The Dual-Use Gap Is The Problem Recent cyber attacks leveraging AI have highlighted a widening dual-use gap, where AI models enhance both defensive and offensive capabilities asymmetrically. The gap means small security failures now have larger blast radii, as attackers use AI to automate and chain exploits faster than defenders can respond. The assumption that defensive AI will automatically offset offensive AI is flawed, as it ignores disparities in access, resources, and time across organizations. TLDR: So there has been recent discourse on š¯•¸ https://x.com/yogeshprabhu03 , and recent news of major cyber attacks that were done with the help of AI, or happened because AI tools are now wired into software workflows. I think the important frame here is the dual-use gap : as AI models become more capable, they create more upside for defenders and more downside for attackers. The gap between "this helps me secure things" and "this helps me break things" is getting wider. That sounds obvious, but I think people are underestimating the second-order effects of this. The dual-use gap makes small failures feel less small. A compromised account, a bad package, or one missed vulnerability can suddenly have a much larger blast radius, because attackers can use AI to move faster, automate more, and chain together mistakes that would have been harder to exploit before. And the usual response is "good AI will defend against bad AI," but who is guaranteeing that the defensive AI finds every path before the attacking AI does? And who is guaranteeing that it defends everyone? So there has been recent discourse on š¯•¸ https://x.com/yogeshprabhu03 , and recent news https://x.com/feross/status/2038831826987614567?s=20 of major cyber attacks that were done with the help of AI, or at least happened in a world where AI is now part of the attack surface. I think a lot of the discourse is getting stuck on the wrong question. The debate usually becomes something like: I get why the second view is attractive. It is optimistic. The defender does have advantages sometimes. Mozilla's blog post https://blog.mozilla.org/en/privacy-security/ai-security-zero-day-vulnerabilities/ on Mythos finding a ton of bugs is probably the most supporting of this view, and the conclusion was basically that maybe the defects are finite and we can finally find them all. But my worry is that this view subtly turns cybersecurity into "does the good model beat the bad model?". And I don't think that's the right. It's missing the center of the problem. The center is the dual-use gap . The way I think about it is pretty simple. More capable models create more useful effects. They can help defenders review code, find vulnerabilities, write patches, summarize logs, triage alerts, and understand codebases that are way too large for one person to keep in their head. This is the green line. But the same capabilities create more harmful effects. They can help attackers understand unfamiliar systems, scale phishing, exploit fresh vulnerabilities faster, write malware variants, and chain together steps that used to require more human expertise. This is the red line. As models get better, both lines move. The gap gets wider. The green line goes up. The red line goes down. The mistake is thinking these effects cancel out. They do not. If AI makes defenders 2x better and attackers 2x better, the world is not the same. The whole game is just faster now. Mistakes matter more. Weak systems get punished harder. And anyone who does not get the defensive upside is now living in a more dangerous environment. And if AI makes attackers 10x faster at exploiting a certain class of failures, then "defenders also have AI" only helps if the defender actually has access to the right tools, the right people, the right logs, the right permissions, and enough time to respond. That is a lot of assumptions. I keep seeing a version of the argument that is basically: Cyber is dual-use, but defense can also use AI, so we should accelerate the good AI. I agree with the first half. Cyber is dual-use. I also agree that defensive AI is necessary. But the conclusion is too clean. "Good AI will defend us" only works if you answer a bunch of annoying questions: Who is "us"? Do regular people get defended? Do small startups get defended? Do open source maintainers get defended? Do local schools, hospitals, and random mid-sized companies get defended? Or do only frontier labs, and large enterprises get the best defensive tooling? Because if the answer is mostly the last group, then we are not closing the dual-use gap. We are just giving the best defended institutions better armor while everyone else gets dropped into a faster threat environment. That is the part that doesn't feel discussed. The recent Google blog post https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access?utm source=tw&utm medium=social&utm campaign=nfg is the clearest red line signal. The interesting part is not that someone asked a chatbot to write a script. That was the 2023 story. The newer story is that attackers are building workflows around models: vulnerability exploitation, augmented operations, recon, initial access, malware work, and more scalable use of premium models. That matters because once AI becomes part of the attacker workflow, the bottleneck changes. It is less "does this person know enough?" and more "can they point a model at enough targets, code, context, disclosures, and old CVEs until it produces something useful?" Then OpenAIā€™s TanStack/npm supply-chain incident https://openai.com/index/our-response-to-the-tanstack-npm-supply-chain-attack/ is another version of the same thing. OpenAI said a widely used npm package was compromised as part of a broader supply-chain attack. The broader lesson is that even frontier labs are still inside the normal software supply chain. They depend on packages, developer devices, repos, etc. The "good AI" lives inside the same brittle dependency graph as everything else. To be clear, I am not saying "AI in cyber is all bad." That would be dumb. The defensive upside is real. OpenAIā€™s Daybreak https://openai.com/daybreak/ framing makes sense to me. If attackers are moving faster with AI, defenders probably need AI inside code review, threat modeling, detection engineering, and incident response. You cannot fight machine speed offense with quarterly security reviews. This is a step in the right direction, but again still not enough, I bring my point back up again: Who is "us" that is being defended, this proposal still doesn't cover everyone to be defended. The worry is not that bad AI magically beats good AI. The worry is that the dual-use gap widens faster than our ability to distribute defense. A frontier lab can hire incident responders, build internal monitoring, rotate credentials, write evals, and even have access to their most frontier internal model. A three person startup cannot do all of that. A solo maintainer cannot do all of that. A normal person definitely cannot do all of that. So when people say "AI will defend us," I want to know who "us" is. If "us" means the richest and most competent institutions, then sure, maybe. But the internet is not only those institutions. It is also messy SaaS integrations, abandoned packages, random extensions, overworked maintainers, small teams, and normal people with phones and laptops. Offense scales across weak targets. Defense has to work in each specific messy environment. That asymmetry matters more as the dual-use gap expands. When I say the AI-AI cyber war has begun, I do not mean sentient hacker armies fighting in the cloud or whatever. I mean the offense-defense loop is becoming machine speed. Attackers use AI to find targets, understand code, automate recon, scale social engineering, generate variants, and move faster through the attack lifecycle. Defenders use AI to find bugs, write patches, review code, validate fixes, summarize alerts, and monitor agents. Both sides get faster. That is the dual-use gap. The risk is not just that bad AI beats good AI. The risk is that the world becomes more dependent on AI-assisted defense while huge parts of the world do not actually get that defense. And the risk is that when a major company does get compromised, the attacker can use the same automation, context, and tooling that made the company productive in the first place. That is why the clean optimism does not work for me. "Good AI will defend us" is not a plan unless you can answer: defend who, with what access, at what cost, against what model capability, with what monitoring, and with what fallback when the AI tool itself becomes part of the attack surface? It's not "AI makes cyber better." Not "AI makes cyber worse." It's both. And that is exactly the problem.