LAS VEGAS — In the next era of cybersecurity, the best defensive tool may be a line of AI-assisted code, according to President Donald Trump’s cybersecurity lead in the National Security Council.
“I very strongly believe that AI will be more advantageous for defenders than offense,” said Alexei Bulazel, the NSC’s senior director for cyber. He was speaking to an audience at the DEF CON hacker convention in Nevada.
AI-powered vulnerability scanning will give human developers “incredible abilities” to boost network defenses, especially for those not trained to look for security flaws in their code, he added.
Deploying AI tools at scale can “democratize access” to software vulnerability data at low cost, he said. With the right model, “you can take AI and apply it — [like] the source code for this router, identify all the vulnerabilities and then generate patches for me — and you don’t need an elite team of government-trained hackers to do that.”
Bulazel said AI could still help offensive hackers write exploits or malware faster, though that pace wouldn’t necessarily keep up with improvements on the defensive side.
The remarks provide an early glimpse at the approach he and other Trump administration cyber leaders could take in engaging the wider cybersecurity community and pushing measures to defend U.S. networks.
In May, he told a largely corporate cybersecurity audience at the RSAC Conference that he wants to normalize the use of offensive cyber activity as a tool of U.S. national power. The DEF CON audience differs widely from that of other cybersecurity gatherings, given its blend of security researchers, independent hackers, academics and policy officials, many of whom rarely congregate in the same settings.
Bulazel was an NSC cyber policy official in Trump’s first term. He brings a technical background to his role, with security engineering experience at firms like Apple and Oracle. He’s also presented his own vulnerability research in various cybersecurity conferences, including at prior DEF CON gatherings.
His remarks in Vegas complemented a sprawling competition held by the Defense Advanced Research Projects Agency, which tasked teams to build AI models for autonomously identifying and patching vulnerabilities in code that powers critical infrastructure systems.
Those winners were announced Friday. On average, their models patched flaws in just 45 minutes, according to DARPA’s analysis of their performance.
“I think the hacker community conferences like DEF CON are an amazing place for exchange of ideas, people thinking and sharing different perspectives,” Bulazel said, acknowledging the results of the DARPA contest.
“It’s amazing that [DEF CON] has gone from this underground rebel thing … to a place where we have our government officials, cabinet secretaries speak here, directors of the NSA, and DARPA here on the big stage — and it’s just a testament to the value this community has provided to moving cybersecurity forward,” he said.
