Abstract Artificial intelligence (AI) has the potential to automate key tasks in the life cycle of a cyber operation. Many have predicted that AI will revolutionize cyber conflict by enabling offense automation for faster, stealthier, and more damaging attacks. But the revolution has not happened, even though highly capable AI models have been available for several years. This article explains why: There is a gap between defense and offense when it comes to the limits on what AI can do. Cyber offense requires creative deception to burrow into systems and produce desired effects before being discovered. Cyber defense, by contrast, strives to detect such intrusions before they cause harm. AI models struggle with the creativity and deception necessary for offensive operations, but they excel at the pattern recognition that is key for defensive operations. I show that this relative advantage of defensive tasks increases as the stakes increase. I test this theory against experimental and in-the-wild evidence of AI automation in cyber conflict. States that invest in defense automation will likely enjoy a growing advantage over those that prioritize investing in offense automation. Rather than heralding a revolution, AI automation is likely to further tame cyber conflict. Highly skilled human operators, not AI, will be necessary to avoid being detected by AI-empowered defenders.
Lennart Maschmeyer (Thu,) studied this question.