We aim to demonstrate the value of mathematical models for policy debates about technological progress in cybersecurity by considering phishing, vulnerability discovery, and the dynamics between patching and exploitation. We then adjust the inputs to those mathematical models to match some possible advances in their underlying technology.

Geopolitical tensions between the United States and China have sparked an ongoing dialogue in Washington about the phenomenon of “decoupling”—the use of public policy tools to separate the multifaceted economic ties that connect the two powers. This issue brief provides a historical lens on the efficacy of one specific aspect of this broader decoupling phenomenon: using export controls and related trade policies to prevent a rival from acquiring the equipment and know-how to catch up to the United States in cutting-edge, strategically important technologies.

Adversarial patches are images designed to fool otherwise well-performing neural network-based computer vision models. Although these attacks were initially conceived of and studied digitally, in that the raw pixel values of the image were perturbed, recent work has demonstrated that these attacks can successfully transfer to the physical world. This can be accomplished by printing out the patch and adding it into scenes of newly captured images or video footage.

CSET Senior Fellow Andrew Lohn testified before the House of Representatives Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation at a hearing on "Securing the Future: Harnessing the Potential of Emerging Technologies While Mitigating Security Risks." Lohn discussed the application of AI systems in cybersecurity and AI’s vulnerabilities.

China’s "Science and Technology Daily," a state-run newspaper, published a revealing series of articles in 2018 on 35 different Chinese technological import dependencies. The articles, accessible here in English for the first time, express concern that strategic Chinese industries are vulnerable to any disruption to their supply of specific U.S., Japanese, and European “chokepoint” technologies. This issue brief summarizes the article series and analyzes the Chinese perspective on these import dependencies and their causes.

CSET Senior Fellow Andrew Lohn testified before the House of Representatives Science, Space and Technology Subcommittee on Investigations and Oversight and Subcommittee on Research and Technology at a hearing on "Securing the Digital Commons: Open-Source Software Cybersecurity." Lohn discussed how the United States can maximize sharing within the artificial intelligence community while reducing risks to the AI supply chain.

CSET Senior Fellow Andrew Lohn testified before the U.S. Senate Armed Services Subcommittee on Cybersecurity hearing on artificial intelligence applications to operations in cyberspace. Lohn discussed AI's capabilities and vulnerabilities in cyber defenses and offenses.

CSET submitted this comment to the Department of Commerce to inform incentives, infrastructure, and research and development needed to support a strong domestic semiconductor industry.

Like traditional software, vulnerabilities in machine learning software can lead to sabotage or information leakages. Also like traditional software, sharing information about vulnerabilities helps defenders protect their systems and helps attackers exploit them. This brief examines some of the key differences between vulnerabilities in traditional and machine learning systems and how those differences can affect the vulnerability disclosure and remediation processes.

CSET Research Analyst Dakota Cary testified before the U.S.-China Economic and Security Review Commission hearing on "China’s Cyber Capabilities: Warfare, Espionage, and Implications for the United States." Cary discussed the cooperative relationship between Chinese universities and China’s military and intelligence services to develop talent with the capabilities to perform state-sponsored cyberespionage operations.