Hamming’s question and the future of security in the age of AI

As AI begins to tackle central problems in vulnerability discovery, the focus of security research is shifting from finding individual bugs to addressing broader, more systemic issues. The current landscape, reminiscent of the historical shifts in physics post-Newton and Einstein, requires researchers to identify emerging problems and adapt accordingly. Richard Hamming's insights are instrumental in guiding this transformation, emphasizing the importance of focusing on problems that matter and have plausible solutions. AI is automating many aspects of bug discovery, necessitating a reevaluation of what constitutes valuable research. This shift involves moving away from singular bug findings toward developing frameworks and systems that enhance understanding and security practices. AI's role as a research assistant provides new opportunities but also demands a deeper inquiry into its limitations and the boundaries of its capabilities. The evolving nature of security research underscores the need for human expertise in setting new standards, curating evidence, and ensuring that AI-driven solutions are robust and meaningful.