It Gets Worse Before It Gets Better: How AI Will Unbalance Cybersecurity

In the past year, large language models have begun to demonstrate offensive cyber capabilities; they are becoming proficient at hacking. How will these changes affect the cyber domain? To predict the consequences, three properties of the cybersecurity landscape need to be considered.

The balance between attackers and defenders

First, as is well known among cybersecurity experts, the relationship between attack and defense is asymmetric: An attacker needs only one workable attack path, while a defender, by contrast, is trying to make the set of viable attack paths small enough that an attacker’s search is unlikely to turn up something usable. For most organizations, that means closing a lot of attack paths.

The second important property of the cyber domain is that digital systems are stuffed with exposures: bugs, misconfigurations, weak credentials, leaky tokens, overly permissive roles. The distribution is, however, skewed: a long tail of minor issues sits beside a small, critical cluster that opens short routes to money movement, sensitive data, production control, or the identity layer that governs everything else.

Unfortunately, it is very costly for defenders to separate the signal from the noise; they are often burdened by massive lists of poorly prioritized vulnerabilities reported by scanners and other noisy tools.

Third, finding and exploiting a vulnerability is typically cheaper than fixing it. Diagnosis is mostly nonintrusive: you can inspect and probe configurations and behavior without making significant changes. Exploitation can be intrusive, but attackers often have low incentives to avoid collateral damage. Fixing requires change, which introduces the risk of breaking something that the business depends on. Defenders oftentimes are equally concerned about the unintentional consequences of bad fixes as they are about the vulnerability itself.

The current frequency of cyber intrusions is a direct consequence of the equilibrium between these various cyber-domain attributes. Some of the properties are not permanent features, though. When attackers allocate greater resources, intrusions increase. If defenders could separate signal from noise more cheaply and reliably, intrusions would be expected to decrease. AI is now about to cause a significant rebalancing of these properties.

Finding and fixing exposures

There are many ways AI can assist cybersecurity—detection, containment, investigation, fraud controls, and so on. When it comes to hardening systems, however, finding and fixing exposures are central.

Finding exposures is the easier capability to automate because it is observational. You can scan code, probe services, search for leaked secrets, and reason about likely failure modes without changing anything. The work is diagnostic: you observe, infer, and report.

Remediation is the harder capability to automate because it is interventionist. Patching and configuration changes often have unintended consequences due to complex dependencies. Fixes can break production, trigger outages, or introduce new vulnerabilities in the act of removing old ones. Remediation is therefore not merely technical – it is operational and organizational.

These two capabilities are unlikely to mature at the same pace. Diagnosis is easier to automate than remediation, and that difference matters: it shapes the sequence in which AI changes the practical balance between attack and defense. 

Unbalancing

AI will initially make it dramatically easier to find exposures and to turn them into workable attack paths. For attackers, the advantage is immediate. Defenders, of course, will use the same tools, but they will run into one of the properties of the current cybersecurity landscape: Finding is cheap; fixing is not. This will negatively affect the balance between attacker and defenders.

To understand the effects of AI’s exposure-discovery capabilities, it is necessary to distinguish between new and legacy software. In new builds, AI agents can perform penetration testing and assist in code review before systems are deployed. This will lead to much more secure software. The amount of already deployed digital infrastructure is, however, enormous. These systems will continue to improve only slowly. Even when AI points to the right vulnerabilities, implementing fixes remains risky, coordinated, and frequently postponed. The result is a split-screen world: new systems trend toward secure-by-construction. Old systems, however, become radically more vulnerable than before, because attackers can now locate and operationalize previously undiscovered attack paths at scale.

For defenders, the most valuable use of AI is not to find more vulnerabilities (which they will) but to rank them better. Defenders have limited manual resources, and those resources are squandered when an organization is buried under an indiscriminate flood of findings. AI-driven exposure discovery is qualitatively superior to the scalable methods available today, such as vulnerability scanning. Penetration testing agents not only surface vulnerabilities, but explore which attack paths those vulnerabilities unlock. That provides the necessary context to distinguish the exposures that may have large consequences from those of lesser significance.

Still, the net result of AI’s initial unbalancing is bleak: attackers gain speed before defenders gain the ability to safely change enough systems.

Rebalancing

In a second stage, AI will meaningfully accelerate safe remediation at scale. Safe remediation is not merely suggesting a patch. It means understanding dependencies, proposing changes that fit operational constraints, generating tests, predicting regressions, and verifying—after the fact—that the fix worked and did not create a new failure mode.

When AI can do that reliably, the balance shifts again. At that point, defenders can remove the critical vulnerabilities faster than attackers can exploit them—especially the vulnerabilities that form short, reliable routes to high-impact assets. And because vulnerabilities are skewed, neutralizing the dangerous few attack paths can drop risk sharply. This is also the moment when legacy systems begin to become meaningfully secure.

After the storm comes the calm

Timing matters. Discovery is likely to improve earlier because it is largely observational and can be scaled with relatively little operational risk. Remediation is likely to improve later because it requires deploying changes in complex, interdependent systems under constraints of testing, coordination, and reliability. If this is true, then we have some rough times ahead. The best we can do during that period of turmoil, is to employ AI to identify the exposures that really deserve our limited human resources. Eventually, automated remediation will also be unlocked, restoring the balance between attackers and defenders.