I’ve been thinking a lot recently about why these new models are having such a massive impact on cybersecurity. I think it really comes down to the fact that we’re fine-tuning them mostly on code and building them specifically to reason about that code.

Most people don’t understand cybersecurity all that well. The reality is that anything out there can be hacked. It’s ultimately just a matter of cost. The best defense isn’t about being unhackable. It’s about making it extremely expensive to access certain systems. When you look at the various layers of security, the certifications, and the different postures companies adopt, that’s what it’s really about: How expensive and difficult are we making it to breach this system?

In the short term, these new models change that equation for everyone. But in the long term, I believe they’ll change it so that breaching the most secure systems becomes significantly more expensive.

The reason is that these models enable automated pen-testing frameworks. If you own your own code, you can have these models audit it as part of your continuous integration and testing. We can catch bugs before they ever ship.

We’re seeing a surge in bugs being found right now, and I’m not sure it’s because the world suddenly became less secure. It’s more likely that people have finally discovered how good these models are at finding existing vulnerabilities. Look at what happened with Firefox: their reports for critical vulnerabilities were fairly low, in the tens, for the last five years. Then, over the last two months, that number picked up significantly, and they fixed over 1,000 in just the last month.

To me, that isn’t a statement on the world getting more dangerous; it’s a statement on how insecure the world already was and a sign of where we’re headed.

I’m actually really excited about these automated testing strategies. We might have a temporary period of turbulence as we adjust, but I think we’ll eventually settle into a new equilibrium where things are much more secure than they used to be. There are incredible opportunities right now for building automated pen-testing into almost every digital surface that exists.

As always, the most vulnerable surface will remain the human layer. Hacks are so often the result of someone being exploited, tricked, or targeted because they were being trusting. It warrants a certain level of paranoia, but for me, this shift is much more exciting than it is scary.