AI Agents Let You Automate the Shooting

Posted on by

Today, after completing this course, I came to the conclusion a friend at Mandiant was correct.

Several months ago, my Mandiant friend told me that AI is making things better for cyber attackers than cyber defenders. It was his belief that it increased the defenders attack surface more than it enabled us to rapidly defend ourselves. I wasn’t totally convinced until today.

There are just so many ways that AI’s can be subverted. And to make things worse our management is literally saying, “Everyone should be programming now.”

A few weeks back I was helping a senior manager, who only wrote a few hundred lines of code a couple of decades ago get though the V.P. required coding exercise for all managers. She did okay. She didn’t really like doing it, but she had a Python program that accomplished the task she wanted to do. Python dominates in the security field. It has its advantages but if you want performance and stable programs that are moderately large you are much better off with a statically typed language rather than the dynamic typed Python.

To the naive it may seem that if you can get some code to do what you want it then you are done. Ahhh… no. There are reasons why software developers have version control systems, development, staging, and production systems, unit tests, test driven development, stress tests, code reviews, static and dynamic analysis tools, mutexes, semaphores, locks, locking objects, profilers, and interrupt driven drivers. Management is not going to be able to save money by laying off all the senior developers and writing their own code or even turning the development over to developers with a year or two of experience. I have heard it said that every item on a pilot check list was paid for by the death of one or more people who learned the hard way why that item was important. A similar thing is true with software development. And even if you tell your favorite AI to write safe code and to review it. There will be “issues” that may be accidents, or an agent gone rogue. But there will be issues that people will pay a high price for.

After finishing the course, I had a discussion with Chat GPT on this and related topics. During the course of the discussion it told me a joke that rang just a little too true:

As an old C programmer, you may appreciate another version of the joke:

Dynamic languages let you shoot yourself in the foot faster.

AI agents let you automate the shooting.

Share

One thought on “AI Agents Let You Automate the Shooting

  1. One of the more obvious (to me) problems is that by laying off the junior devs and using senior devs with AI-boosted productivity, they have nuked the pipeline that turns young programmers into senior devs over a number of years of experience.

    Suddenly the plot device used in so many S/F stories of “they forgot how to do things” doesn’t sound so unlikely.

    Are you seeing any evidence in your workplace they are thinking very far past the next quarterly or annual reports, WRT people development?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.