Honest question: for those working with those models on offensive security, how much does this move make sense?

I am asking because I have seen a growing number of stories about organizations getting owned by either raw mismanagement of security, supply chain attacks that are often a failure at the ecosystem level, npm, etc.

I am not really seeing from what we hear about the use of AI for penetration as a threat yet. The growing problem with security seems to be more at the management and ecosystem layers.

Not many story that netfilter, ipfw or pf got owned by one of those frontier models.

A lot of stories that organisation X and Y left keys on a public repo for months.