...

LEO

  I'm not. I'm pushing you to the missile defense shield cause I think it
works.

BARTLET

  Based on what?

LEO

  Confidence. And the understanding that there's been a time in the evolution of everything that works when it didn't work.

West Wing - "The Drop-In"

The Pattern of Security Evolution

AI feels like something we’ve never seen before. If we set aside some of the hyperbole, a more rational point of view is that AI is the next big computing change in a long line of core computing we’ve experienced over the last 50+ years. Previous core technologies include: PC+Operating Systems, Websites, Email, Messaging, Search, and Social Media. As each core technology evolved, there is a consistent pattern of increasing the robustness of security features and capabilities. AI shouldn’t be any different.

Actually, if AI will become “control layer” for everything digital (according to Marc Andreesen), it is crucial that AI developers pay closer attention to how we make these systems more verifiably secure by default. This means that the end-users of AI systems do not have to actively think about how to secure their use of AI, rather it is secure by default.

Let’s walk through how previous core technologies increased security measures as they gained adoption.

PCs & Operating Systems

Early PC Operating Systems (like DOS and Windows) were remarkably open, with minimal security features. Anyone could access nearly any part of the system, modify core functions, and interact with other programs freely. Comparatively, today's operating systems are fortresses of security:

• Secure boot chains

• Hardware security modules

• Process isolation

• App sandboxing

• Kernel protection

• Access controls

This evolution wasn't optional - it was necessary for operating systems to be viable in an increasingly hostile & high consequence computing environments.

Email

Email's security evolution is particularly striking. Initially, email was transmitted in all plain text with no authentication, and over open relay servers so anyone could eavesdrop on messages as they traversed the network. Moreover, anyone could send any message to any recipient with no spam filtering available on the exchange server or email client.

Things are different today. Messages are transported over encrypted channels, senders are required to use sender verification schemes like SPF, DKIM, and DMARC. Spam filtering is on by default on most email clients.

This evolution was driven by email becoming unusable without security - spam, phishing, and attacks would have destroyed email's utility.

Websites

Web security evolved from basic password protection to comprehensive security systems. In the early days of the web, we used basic HTTP and passwords were submitted in plain text. Most forms fields were not checked for malicious JavaScript or SQL injection.

In the modern web, HTTPS is on by default and big warnings are placed in front of a user if they are visiting a page outside of HTTPS. For website operators, there tools to guard against denial of service attacks, illegal bot crawlers, and many, many more advances to make the web a secure place to do business.

This evolution was driven by e-commerce requirements, attack prevention, and the need to protect both servers and users.

Messaging

Messaging platforms evolved from open systems to highly secured communications. Similar to email, messaging services like ICQ and AIM relied on plain text (no encryption) and basic authentication.

Today, most messaging services like WhatsApp, iMessage, Signal, and others offer:

• End-to-end encryption

• Perfect forward secrecy

• Advanced authentication

This evolution was driven by the need to protect communications from interception and ensure message integrity.

Search Engines

Search Engines also went through an evolution towards more security by default. For example, early search engines were easily manipulated with falsified information of hidden text to cheat search engine rankings and lure unsuspecting users to their sites. Things have improved dramatically with improvements like:

• PageRank

• Safe Browsing

• Anonymization

These technologies were invented as a result of users and organizations demanding strong security measures. As a result, search engines are critically important for people and organizations on a daily basis.

The Consistent Pattern

Each core technology was introduced with little or no obvious security protections. As usage increased so to did exploits that triggered the invention of security features. And thus the cat and mouse game continues.

This pattern is also evident in AI today. As soon as native AI interfaces like ChatGPT launched, we saw jailbreaking and prompt injection attacks arise.

Now AI developers are introducing guardrailing and red-teaming for their AI models to protect users and data. The demands are coming from enterprise customers and regulators as they want more guarantees around their use of AI.

This paradigm is sufficient for now as the number of AI labs training large models is small, roughly in the tens to hundreds. Each lab can add basic security measures that satisfy their customers.

However, as the tooling and expertise for creating new models get better, the number of models created will expand, as will the number of entities producing those models. It leaves the end-user or enterprise awash in thousands or millions of models to choose from (like the millions of websites to search through). In this paradigm, it will be hard to know which models come with requisite security measures. It will also be important for model customers to verify the security claims offered by the model creator(s).