(social 🏔️)

Cybersecurity Looks Like Proof of Work Now

2 min read

  • source https://www.dbreunig.com/2026/04/14/cybersecurity-is-proof-of-work-now.html

  • by Drew Breunig

  • Is security spending more tokens than your attacker?

  • I encouraged people to take a wait-and-see approach, as security capabilities are tailor-made for impressive demos.

  • Finding exploits is a clearly defined, verifiable search problem.

    • You’re not building a complex system, but poking at one that exists.
      • A problem well suited to throwing millions of tokens at.

  • … performance was already rapidly improving.

  • … to harden a system we need to spend more tokens discovering exploits than attackers spend exploiting them.

  • … 100M tokens for each attempt.

    • … $12,500 per Mythos attempt …

  • You don’t get points for being clever.

    • You win by paying more.

  • … system that echoes cryptocurrency’s proof of work system,

    • where success is tied to raw computational work.

  • First, open source software remains critically important.

  • … LiteLLM and Axios supply chain scares, many have argued for reimplementing dependency functionality using coding agents.

    • … preferring to use LLMs to “yoink” functionality when it’s simple enough and possible. – Andrej Karpathy

  • … security is purely a matter of throwing tokens at a system, Linus ’s law that, “given enough eyeballs, all bugs are shallow – Linus Torvalds,” expands to include tokens.

  • … cracking a widely used OSS package is inherently more valuable than hacking a one-off implementation,

    • …incentivizes attackers to spend more on OSS targets.

  • We’ve already been seeing developers break their process into two steps,

    • development and
    • code review,
      • often using different models for each phase.

  • If … Mythos claims hold, I suspect we’ll see a three phase cycle:

    • development
    • review
    • hardening

  • Critically, human input is the limiter for the first phase and

    • money is the limiter for the last.

  • … quality inherently makes them separate stages

    • (why spend to harden before you have something?).

  • … security audits were rare, discrete, and inconsistent. Now we can apply them constantly, within an optimal (we hope!) budget.

  • Code remains cheap,

    • unless it needs to be secure.

  • … cost is fixed by the market value of an exploit.

Apr 16th, 2026 by Jean-Denis Caron

  • Question to ask regarding LLMs :
  • Do they benefit actors already favored by capital? Could this lead us into an even more vicious circle where humans are losing against tech?
  • Is it killing the craft of writing software?
    • Which would force the tech workers into a reverse centaur position?
    • Coders at Work … most interviewee’s answered that they view themselves as a craftsman’s.

Graph View