Asymmetry by Design: Boosting Cyber Defenders with Differential Access to AI

“Differential access” is a strategy to tilt the cybersecurity balance toward defense by shaping access to advanced AI-powered cyber capabilities. The goal is to provide cyber defenders an asymmetric advantage over malicious attackers.

Here we introduce three possible differential access approaches:

• Promote Access: Prioritize widespread adoption of AIxCyber capabilities through open access and active promotion. This approach suits lower-risk capabilities, focusing on innovation and diffusion among strategically important defenders.

• Manage Access: Balance opportunities and risks of medium-risk capabilities through controlled distribution and prioritization of certain defenders. This approach combines access restriction with targeted promotion.
  

• Deny by Default: Restrict higher-risk cybersecurity capabilities to select defenders. This approach prioritizes risk mitigation while still providing defensive benefits through strategic diffusion.

These approaches form a continuum, becoming more restrictive as AIxCyber capabilities increase in power. However, one constant across all approaches is defender access — even in the most restrictive scenarios, developers should aim to advantage cyber defenders. We provide a process to help developers choose and implement one of the three differential access approaches, including considerations based on a model’s cyber capabilities, a defender’s maturity and role, as well as strategic and technical implementation details.

We believe differential access approaches are most effective when linked to specific purposes and goals. Our report lays out four example schemes that developers can reference, but these are not exhaustive—and we encourage readers to apply our differential access framework to their specific challenges, from supply chain security for frontier AI developers to cybersecurity for the defense sector.