Even if there's a 10% chance agentic AI will work in the next few years and be able to automate a chunk of offensive cybersecurity work, the stakes are high enough that it's the responsibility of the AI security community to prepare for this contingency
AI doesn’t undo the years of defensive build up. And for the good offensive teams, the bar is really high in terms of letting an agent run in a network. Otherwise, I’d count it as a present danger. Especially in areas that lend themselves to scale (recon, vuln discovery, appsec), or the standard AD red team stuff.
@joshua_saxe We can’t even get people to patch their exchange servers mate 🤣
@joshua_saxe all of a sudden I am brought back to this @CamlisOrg classic 🐊 camlis.org/nancirose-piaz…
@joshua_saxe Yep :/ (& my worry increases as #years gets more than just a few)