The AI arms race everyone’s ignoring

The AI arms race involves foundation models, AI chips, and APIs, with the U.S. and China heavily investing in them.
A less-discussed but critical arm of the AI race is vulnerability discovery, specifically AI’s role in finding and exploiting security flaws.
Groups linked to China and North Korea are reported to be using AI to rapidly discover and exploit vulnerabilities.
The U.S. has leading capability in discovering zero-day vulnerabilities but lacks a strategy for responding to and mitigating them.
China has a national strategy centered around both AI model development and vulnerability discovery, setting up significant cyber capabilities.
The U.S. has no mandatory security testing requirements for software running critical infrastructure and lacks a framework to ensure discovered vulnerabilities are patched.
The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) is understaffed, underfunded, and faces budget cuts at a critical time.
To catch up in vulnerability discovery, the U.S. must overhaul its compliance requirements to enforce pre-deployment security testing similar to FDA regulations for medical devices, and rebuild and equip CISA to mandate these changes.
Despite lagging behind in vulnerability response, proactive investment now may still allow the U.S. to win in this critical arms race.