, AI can turn rare expertise into commodity capabilities and gives average
criminals an outsized advantage.

The AI-assisted evolution of cyberdefense

AI technologies can benefit defenders as well. We don't know how the different
technologies of cyber-offense and cyber-defense will be amenable to AI
enhancement, but we can extrapolate a possible series of overlapping
developments.

Phase One: The Transformation of the Vulnerability Researcher. AI-based hacking
benefits defenders as well as attackers. In this scenario, AI empowers defenders
to do more. It simplifies capabilities, providing far more people the ability to
perform previously complex tasks, and empowers researchers previously busy with
these tasks to accelerate or move beyond them, freeing time to work on problems
that require human creativity. History suggests a pattern. Reverse engineering
was a laborious manual process until tools such as IDA Pro made the capability
available to many. AI vulnerability discovery could
follow a similar trajectory, evolving through scriptable interfaces, automated
workflows, and automated research before reaching broad accessibility.

Phase Two: The Emergence of VulnOps. Between research breakthroughs and
enterprise adoption, a new discipline might emerge: VulnOps. Large research
teams are already building operational pipelines around their tooling. Their
evolution could mirror how DevOps professionalized software delivery. In this
scenario, specialized research tools become developer products. These products
may emerge as a SaaS platform, or some internal operational framework, or
something entirely different. Think of it as AI-assisted vulnerability research
available to everyone, at scale, repeatable, and integrated into enterprise
operations.

Phase Three: The Disruption of the Enterprise Software Model. If enterprises
adopt AI-powered security the way they adopted continuous integration/continuous
delivery (CI/CD), several paths open up. AI vulnerability discovery could become
a built-in stage in delivery pipelines. We can envision a world where AI
vulnerability discovery becomes an integral part of the software development
process, where vulnerabilities are automatically patched even before reaching
production -- a shift we might call continuous discovery/continuous repair
(CD/CR). Third-party risk management (TPRM) offers a natural adoption route,
lower-risk vendor testing, integration into procurement and certification gates,
and a proving ground before wider rollout.

Phase Four: The Self-Healing Network. If organizations can independently
discover and patch vulnerabilities in running software, they will not have to
wait for vendors to issue fixes. Building in-house research teams is costly, but
AI agents could perform such discovery and generate patches for many kinds of
code, including third-party and vendor products. Organizations may develop
independent capabilities that create and deploy third-party patches on vendor
timelines, extending the current trend of independent open-source patching. This
would increase security, but having customers patch software without vendor
approval raises questions about patch correctness, compatibility, liability,
right-to-repair, and long-term vendor relationships.

These are all speculations. Maybe AI-enhanced cyberattacks won't evolve the ways
we fear. Maybe AI-enhanced cyberdefense will give us capabilities we can't yet
anticipate. What will surprise us most might not be the paths we can see, but
the ones we can't imagine yet.

This essay was written with Heather Adkins and Gadi Evron, and originally
appeared in CSO.

** *** ***** ******* *********** *************

AI and the Future of American Politics

[2025.10.13] Two years ago, Americans anxious about the forthcoming 2024
presidential election were considering the malevolent force of an election
influencer: artificial intelligence. Over the past several years, we have seen
plenty of warning signs from elections worldwide demonstrating how AI can be
used to propagate misinformation and alter the political landscape, whether by
trolls on social media, foreign influencers, or even a street magician. AI is
poised to play a more volatile role than ever before in America's next federal
election in 2026. We can already see how different groups of political actors
are approaching AI. Professional campaigners are using AI to accelerate the
traditional tactics of electioneering; organizers are using it to reinvent how
movements are built; and citizens are using it both to express themselves and
amplify their side's messaging. Because there are so few rules, and so little
prospect of regulatory action, around AI's role in politics, there is no
oversight of these ac
tivities, and no safeguards against the dramatic potential impacts for our
democracy.

The Campaigners

Campaigners -- messengers, ad buyers, fundraisers, and strategists -- are
focused on efficiency and optimization. To them, AI is a way to augment or even
replace expensive humans who traditionally perform tasks like personalizing
emails, texting donation solicitations, and deciding what platforms and
audiences to target.

This is an incremental evolution of the computerization of campaigning that has
been underway for decades. For example, the progressive campaign infrastructure
group Tech for Campaigns claims it used AI in the 2024 cycle to reduce the time
spent drafting fundraising solicitations by one-third. If AI is working well
here, you won't notice the difference between an annoying campaign solicitation
written by a human staffer and an annoying one written by AI.

But AI is scaling these capabilities, which is likely to make them even more
ubiquitous. This will make the biggest difference for challengers to incumbents
in safe seats, who see AI as both a tacitly useful tool and an
attention-grabbing way to get their race into the headlines. Jason Palmer, the
little-known Democratic primary challenger to Joe Biden, successfully won the
American Samoa primary while extensively leveraging AI avatars for campaigning.

Such tactics were sometimes deployed as publicity stunts in the 2024 cycle; they
were firsts that got attention. Pennsylvania Democratic Congressional candidate
Shamaine Daniels became the first to use a conversational AI robocaller in 2023.
Two long-shot challengers to Rep. Don Beyer used an AI avatar to represent the
incumbent in a live debate last October after he declined to participate. In
2026, voters who have seen years of the official White House X account posting
deepfaked memes of Donald Trump will be desensitized to the use of AI in
political communications.

Strategists are also turning to AI to interpret public opinion data and provide
more fine-grained insight into the perspective of different voters. This might
sound like AIs replacing people in opinion polls, but it is really a
continuation of the evolution of political polling into a data-driven science
over the last several decades.

A recent survey by the American Association of Political Consultants found that
a majority of their members' firms already use AI regularly in their work, and
more t

--- BBBS/LiR v4.10 Toy-7
 * Origin: TCOB1: https/binkd/telnet binkd.rima.ie (618:500/1)