't seem obviously affected by the first-order impacts of a dramatic increase in scalable cyber-offensive capabilities.
For threat models which seem likely to get worse are third-party data breaches, software supply chain attacks, ransomware, and cryptocurrency theft.
I'm not sure what to do about data breaches, in general.
The typical vector of exploitation is often various forms of fraud involving identity theft or impersonation, but scaled blackmail campaigns wouldn't be terribly shocking as a new problem.
One can also imagine many other problems cropping up downstream of LLMs providing scalable cognition, enabling many avenues of value extraction that were previously uneconomical due to the sheer volume of data.
If you're worried about identity theft, set up a credit freeze.
Behave virtuously.
If you must behave unvirtuously, don't post evidence of your unvirtuous behavior on the internet, not even under a very anonymous account that you're sure can't be linked back to you.
Software supply chain attacks seem less actionable if you're not a software engineer.
This is already getting worse and will probably continue to get worse.
Use a toolchain that lets you pin your dependencies, if you can.
Wait a few days after release before upgrading to the newest version of any dependency.
There are many other things you can do here.
They might or might not pass a cost-benefit analysis for individuals.
There's a details box here with the title Scaled Ransomware.