I asked Bruce Schneier how AI is changing threat modeling. His answer: Forget Generative LLMs, watch out for purpose-built Predictive AI.
Summary
Bruce Schneier warns that purpose-built Predictive AI, not generative LLMs, will drive the next wave of automated hacking, shifting threat modeling priorities in AppSec.
Similar Articles
Building an early warning system for LLM-aided biological threat creation
OpenAI conducted a study with 100 participants to evaluate whether GPT-4 meaningfully increases access to dangerous biological threat creation information compared to internet-only baselines, as part of their Preparedness Framework for AI safety. The research introduces an early warning evaluation methodology to detect AI-enabled biorisk uplift and serves as a potential tripwire for flagging models that require further safety testing.
Most AI security discussions are still focused on “protecting the model.”
This article discusses how AI systems with capabilities like reading internal docs and calling APIs require a new security approach, moving beyond traditional SaaS security to Zero Trust principles for AI agents.
Future AI cyber warfare?
A speculative discussion on how generative AI could accelerate cyber warfare, with AI agents both attacking and defending, potentially leading to autonomous weapon systems and escalation risks.
Strengthening cyber resilience as AI capabilities advance
OpenAI publishes a comprehensive framework for managing cyber capabilities in AI models, noting significant improvements in CTF performance from GPT-5 (27%) to GPT-5.1-Codex-Max (76%), and outlining defense-in-depth safeguards to ensure advanced models primarily benefit defenders while limiting offensive misuse.
AI has another security problem
Article argues that AI-generated code and closed-source software are inherently less secure, and that LLMs like Anthropic’s Mythos will exacerbate vulnerabilities, making open-source projects the only trustworthy option.