We investigate the scale of attack and defense mathematically in the context of AI's possible effect on cybersecurity. For a given target today, highly scaled cyber attacks such as from worms or botnets typically all fail or all succeed.

Unlike other domains of conflict, and unlike other fields with high anticipated risk from AI, the cyber domain is intrinsically digital with a tight feedback loop between AI training and cyber application. Cyber may have some of the largest and earliest impacts from AI, so it is important to understand how the cyber domain may change as AI continues to advance. Our approach reviewed the literature, collecting nine arguments that have been proposed for offensive advantage in cyber conflict and nine proposed arguments for defensive advantage.

As new advanced AI systems roll out, there is widespread disagreement about malicious use risks. Are bad actors likely to misuse these tools for harm? This report presents a simple framework to guide the questions researchers ask—and the tools they use—to evaluate the likelihood of malicious use.

In response to the Office of Science and Technology Policy's request for input on an AI Action Plan, CSET provides key recommendations for advancing AI research, ensuring U.S. competitiveness, and maximizing benefits while mitigating risks. Our response highlights policies to strengthen the AI workforce, secure technology from illicit transfers, and foster an open and competitive AI ecosystem.

This paper presents two new methods for identifying research relevant to emerging technology. The authors developed and deployed technology topic classification and targeted research field scoring over a corpus of scientific literature to identify research relevant to cybersecurity, LLM development, and chips fabrication and design—expanding CSET’s existing set of topic classifications for AI, computer vision, NLP, robotics, and AI safety. The paper summarizes motivation, methods, and results.

Data Snapshots are informative descriptions and quick analyses that dig into CSET’s unique data resources. This three-part series uses data from a variety of sources to track how three cloud providers—Amazon, Alphabet, and Microsoft—distribute their financial resources to create and sustain demand for their cloud services. By investing in data centers & workforce training, the large tech platforms of Amazon, Google, and Microsoft draw developers, companies, and governments to their tools & services.

Sam Bresnick testified before the Senate Judiciary Subcommittee on Privacy, Technology, and the Law regarding tech companies' ties to China and their implications in a future conflict scenario.

Data Snapshots are informative descriptions and quick analyses that dig into CSET’s unique data resources. This three-part series uses data from a variety of sources to track how three cloud providers—Amazon, Alphabet, and Microsoft—distribute their financial resources to create and sustain demand for their cloud services. By investing in data centers & workforce training, the large tech platforms of Amazon, Google, and Microsoft draw developers, companies, and governments to their tools & services.

Artificial intelligence models have become increasingly adept at generating computer code. They are powerful and promising tools for software development across many industries, but they can also pose direct and indirect cybersecurity risks. This report identifies three broad categories of risk associated with AI code generation models and discusses their policy and cybersecurity implications.

Data Snapshots are informative descriptions and quick analyses that dig into CSET’s unique data resources. This three-part series uses data from a variety of sources to track how three cloud providers—Amazon, Alphabet, and Microsoft—distribute their financial resources to create and sustain demand for their cloud services. By investing in data centers & workforce training, the large tech platforms of Amazon, Google, and Microsoft draw developers, companies, and governments to their tools & services.