The social/logistical aspects of cybersecurity vulnerabilities will accelerate greatly due to AI. I'd expect the response from tech-savvy organizations will be to increase the pace of software delivery - a long standing trend for other reasons. Continuous deployment, forced autoupdates, focused research on fraud and suspicious activity detection.
The main risks are around organizations that structurally cannot increase their pace. Think banks, aviation, medical systems, drug manufacturing, areas where because the risks of vulnerabilities/defects has histori...
I'd love to see anonymized version of one of these project documents. For example, with your plan to victory, do you assign actual dates to each concrete step? Or just assign different sections of the plan into milestones that have actual dates? What form factor works? Is a checklist okay, or should it be a spreadsheet?
Regardless, fantastic article, this type of tacit knowledge is usually only made explicit for those within the walls of major companies, so it's nice to have as a reference.
Simon Willison discusses an early version of this employed by the StrongDM team. For context, they build Digital Twins of all the software their system depends on, and have agents run QA testing continually against those digital twins. To verify correctness of the digital twins, one technique they use is verifying client libraries that make use of their dependencies still work. Direct quote from the article:
... (read more)