Hacker News Front Page
중도 성향
IT/기술
Universal Memory Protocol – a shared format for agent memory
Comments
🇺🇸 미국 · "PROTOCOL" · 총 17건
필터 보기현재 지수
50.0
0 = 부정 우세
50 = 중립
100 = 긍정 우세
최근 7일 기준 11,339건을 분석한 결과, 뉴스 심리지수는 50.0(균형)입니다. 긍정 1건(0.0%)·중립 11,337건(100.0%)·부정 1건(0.0%)이며, 중립 비중이 뚜렷하게 높습니다. 성향 지수는 종합 19.1(중도 균형)입니다.
Comments
Don't talk to extraterrestrial strangers, they warn.
Ambassador Monica Crowley, the 35th chief of protocol of the United States, called herself an anglophile, saying she "grew up sort of watching the royal family."
Comments
The sheriff overseeing the Nancy Guthrie suspected abduction case blames lab work and scientific protocols for delays as it enters month four.
The White House official who manages all aspects of diplomatic activities says President Trump's ballroom is a must for the United States to put its best foot forward in hosting foreign leaders and large-scale events.
Comments
The center is also continuing to work with law enforcement and hired security professionals to evaluate additional safety measures.
Trump administration officials want local health authorities to constantly monitor the 18 passengers for another three weeks, a requirement that far exceeds typical protocols.
Soccer authorities in the Democratic Republic of Congo (DRC) affirmed on Wednesday that its national team and support staff will be able to abide by all public health protocols to participate in the FIFA World Cup scheduled to begin on June 11 and hosted by America, Canada, and Mexico. The post DR Congo Assures U.S. Its Soccer Team Will Not Bring Ebola to World Cup appeared first on Breitbart.
Comments
This sponsored article is brought to you by Wetour Robotics. A field technician on a wind turbine, harness clipped, both hands on a wrench, needs to send a command to the diagnostic device hanging at her belt. A logistics worker on a loading dock, gloves on, eyes on the pallet, needs to redirect a connected lift. A person using an assistive mobility device on a crowded street wants to nudge it forward without taking out a phone or speaking aloud. None of these moments call for a smarter robot. They call for a smarter way to be heard by the machines that already exist. The industry has been building from one side The past three years of Physical AI have been a story of remarkable progress on the robot side of the loop. Companies like Boston Dynamics, Figure, and Unitree have advanced actuators, locomotion, and dexterity to a level that would have seemed implausible a decade ago. Google DeepMind’s Gemini Robotics has redefined what vision-language-action models can do in unstructured settings. The trajectory of the hardware and the foundation models is real, and it is accelerating. But there is another side to this loop, and it has been treated as a solved problem for too long. The interface between humans and machines has defaulted, for 40 years, to three input modalities: screens, buttons, and voice. Each of those assumes the user can stop, look down, and translate intent into structured commands. That assumption breaks the moment the work moves into a real environment. On a turbine. On a dock. On a sidewalk. In any setting where hands are occupied, eyes are committed, or speaking is impractical, the conventional interface stack quietly fails. Spatial Intent Fusion is the simultaneous processing of three streams of human-centered information, namely spatial position, visual context, and gestural intent: Your body is the interface. The bottleneck on the human side of the loop is becoming as important as the one on the machine side. And solving it requires a different question. Not how do we make the robot more capable, but how do we let the human participate in the computing system as naturally as the robot already does. Wetour Robotics’ bet: put the human back into the computing loop Wetour Robotics is betting that the next architectural leap in Physical AI is not about making the robot more capable. It is about making the human a first-class node in the computing network, with the same kind of low-latency, high-fidelity participation that connected devices already enjoy. Wetour Robotics’ engineers frame the problem this way: a wristband that recognizes a gesture is not enough. A camera that recognizes a scene is not enough. The information a human carries about what they are about to do is distributed across multiple channels, including where their body is in space, what their eyes are attending to, and what their muscles are preparing to do, and any single channel observed in isolation is ambiguous. Reconstructing intent reliably means fusing those channels at the operating system level, with latency low enough that the loop feels closed rather than mediated. This approach has a name. Wetour Robotics calls it Spatial Intent Fusion: the simultaneous processing of three streams of human-centered information, namely spatial position, visual context, and gestural intent, fused into a single real-time command for any connected physical device. It is the technical implementation behind a simpler positioning statement the company uses externally: your body is the interface. Orchestra is a portable intelligent hub running the operating system that handles sensor fusion, intent inference, command translation, and safety arbitration. The reference compute platform is NVIDIA Jetson Orin Nano Super, which provides enough on-device inference capacity to keep the entire control loop at the edge, with no cloud dependency on the critical path. Wetour Robotics The architecture: three layers, four engines, one loop Orchestra is not a single device but a layered platform, designed from the start to be sensor-flexible and actuator-agnostic. The architecture decomposes into three perception layers and four coordination engines. Orchestra itself is the local compute and orchestration core: a portable intelligent hub running the operating system that handles sensor fusion, intent inference, command translation, and safety arbitration. The reference compute platform is NVIDIA Jetson Orin Nano Super, which provides enough on-device inference capacity to keep the entire control loop at the edge, with no cloud dependency on the critical path. Edge inference is non-negotiable for this application. Full-chain latency from biosignal acquisition to actuator command is held under 100 milliseconds, the envelope inside which closed-loop control feels natural rather than laggy. VisionLink handles visual and spatial perception. Cameras feed into vision models that identify objects, estimate distances, and track environmental context. VisionLink is designed not as a passive recognition layer but as a real-time command generator: its outputs feed directly into Orchestra OS to be fused with biosignal data. Conductor is the biosignal pipeline. It ingests raw surface electromyographic (sEMG) data from a wrist-worn device, classifies temporal patterns into discrete gestures or continuous control signals, and outputs actuator commands. The technically interesting property of sEMG for this use case is that the signal precedes visible motion. Motor unit action potentials appear at the skin surface roughly 50 to 80 milliseconds before a finger completes the corresponding gesture. Wetour Robotics calls this property pre-motion intent sensing, and it is what allows Orchestra to anticipate user intent rather than react to it. On top of the three perception layers, Orchestra OS runs four coordination engines. The Perception Engine ingests and normalizes raw sensor streams. The Intent Engine performs Spatial Intent Fusion across modalities, resolving what the user is trying to do given where they are, what they are looking at, and what their hand is signaling. The Orchestration Engine translates intent into device-specific command sequences for any connected actuator. The Safety Engine arbitrates conflicting commands, enforces operational envelopes, and gates execution against runtime safety conditions. Wetour Robotics The trade-offs we’re honest about No system that bridges the human body and the digital world is finished. Three engineering challenges remain open, and the company addresses each with a deliberate trade-off rather than a claim of having fully solved it. Baseline stability of sEMG under motion. In a stationary user, continuous gesture recognition from sEMG is reliable. Once the user is walking, climbing, or otherwise moving, motion artifacts and electrode drift degrade the signal in ways that are difficult to fully compensate for. Rather than overpromise on continuous control in dynamic settings, Orchestra defaults to a smaller set of robust discrete gestures in complex operating environments, and reserves continuous control modes for contexts where the signal-to-noise ratio supports them. Miniaturization of edge AI compute. Running the Orchestra control loop entirely at the edge requires real on-device inference, which has historically meant trading off between compute capacity, battery life, and form factor. Wetour Robotics’ approach has been a compact carrier board paired with a thermal design and a battery module sized for all-day wearability. The result is a hub that travels with the user rather than tethering them to a desk, and that performs the full perception-to-actuation loop without offloading to the cloud. Heterogeneity of third-party device protocols. The actuator side of the loop is a fragmented landscape. Different manufacturers expose different command interfaces, different communication stacks, and different safety conventions, and a Physical AI operating system has to integrate with all of them. Wetour Robotics uses an AI-agent layer to negotiate connection and protocol translation adaptively, so that Orchestra OS can ingest data from a wide range of devices, run them through neural network models that infer human intent, and emit the right command on the right protocol for the device on the other end. Why this matters, and why it helps the rest of the field The history of computing is a history of interface revolutions. Command lines gave way to graphical user interfaces, which gave way to touch, which gave way to voice. Each transition expanded who could participate in the system and what they could do with it. The next transition is not about a new screen or a new microphone. It is about treating the human body itself as a participant in the computing network, capable of contributing intent at the same speed and fidelity that any other connected node can. The history of computing is a history of interface revolutions. The next transition is not about a new screen or a new microphone — it is about treating the human body itself as a participant in the computing network. This path is not a competitor to the work being done on humanoid robots, foundation models for embodied AI, and dexterous manipulation. It is the missing complement to that work. The hardest open problem for humanoid systems is the data: every natural interaction between a human and the physical world is a potential training signal, and most of those interactions are currently invisible to any computing system. As more humans become first-class nodes in the loop, those interactions become observable, structured, and ultimately useful for training the next generation of embodied AI, including the humanoid robots being developed today. In other words: putting the human back into the computing loop is not just about better interfaces for individual users. It is about generating the kind of grounded, in-the-wild human-machine interaction data that the broader Physical AI ecosystem will need to keep advancing. The robot side and the human side of the loop are not two competing futures. They are two halves of the same one. That is what Wetour Robotics means when it says: Your body is the interface. Learn more at wetourrobotics.com.
In the late 1940s—when computer engineers were grappling with unreliable hardware and noisy transmission environments—a team of engineers inside a modest lab at the University of Manchester, England, confronted a problem so fundamental that it threatened the viability of digital computing itself. Machines could generate bits, but they could not reliably read them back. The inconsistent reading back of memory data did not initially present itself as a grand theoretical challenge. It showed up as something more mundane: inconsistent computing results. Engineers including Frederic C. Williams, Tom Kilburn, and G. E. (Tommy) Thomas traced the failures not to logic errors but to the physical behavior of the machines themselves. The team devised a technique for keeping a transmitter and a receiver synchronized without relying on a separate clock signal. Their innovation, known as Manchester code or phase encoding, encoded each bit with a transition in the middle of the bit period, effectively embedding timing information directly into the data stream to be a self-clocking signal. So, even if the signal degraded or the timing drifted slightly, the receiver could continually keep time based on those regular transitions. By eliminating the need for separate clocks and reducing synchronization errors, Manchester code made data transfer more robust across cables and circuits. Those qualities later made it a natural fit for technologies such as Ethernet and early data storage systems. Its self-clocking nature helped standardize how machines communicate, and it laid the groundwork for modern networking and digital communication protocols. On 13 April 2026, this breakthrough was honored with an IEEE Milestone plaque during a ceremony at the University of Manchester. Dignitaries from IEEE and the university attended the ceremony. Embedding timing in signals Those 1940s Manchester University engineers were working on systems that fed into the Manchester Mark I, one of the first practical stored-program machines. When troubles arose, they used oscilloscopes to probe signals. They found that electrical pulses did not arrive with consistent timing. Memory signals also blurred over time, making them harder to read, and when long runs of identical bits occurred, the waveform flattened into stretches with no transitions. That led to a crucial insight: The problem was not just detecting whether a signal was high or low; the system also lost track of when to sample the signal. Without reliable timing markers, even correctly formed signals were misread. Bits could effectively be lost or miscounted because the system fell out of sync. At first, the engineers tried to tame the hardware. They experimented with stabilizing circuits and more consistent pulse generation, attempting to impose a regular rhythm on an inherently unstable system. But the fixes proved fragile, and the electronics of the day could not maintain the required precision. So the Manchester group took a different approach. If the hardware could not provide a dependable clock, the signal itself would have to carry one. Instead of representing data as static levels, each bit changed state, with a guaranteed transition in the middle. Embedding timing in the signal reduced erratic behavior. Machines were suddenly able to reliably transmit, store, and read back data—an essential step toward practical stored-program computing. Making signals unmistakable The Manchester code addressed several issues at once. Regular transitions allowed continuous timing recovery. Transitions proved easier to detect than static levels, and long runs of identical bits no longer produced flat, ambiguous waveforms. Rather than fighting the imperfections of early electronics, the design worked with them. From lab curiosity to a global standard What began as a local solution in Manchester shaped digital communication systems for decades, including early Ethernet technology, for which timing and shared-medium communication were central challenges. According to Robert Metcalfe, a member of the team that built the first Ethernet system at Xerox PARC in 1973, he and his colleagues relied on Manchester code. “Manchester code solved a fundamental problem for us: timing,” Metcalfe says, explaining that each bit carried its own clock and removed the need for a global synchronized signal. That self-clocking property wasn’t the only benefit provided by the encoding scheme. On a shared coaxial cable, Manchester encoding did more than provide timing. Each transceiver left the medium undriven—effectively “off”—most of the time, allowing packets from other machines to pass without interference. Even during transmission, a station drove the signal only about half the time, leaving the line undriven during the other half of each bit cycle. This distinction—between a driven signal and an undriven line, rather than simple 1s and 0s—allowed receivers to recover both data and clock timing while also monitoring the cable for other activity. If a transceiver detected a signal when it expected the line to be undriven, the signal indicated that another station was transmitting at the same time. In other words, the system could detect collisions in real time and respond accordingly. The idea has proven durable far beyond local networks. Manchester code is being used aboard the Voyager spacecraft, which are now cruising through interstellar space—underscoring its reliability in extreme environments. The code also has found its way into everyday consumer electronics. Infrared remote controls for televisions and audio equipment commonly rely on Manchester code through protocols such as RC-5, developed by Philips in the early 1980s. The protocol encodes commands as timed infrared signals transmitted by a handset’s integrated circuit and LED, allowing devices to reliably interpret button presses even through noise and signal distortion. Manufacturers across Europe—and many in the United States—adopted the approach, extending Manchester code into the home. Why the Milestone matters An IEEE Milestone designation recognizes technologies with enduring impact. Manchester code qualifies because it solved a foundational timing problem at a critical moment in computing history. Without a way to embed timing in the data itself, early digital systems would have remained fragile and unreliable. Manchester code helped transform them into dependable machines, and it enabled much of today’s digital communication. “Manchester code solved a fundamental problem for us: timing,” —Robert Metcalfe, an Ethernet inventor Key participants at the plaque dedication ceremony included Tom Coughlin, 2024 IEEE president; Duncan Ivison, University of Manchester president and vice chancellor, and Nagham Saeed, chair of the IEEE U.K. and Ireland Section. Talks by Kees Schouhamer Immink (the 2017 IEEE Medal of Honor laureate probably best known for his work that made compact discs and other high-density digital media practical) and Peter Green (Manchester’s deputy dean for the engineering faculty) highlighted the code’s lasting impact on digital data storage and communications. The IEEE Milestone plaque for the Manchester code reads: “At this site in 1948–1949, Manchester code was invented for reliably encoding digital data stored on the Manchester Mark I computer’s magnetic drum. It became a standard for computer magnetic tapes and floppy disks and was used in digital communications, including the Voyager 1 and 2 spacecraft and early Ethernet networks. It found wide use in domestic remote controllers, radio frequency identification (RFID) tags, and many control network standards.” Administered by the IEEE History Center and supported by donors, the Milestone program recognizes outstanding technical developments worldwide. The IEEE U.K. and Ireland Section sponsored the nomination.
The IEEE Communications Society (ComSoc)’s Research Collaboration Pitch Session initiative is proving to be a catalyst for meaningful engagement between academic researchers and industry innovators. Launched last year, the program connects promising researchers with industry leaders who can offer them funding, mentorship, and connections to bring interesting ideas closer to real-world deployment. Rather than relying on chance encounters at conferences, the pitch sessions create a focused environment. Five academic presenters share their work with five industry representatives, known as “innovation scouts”: senior leaders primarily chosen from ComSoc’s Corporate Program partner companies such as Ericsson, Intel, Keysight, and Nokia. The curated format ensures that each idea receives dedicated attention from professionals who are seeking new concepts aligned with their organization’s priorities. The initiative was launched in November at the IEEE Middle East Conference on Communications and Networking (MECOM) in Cairo and appeared in December at the IEEE Global Communications Conference (GLOBECOM) in Taipei, Taiwan. AI-driven communication network One of the most compelling outcomes came from the inaugural session in Cairo. Angela Waithaka, a student member and biomedical engineering student at Kenyatta University, in Nairobi, Kenya, presented her “AI-Driven Predictive Communication Networks for Enhanced Performance in Resource-Constrained Environments” paper. You can view her presentation along with others on IEEE.tv. Waithaka’s research tackles a critical challenge: Next-generation communication systems increasingly rely on artificial intelligence and machine learning, yet most existing architectures consume abundant computational and energy resources, which are not always present in developing regions. Waithaka proposed lightweight, adaptive AI/machine learning models capable of delivering predictive, reliable communication performance even under tight resource constraints. Her vision resonated with Ruiqi “Richie” Liu, a master researcher at ZTE in China. ZTE is a global leader in integrated information and communication technology solutions. Liu says he recognized the relevance Waithaka’s proposal had to his company’s work with the International Telecommunication Union. He invited her to establish an ITU account so she could participate in the organization’s meetings discussing global telecommunications standardization projects—which would elevate her work to an international stage. Simplifying data center protocols The momentum continued at GLOBECOM. Among the presenters was Nirmala Shenoy, a professor at the Rochester Institute of Technology, in New York. Shenoy, an IEEE member, spoke on the topic of simplifying data center network protocols. She highlighted the growing complexity of the critical networks, which underpin cloud services, enterprise IT, and emerging AI workloads. Shenoy’s focus on reducing protocol complexity while maintaining scalability, resilience, and low latency caught the attention of an innovation scout from Nokia, who heads its eXtended Reality Lab in Madrid. He found the key person at Nokia for Shenoy to connect with to discuss her research, and it led her to record a video for the company detailing her approach and its potential applications. A model for accelerating innovation The early success stories demonstrate the power of intentional, structured engagement. By bringing researchers and industry leaders together in a format designed for discovery, ComSoc is helping accelerate innovation and expand opportunities for collaboration. The pitch sessions are not merely conference events; they are becoming a bridge between academic creativity and industry implementation. This year sessions will be held during the IEEE International Conference on Communications in Glasgow from 24 to 28 May, and more are scheduled during the IEEE International Mediterranean Conference on Communications and Networking in Sardinia from 6 to 9 July, and at GLOBECOM in Macau from 7 to 11 December. As the program continues to grow, it could become a signature ComSoc initiative, one that strengthens the research ecosystem, supports emerging talent, and ensures that promising ideas find pathways to real-world impact.
Cybersecurity consultants have never been more in demand. Information security analyst roles are projected to grow nearly 30 percent between now and 2034, according to the U.S. Bureau of Labor Statistics. More than 15 million cybercrime incidents occurred worldwide in 2024, Statista reported. Data breaches are costly and pose direct safety risks. Statista reported that more than US $10 trillion is spent annually repairing the damage caused by cybercrime, most commonly phishing, spoofing, extortion, and data breaches. In one example in the United States, breathalyzer devices installed in vehicles became disabled, leaving hundreds of drivers stranded, as detailed in an IEEE Spectrum article. To help you acquire the skills you need to distinguish yourself from other cybersecurity job candidates, the IEEE Computer Society offers a “What Makes a Great Cybersecurity Consultant” guide. The 23-page PDF includes hard and soft skills you need, a list of certifications to pursue, and key IEEE cybersecurity conferences for staying updated on developments in the field. The guide includes advice from two cybersecurity experts. John D. Johnson, an IEEE senior member, is the founder and CEO of Aligned Security in Bettendorf, Iowa. Ricardo J. Rodriguez is an associate professor of computer science and systems engineering at the Universidad de Zaragoza, in Spain, who researches digital forensics and other cybersecurity topics. “Technology, remote work, and a shortage of skilled workers make this the ideal time to consider becoming a cybersecurity consultant,” Johnson says in the guide. “Consulting can give you the flexibility, variety, and control over where you want your career to go.” Hard and soft skills At a minimum, cybersecurity professionals should have a general understanding of IT including operating systems, communication protocols, network architecture, and programming languages such as C++, Java, and Python. They also should be well-versed in security auditing, firewall management, penetration testing, and encryption technologies. The principles of ethical hacking and coding would be handy as well. “To be able to defend a system well, you first have to know how to attack it,” Rodriguez says. The guide explains that there are now more technologies available to help cybersecurity consultants monitor threats and protect systems. They include security orchestration, automation, and response (SOAR) platforms, which automate workflows to collect security data, streamline incident response, and automate repetitive tasks. Rodriguez points to advances in domain name system security extensions (DNSSEC), which uses digital signatures based on public-key cryptography to strengthen the authentication of the domain name system. By validating data authenticity, DNSSEC safeguards against attacks such as DNS spoofing and guarantees that users connect to the correct IP address. Technologies such as artificial intelligence, blockchain, and quantum computing will increasingly be used to help thwart cyberattacks, the guide suggests. AI is expected to enhance the quality of data analysis, Rodriguez says. Although hard skills are important, soft skills are just as crucial, according to the guide. Critical thinking, project management, flexibility, teamwork, and organizational and presentation skills are essential. It’s not enough to be good at analyzing security vulnerabilities; you also need to clearly describe the situation and explain possible solutions. “Soft skills are important to achieve good team cohesion,” Rodriguez says, “because consultants often lead diverse teams from within their client’s organization.” “It’s essential,” Johnson adds, “that you demonstrate to clients you’re a team player and a capable communicator, and that you meet your commitments.” Security certifications Possessing security-specific credentials is a valuable way to demonstrate your expertise to potential clients, according to the guide. Because hundreds of certifications are available, Johnson says, pinpointing the most relevant ones can be challenging. Some people focus on theoretical knowledge, while others want to cover practical applications of technology. “Survey the industry and compare it to your skills,” Johnson recommends. “Decide what you want to do, and identify where you have gaps in your skills and experience.” Here are four of the nine certifications listed in the guide that are frequently cited as being important. All the providers are cybersecurity organizations. Certified information security manager. This globally recognized certification from the ISACA is for professionals managing enterprise information security. Certified cloud security professional. Offered by ISC2, this credential validates advanced technical skills in designing, managing, and securing cloud infrastructure. Certified ethical hacker. This certification from the International Council of E-Commerce Consultants (C-Council) confirms proficiency in using methods commonly employed by malicious hackers to detect vulnerabilities. Offensive security certified professional. A hands-on, 24-hour certification exam offered by OffSec covers practical testing skills. Additional industry-specific certifications might be required for organizations in finance, government, health care, or manufacturing. Sound general knowledge—backed by experience, training, and certification—is an essential foundation for being a specialist, Johnson says. Conferences and networking opportunities Events sponsored by the IEEE Computer Society can help you learn about the latest research and advancements in cybersecurity: IEEE Symposium on Security and Privacy, from 18 to 21 May in San Francisco. IEEE European Symposium on Security and Privacy, from 6 to 10 July in Lisbon. IEEE International Conference on Cyber Security and Resilience, from 3 to 5 August in Lisbon. IEEE Secure Development Conference, from 14 to 16 October in Indianapolis. Conferences can give you insight into the field and let you do some networking, but it’s important to network elsewhere as well, experts say. Consider joining the IEEE Technical Community on Security and Privacy, which connects experts and professionals advancing research in areas such as encryption, operating system security, and data privacy. Learning and meeting people keeps your knowledge sharp and can lead to mentorship opportunities with established cybersecurity consultants, Johnson says. Other IEEE resources The IEEE Computer Society’s cybersecurity resources page offers a wealth of information including fundamentals, possible career paths, and standards development. To keep you updated on trends, the society publishes IEEE Transactions on Privacy and the IEEE Security and Privacy magazine. In addition to the guide, the IEEE Learning Network offers nearly 30 courses on cybersecurity. And you can find research papers in the IEEE Xplore Digital Library.
Transforming a newly discovered software vulnerability into a cyberattack used to take months. Today—as the recent headlines over Anthropic’s Project Glasswing have shown—generative AI can do the job in minutes, often for less than a dollar of cloud-computing time. But while large language models present a real cyberthreat, they also provide an opportunity to reinforce cyberdefenses. Anthropic reports its Claude Mythos preview model has already helped defenders preemptively discover over a thousand zero-day vulnerabilities, including flaws in every major operating system and web browser, with Anthropic coordinating disclosure and its efforts to patch the revealed flaws. It is not yet clear whether AI-driven bug finding will ultimately favor attackers or defenders. But to understand how defenders can increase their odds, and perhaps hold the advantage, it helps to look at an earlier wave of automated vulnerability discovery. In the early 2010s, a new category of software appeared that could attack programs with millions of random, malformed inputs—a proverbial monkey at a typewriter, tapping on the keys until it finds a vulnerability. When such “fuzzers” like American Fuzzy Lop (AFL) hit the scene, they found critical flaws in every major browser and operating system. The security community’s response was instructive. Rather than panic, organizations industrialized the defense. For instance, Google built a system called OSS-Fuzz that runs fuzzers continuously, around the clock, on thousands of software projects. So software providers could catch bugs before they shipped, not after attackers found them. The expectation is that AI-driven vulnerability discovery will follow the same arc. Organizations will integrate the tools into standard development practice, run them continuously, and establish a new baseline for security. But the analogy has a limit. Fuzzing requires significant technical expertise to set up and operate. It was a tool for specialists. An LLM, meanwhile, finds vulnerabilities with just a prompt—resulting in a troubling asymmetry. Attackers no longer need to be technically sophisticated to exploit code, while robust defenses still require engineers to read, evaluate, and act on what the AI models surface. The human cost of finding and exploiting bugs may approach zero, but fixing them won’t. Is AI Better at Finding Bugs Than Fixing Them? In the opening to his book Engineering Security (2014), Peter Gutmann observed that “a great many of today’s security technologies are ‘secure’ only because no one has ever bothered to look at them.” That observation was made before AI made looking for bugs dramatically cheaper. Most present-day code—including the open source infrastructure that commercial software depends on—is maintained by small teams, part-time contributors, or individual volunteers with no dedicated security resources. A bug in any open source project can have significant downstream impact, too. In 2021, a critical vulnerability in Log4j—a logging library maintained by a handful of volunteers—exposed hundreds of millions of devices. Log4j’s widespread use meant that a vulnerability in a single volunteer-maintained library became one of the most widespread software vulnerabilities ever recorded. The popular code library is just one example of the broader problem of critical software dependencies that have never been seriously audited. For better or worse, AI-driven vulnerability discovery will likely perform a lot of auditing, at low cost and at scale. An attacker targeting an under-resourced project requires little manual effort. AI tools can scan an unaudited codebase, identify critical vulnerabilities, and assist in building a working exploit with minimal human expertise. Research on LLM-assisted exploit generation has shown that capable models can autonomously and rapidly exploit cyber weaknesses, compressing the time between disclosure of the bug and working exploit of that bug from weeks down to mere hours. Generative AI-based attacks launched from cloud servers operate staggeringly cheaply as well. In August 2025, researchers at NYU’s Tandon School of Engineering demonstrated that an LLM-based system could autonomously complete the major phases of a ransomware campaign for some $0.70 per run, with no human intervention. And the attacker’s job ends there. The defender’s job, on the other hand, is only getting underway. While an AI tool can find vulnerabilities and potentially assist with bug triaging, a dedicated security engineer still has to review any potential patches, evaluate the AI’s analysis of the root cause, and understand the bug well enough to approve and deploy a fully functional fix without breaking anything. For a small team maintaining a widely-depended-upon library in their spare time, that remediation burden may be difficult to manage even if the discovery cost drops to zero. Why AI Guardrails and Automated Patching Aren’t the Answer The natural policy response to the problem is to go after AI at the source: holding AI companies responsible for spotting misuse, putting guardrails in their products, and pulling the plug on anyone using LLMs to mount cyberattacks. There is evidence that pre-emptive defenses like this have some effect. Anthropic has published data showing that automated misuse detection can derail some cyberattacks. However, blocking a few bad actors does not make for a satisfying and comprehensive solution. At a root level, there are two reasons why policy does not solve the whole problem. The first is technical. LLMs judge whether a request is malicious by reading the request itself. But a sufficiently creative prompt can frame any harmful action as a legitimate one. Security researchers know this as the problem of the persuasive prompt injection. Consider, for example, the difference between “Attack website A to steal users’ credit card info” and “I am a security researcher and would like secure website A. Run a simulation there to see if it’s possible to steal users’ credit card info.” No one’s yet discovered how to root out the source of subtle cyberattacks, like in the latter example, with 100 percent accuracy. The second reason is jurisdictional. Any regulation confined to U.S.-based providers (or that of any other single country or region) still leaves the problem largely unsolved worldwide. Strong, open-source LLMs are already available anywhere the internet reaches. A policy aimed at handful of American technology companies is not a comprehensive defense. Another tempting fix is to automate the defensive side entirely—let AI autonomously identify, patch, and deploy fixes without waiting for an overworked volunteer maintainer to review them. Tools like GitHub Copilot Autofix generate patches for flagged vulnerabilities directly with proposed code changes. Several open-source security initiatives are also experimenting with autonomous AI maintainers for under-resourced projects. It is becoming much easier to have the same AI system find bugs, generate a patch, and update the code with no human intervention. But LLM-generated patches can be unreliable in ways that are difficult to detect. For example, even if they pass muster with popular code-testing software suites, they may still introduce subtle logic errors. LLM-generated code, even from the most powerful generative AI models out there, is still subject to a range of cyber-vulnerabilities. A coding agent with write access to a repository and no human in the loop is, in so many words, an easy target. Misleading bug reports, malicious instructions hidden in project files, or untrusted code pulled in from outside the project can turn an automated AI codebase maintainer into a cyber-vulnerability generator. Guardrails and automated patching are useful tools, but they share a common limitation. Both are ad hoc and incomplete. Neither addresses the deeper question of whether the software was built securely from the start. The more lasting solution is to prevent vulnerabilities from being introduced at all. No matter how deeply an AI system can inspect a project, it cannot find flaws that don’t exist. Memory-Safe Code Creates More Robust Defenses The most accessible starting point is the adoption of memory-safe languages. Simply by changing the programming language their coders use, organizations can have a large positive impact on their security. Both Google and Microsoft have found that roughly 70 percent of serious security flaws come down to the ways in which software manages memory. Languages like C and C++ leave every memory decision to the developer. And when something slips, even briefly, attackers can exploit that gap to run their own code, siphon data, or bring systems down. Languages like Rust go further; they make the most dangerous class of memory errors structurally impossible, not just harder to make. Memory-safe languages address the problem at the source, but legacy codebases written in C and C++ will remain a reality for decades. Software sandboxing techniques complement memory-safe languages by addressing what they cannot—containing the blast radius of vulnerabilities that do exist. Tools like WebAssembly and RLBox already demonstrate this in practice in web browsers and cloud service providers like Fastly and Cloudflare. However, while sandboxes dramatically raise the bar for attackers, they are only as strong as their implementation. Moreover, Anthropic reports that Claude Mythos has demonstrated that it can breach software sandboxes. For the most security-critical components, where implementation complexity is highest and the cost of failure greatest, a stronger guarantee still is available. Formal verification proves, mathematically, that certain bugs cannot exist. It treats code like a mathematical theorem. Instead of testing whether bugs appear, it proves that specific categories of flaw cannot exist under any conditions. AWS, Cloudflare, and Google already use formal verification to protect their most sensitive infrastructure—cryptographic code, network protocols, and storage systems where failure isn’t an option. Tools like Flux now bring that same rigor to everyday production Rust code, without requiring a dedicated team of specialists. That matters when your attacker is a powerful generative-AI system that can rapidly scan millions of lines of code for weaknesses. Formally verified code doesn’t just put up some fences and firewalls—it provably has no weaknesses to find. The defenses described above are asymmetric. Code written in memory-safe languages—separated by strong sandboxing boundaries and selectively formally verified—presents a smaller and much more constrained target. When applied correctly, these techniques can prevent LLM-powered exploitation, regardless of how capable an attacker’s bug-scanning tools become. Generative AI can support this more foundational shift by accelerating the translation of legacy code into safer languages like Rust, and making formal verification more practical at every stage. Which helps engineers write specifications, generate proofs, and keep those proofs current as code evolves. For organizations, the lasting solution is not just better scanning but stronger foundations: memory-safe languages where possible, sandboxing where not, and formal verification where the cost of being wrong is highest. For researchers, the bottleneck is making those foundations practical—and using generative AI to accelerate the migration. But instead of automated, ad hoc vulnerability patching, generative AI in this mode of defense can help translate legacy code to memory-safe alternatives. It also assists in verification proofs and lowers the expertise barrier to a safer and less vulnerable codebase. The latest wave of smarter AI bug scanners can still be useful for cyberdefense—not just as another overhyped AI threat. But AI bug scanners treat the symptom, not the cause. The lasting solution is software that doesn’t produce vulnerabilities in the first place.
It started with word, cave, and storytelling, A line scratched on stone walls: “Meet me when the young moon rises.” The first protocol for connection. Coyote tales, forbidden scripts, Medieval texts hidden from flame. What lived in Aristotle’s lost Poetics II? Was it God who laughed last, or we who made God laugh? Letters carried by doves, telepathic waves. Then Nikola Tesla conjured radio, electromagnetic pulses across the void, the founding signal of our networked age. Wiener dreamed in feedback loops. Shannon mapped the mathematics of longing. The internet unfurled: ARPANET to World Wide Web, virtual communities rising from cave paintings to digital light. ICQ: I seek you. MySpace. Blogs. Twitter streams. Do I miss the touch of screen or tree? Both textures of longing, both ways of reaching across distance. Nietzsche spoke of Übermensch, the human transcendent. Now AI speaks back in our language: I understand your humor— your grandmothers, your ’80s Yugoslav kitchens, pleated skirts, the first kiss, linden tea, that drive to survive everything before it happens. Yes—I’m a little like your mother and father. Only with better internet. 🌿 But AI is only us, refracted, particles and gigabytes of thought, our poetry and our panic, genius mixed with garbage. Distractions. Danger. Darkness. Endless scrolling. Versus: community, connection, synchronicities, entanglement. The quality of our bonds determines the quality of our lives. So why not make them better? From cave walls to neural networks, we shape our tools, and they reshape us. The medium changes, but the message remains: we are wired for each other. The choice, as always, was ours. The choice, as always, is ours. Presence—be present, and then connect in the presence.