Who Bears the Cost of Gating Advanced AI Models?

In a conversation with Help Net Security, Jaya Baloo, Chief Operating Officer and Chief Information Security Officer at Aisle, explores the contentious issue of limiting access to advanced AI models with cybersecurity capabilities. She begins by presenting the most compelling case for implementing gating mechanisms on such powerful tools, but then pivots to reveal where that logic falters for security professionals.

Baloo argues that the primary rationale for restricting these models centers on preventing malicious exploitation. By controlling who can query or deploy AI systems capable of generating code, identifying vulnerabilities, or automating attacks, organizations aim to reduce the risk of weaponization by bad actors. This approach, she notes, seems prudent in a world where cyber threats evolve rapidly.

However, the argument breaks down when considering the practical realities of security teams. Baloo points out that gating often hinders defensive efforts more than it stops adversaries. Security professionals require unfettered access to these models to simulate threats, analyze attack patterns, and develop countermeasures in real time. When access is restricted, defenders lose the agility needed to match the pace of attackers who can leverage un-gated tools elsewhere. She emphasizes that the cost of gating falls disproportionately on the good guys, creating an asymmetry where defenders are hobbled while attackers remain resourceful. Ultimately, Baloo suggests that the debate isn’t about whether to gate, but rather who truly bears the burden of that decision.