Cybersecurity's ChatGPT Moment

My co-founders and I got together two years ago to map out the idea that became depthfirst. We had one clear realization, LLMs would be able to discover zero day vulnerabilities in complex codebases at a pace and speed never seen before. We thought that that future would materialize within 18-24 months and we decided that acting on the mission to secure the world’s software was how we wanted to spend the next years of our lives.

It’s now two years later and a lot has changed. depthfirst is a thriving company that helps dozens of businesses secure their software and systems. We trained our first model, dfs-mini1, that achieved state of the art performance on discovering vulnerabilities in smart contracts. We have a full suite of products that leverage AI to help secure our customers’ production environments. And we just raised over $120M and have assembled a phenomenal team that’s helping us realize our mission.

But one of the most important shifts that has happened is a collective realization that cybersecurity is one of the most important parts of responsible and safe development of advanced LLMs. Anthropic’s Mythos brought this realization to the forefront of the collective attention.

Given our mission oriented approach, we are thrilled that this is now getting resources and attention. We truly believe that securing the world’s software before LLM hacking abilities get out in the open requires as many hands on deck as possible.

So, with that urgency in mind, what will the next two years look like? 

Open source abilities and AI driven attacks. Over the next 6-12 months open source models will catch up, in terms of security abilities, to where the closed source models are today. For example, we are starting to see models like GLM-5.1 publish results about surpassing closed source models on benchmarks like CyberGym. 

This is extremely important because closed source models are gated behind safety checks that largely frustrate attempts at misuse for offensive purposes. Open source models can be used for offensive purposes without restrictions.

Model abilities are only going in one direction. RL frameworks are becoming democratized. The cat is out of the bag and it’s only a matter of time until the bad guys get access to this technology in an unrestricted manner. This isn’t FUD, it’s a sober realization that requires action, today.

All security teams in the world know that a sufficiently determined and resourceful attacker could find a way in. If attacks become 10-100x cheaper in the next 12 months, we will have to seriously rethink the speed at which we do security. 

There are trillions of lines of code and highly intricate systems that run our modern way of life. Our electricity, our essential services, food production, banking, financial services, etc. We need to secure them as fast as possible before attackers start picking off the low hanging fruits with AI at scale.

LLMs will discover entire new classes of attacks. Mythos is unsettling because of its ability to operate like a top hacker at scale. Discovering zero days that had gone unnoticed for decades and discovering thousands of zero days across many repos.

However, so far these LLMs are discovering new instances of existing attack classes. We predict that in the next 24 months we will enter an entire new echelon of model abilities. Discovering new classes of attacks.

Think about an LLM discovering an exploitation technique similar to return oriented programming. Or an attack that uses electromagnetic interference like Rowhammer. Or an attack vector that exploits intricate details of cache side channels like Spectre.

Return oriented programming (ROP) involves chaining small code gadgets to exploit a memory corruption vulnerability bypassing defense techniques like DEP. When ROP was first published by Hovav Shacham in 2007, I remember thinking, how can people invent something like this?

Now we should be asking: How many new attack patterns exist out there? What happens when AI is discovering completely unexpected new classes of attacks? One can imagine attacks that involve memory architecture, CPU micro code, physical properties of the underlying computational substrate or cryptographic side channels. Our belief is that the rabbit hole of security goes arbitrarily deep and with enough intelligence there is almost no limit to the sophistication of attacks.

We will have to invest, collectively and at depthfirst, to make sure that defenders are the ones to responsibly discover and patch these entire new classes of attacks.

Security will become an arms race of effective intelligence spending. This is the logical conclusion of the two previous points. In a world where attackers can mount sophisticated and persistent attacks with open source LLMs chaining zero days, defenders need to be continuously scanning their software and systems with AI to discover complex flaws and patch them.

The good news is that the best models are still closed source, so we have a head start. Additionally, defenders will always be able to use intelligence more efficiently because they possess proprietary knowledge about how their software and systems work.

One huge challenge will be figuring out how to patch legacy systems. Decades old systems that run essential parts of our infrastructure. Software that is lost to time but is still running. How does one patch legacy systems at scale? This is a challenge that will require a lot of investment. 

Security spend will increase dramatically. This is in part a corollary of the point above but it deserves exploration as a standalone thought. Security today has the level of spend it has, because we have reached a dynamic equilibrium between attackers and defenders. Businesses spend (typically) a small percentage of their annual budget on security. They are able to provide digital services to their customers largely securely. Breaches do happen, but in a diffuse and background noise kind of way.

The challenge with this view is that this suffers from status quo bias. There is no law of nature that stipulates that our current spend on security is how things should be. It’s the result of a technological equilibrium between attackers and defenders.

Attackers will be able to effectively and profitably scale their attacks. It stands to reason that defenders will have to increase their spend. A lot of the increase in spend will take the form of AI compute spend.

In a world of automated attacks, the time, expertise and resource limits that made breaches somewhat rare will disappear. In the past, attacks required sophisticated teams of experts with large funding. But very soon, we will see democratization and everyone with the wrong intentions will be able to conduct sophisticated attacks. 

Higher investment in cybersecurity will become an existential topic discussed in leadership and Board meetings alike.

Security will see massive consolidation. There is an entire class of security products that has to do with discovering flaws in code and systems. The flaws can range from misconfiguration in the cloud, to first party software vulns, to outdated exploitable open source software, to open ports or overly permissive access controls.

The problem set is the same. There is an artifact (code, piece of infrastructure or configuration) that contains a logical issue that can potentially grant an attacker access outside what the defenders intended.

For decades, we didn’t possess technology that would allow us to operate on this problem holistically. We couldn’t discover logical flaws across widely different environments. We had to rely on painfully crafted rules or difficult to scale formal methods. Each one of these techniques helped, but it could never generalize beyond the domain in which it was crafted. 

LLMs allow us to treat these disparate environments as one object. An LLM that is trained to be better at discovering smart contract vulnerabilities simultaneously gets better at discovering regular software vulns. This generalization has been proven by us and others and it will keep happening.

However, the use of these systems across environments will not be trivial. It will require a new way of thinking about how to automatically discover, verify and remediate issues automatically and safely. It will require the use of AI compute effectively, as not all tasks will need the most capable model. Some tasks might require fast and cheap models. 

It will require moving at machine speed in a way that works within a customer’s security program. It will require, in other words, supporting dozens of workflows inside of complex organizations. 

The goal of a holistic approach is to make sure that organizations can adopt AI defensive technologies as quickly and effectively as possible. Speed of adoption is truly of the essence at this juncture.

---

We are hiring. If you are passionate about our mission, contact us!