infosec

Yes, “AI” will compromise your information security posture. No, not through some mythical self-aware galaxy-brain entity magically cracking your passwords in seconds or “autonomously” exploiting new vulnerabilities.

It’s way more mundane.

When immensely complex, poorly-understood systems get hurriedly integrated into your toolset and workflow, or deployed in your infrastructure, what inevitably follows is leaks, compromises, downtime, and a whole lot of grief.

Complexity means cost and risk

LLM-based systems are insanely complex, both on the conceptual level, and on the implementation level. Complexity has real cost and introduces very real risk. These costs and these risks are enormous, poorly understood – and usually just hand-waved away. As Suha Hussain puts it in a video I’ll discuss a bit later:

I remember trying to buy a TV that does not have “smart” functionality a few years ago. It was a chore. Today it seems nigh-impossible.

By the way, we need a nice way of referring to non-smart devices. I propose: “safe”.

And not just TVs: ovens; refrigerators; dishwashers — all are now “smart”. In fact, it seems that more and more the available non-smart, err, I mean safe models are only the simpler ones, less performant in ways that are not related to any smart functionality.

Safe TVs but without the fancy backlight. Safe refrigerators but without the de-icing system. My Safe TV was available only with lower resolutions than “smart” models of the same brand.

This really annoys me. I am too well aware of security implications of smart devices. I do not want to have to manage regular software updates for whatever number of appliances I have at home, or risk somebody using them in a botnet (or worse).