If we have Hacker-AI on a developer machine, we have a huge problem: Hacker-AI could sabotage basic security implementations via hidden backdoors or weak compilation tools. However, I am not giving up on seeking solutions to convince humans/experts that there are no hidden/late modifications or interferences from Hacker-AI. Trust must be earned; this could only come from constantly scrutinized source code and development tools.
Yap, I checked out Mayhem a while ago -- it seems to be an automated test case generation engine.
From what I read - they are probably not using Reverse Code Engineering (RCE) tools for their analysis; instead, they use the source of an app – still, this is pretty good. Their software found some vulnerabilities, but honestly, I am a bit disappointed they didn’t find more (because they are likely not going lower level). However, they deserve a lot of credit for being a pioneer in cyber-defense. The Challenge was 6 years ago -- So, is Mayhem all we have...
Why has Hacker-AI not been discussed more?
Well, we should start now ...
In 2018, I was listening to the change in US Nuclear Posture -- saying that US could retaliate nuclear on a cyber attack. At that time I thought that kind of counter-threat is way out of line - "disproportional" -- A cyberwar via hacking would be an inconvenience -- rebooting a few machines and being prepared to replace some harddrives. But now I understand better. I believe the security establishment knew much more about our vulnerabilities than what they were sharing with us. &n...
You mention proactive, preventative steps in damage mitigation.
There are other methods:
What I don't understand: Why are we quiet about this problem? It seems the people knowing about this problem (a long time) are not even dare to call for help. wow ... how courageous.
I have posted "Improved Security to Prevent Hacker-AI and Digital Ghosts" -- providing a technical solution for dealing with Hacker-AI and Digital Ghosts.
Overestimating to which degree Hacker-AI could make itself undetectable? And do I potentially underestimate the effort of making a digital ghost undetectable for malware detection? I disagree because I have answered the following questions for myself.
(1) How conceptionally different are the various operating systems? In 1,000s of details, I believe they are different. But the concepts of how they are designed and written are similar among all multitasking/multithreading OS. Even multi-processing OS are built on similar but extended concepts.
(2) If we...
I think you are massively overestimating the ability of even a very strong narrow hacker AI to hide from literally everyone.
I seriously hope you are right, but from what I’ve learned, Reverse Code Engineering (RCE) is not done quickly or easily, but it’s a finite game. I know the goal; then, I believe you can define rules and train an AI. RCE is labor-intensive; AI could save me a lot of time. For an organization that hires many of the brightest IT minds, I m convinced they ask the right questions for the next iteration of Hacker-AI. I may overestima...
Indeed, I didn't see that or forgot about it -- I was pulling my memory when responding. So you might be right that Mayhem is doing RCE.
But what I remember distinctively from the DARPA challenge (also using my memory): their "hacking environment" was a simplified sandbox, not a full CISC with a complex OS.
In the "capture-the-flag" (CTF) hacking competition with humans (at DEFCON 2016), Mayhem was last. This was 6 years ago, we don't know how good it is now (probably MUCH better, but still, it is a commercial tool used in defense).
I am more worried ab... (read more)