Assorted links 2026-05-19
-
Exploits don’t cause cyberattacks: On thinking clearly about frontier AI advances and cyber conflict - “[M]ost of today’s attacker constituencies can currently achieve most of their desired outcomes using traditional means: simple phishing, credential stuffing, exploitation of known CVEs, etc. These constituencies aren’t likely to explode into hockey-stick adoption of AI vulnerability research tools. ❡ This should discipline our thinking about Mythos generating a discontinuous volume of cyberattacks, because, again, most attacker constituencies just aren’t blocked by vulnerability research for most of their workflows.”
-
Finding Zero-Days with Any Model: Vulnerability discovery is an orchestration problem, not a frontier-model problem. - “[W]ell-resourced adversaries already use orchestrated workflows to hunt for zero-days at scale. They operate free from vendor usage policies, AUP friction during legitimate research, API rate limits on multi-hour runs, and curated access lists for embargoed frontier models. The seven-step refusal during severity assessment is exactly the asymmetry at issue: a defender doing legitimate work hit friction that a well-resourced adversary using uncensored open-weight models would not.”