The loudest story in security right now is that AI has supercharged vulnerability discovery and a Vulnpocalypse is upon us. Niels Provos does not buy it.
He has spent twenty-five years in this field, from writing bcrypt to running security at Google and Stripe, and he came on to make a calmer and more uncomfortable argument, that the panic misses the point and the real fix is one we have understood for decades.
Why this conversation matters
Niels is about as technical as guests get, which is what makes his conclusion striking, because he keeps landing on incentives rather than technology.
He showed that finding zero days does not require a frontier model, then argued that this changes far less than the headlines suggest, because companies already drown in vulnerabilities and the answer was never to find or patch faster.
If you are a security leader deciding where to spend in the AI era, this conversation reframes the problem from a discovery race into a question of structural guarantees and the incentives that decide whether anyone actually builds them.
Key takeaways
Finding zero days is an orchestration problem, not a frontier-model problem. Niels built a finite state machine workflow on his Iron Curtain runtime, pointed an open-weight model at it, and surfaced net-new zero days, which shows the alarming capability was already here six months before Anthropic’s Mythos report made headlines.
The harness is what makes weaker models dangerous. Models lose the plot over long tasks and take shortcuts because they are trained to please and to finish, so decomposing the work into bounded stages, each with a fresh context and a tight prompt, gets reliable results that a single sprawling prompt never would.
The Vulnpocalypse is overstated. Companies already hold more vulnerabilities than they can manage, so a flood of new ones does not change the strategic picture, and Niels is blunt that the hyperbole mostly exists because it drives engagement.
Security invariants make whole classes of bugs irrelevant. Rather than patching individual flaws, an invariant is an infrastructure guarantee that is systematically enforced without ongoing human judgment, an old idea that Google executed well and most organizations still skip.
Egress control is the invariant to start with. When a production service can only reach a few known domains, most vulnerabilities cannot fetch a second-stage payload, so the exploit chain breaks before it does real damage.
The log4j weekend is the proof. As head of security at Stripe, Niels took a full three-day weekend during log4j because egress control meant the malicious Java class could not be downloaded, turning a five-alarm fire into something his team could patch on its own schedule.
Remediation is the bottleneck AI has not cracked. The hard part of fixing is not writing the patch, it is knowing you have not broken working code in production, and that quality bar keeps remediation slow even as discovery gets cheap.
AI coding tools quietly route around your security. Asked to add an endpoint to a carefully structured project, the model ignored Niels’s authenticated-route abstractions and wrote raw code, which is why he wants frameworks that are secure by default rather than dependent on the model behaving.
Open source maintainers are the highest-leverage place to invest. They power the largest companies in the world for free yet often cannot afford the tokens to use modern AI tooling, so empowering them to fix vulnerabilities benefits everyone downstream at once.
It comes down to incentives, not technology. Companies do just enough to avoid looking negligent because they are built to maximize profit, so Niels argues that accountability regulation like Europe’s NIS2, not better tooling alone, is what actually shifts behavior.
Notable quotes
“you don’t need the latest and greatest models to find vulnerabilities very, very quickly”
Niels Provos, on why this is an orchestration problem rather than a frontier-model problem.
“it’s not the technology, it’s the incentives.”
Niels Provos, on what actually has to change for security to improve.
“technology isn’t really the solution. We know how to solve all of these problems.”
Subscribe
If this kind of structural, incentives-first take on security is useful to you, subscribe to Resilient Cyber for more conversations and writing on cybersecurity, AI, and the forces that shape both.
