When AI Gets Hands: Cybersecurity, Local Models, and What Comes Next

Don’t bring a knife to a gunfight.

That old saying rings true more than ever when it comes to AI’s impact on cybersecurity. With Anthropic’s Mythos 5 being banned temporarily over national and global security concerns, it is no surprise that AI will be used for both good and bad. We are already seeing vulnerabilities that have been sitting dormant, hidden for over 20 years, embedded in systems we use every day. These cyber headlines are becoming frequent occurrences.

Hackers move fast. Much faster than a company, and leagues faster than our government. If we want to stand a chance at protecting our systems, we have to understand and utilize the same tools with the same velocity and depth as the bad guys. Otherwise, we are bringing a slingshot to a missile launch.

This reality really set in when I started accepting the fact that we need to understand AI to defend against it. I started looking into ways AI is proving pivotal in cybersecurity, but I also wanted to get my hands dirty. This is when I started learning about agent harnesses, more specifically Hermes Agent, developed by Nous Research.

Think of an agent harness as giving the AI model hands, along with an environment to play and experiment in. With a standard chat agent, the AI is confined to the web browser or app. You ask it questions or give it prompts, and it predicts an answer, explains something, or gives you some graphical slop.

When using an agent harness, the AI can execute commands. A normal chatbot can talk. An agent harness lets it act. That enables a level of autonomy that feels very different from a normal chatbot. Not only does this agent have the ability to actually do things, it also has persistent memory and can remember what it has learned by developing skills. In other words, the agent grows more effective with every job you give it.

Now imagine placing this agent with hands in a room full of all the tools hackers love.

I experimented with this by installing Hermes Agent onto a virtual machine running my favorite security-focused Linux distro, Parrot OS. Essentially, Parrot is the room with all the hacking tools necessary to execute some wild stuff. Very quickly, I was able to direct it to run enumeration on my lab network and probe for security weaknesses in my home network.

This is only the tip of the iceberg. I could feel that I was one prompt away from breaking some law, somewhere.

If you are in cybersecurity, or if you just love tinkering with the latest tech craze, I highly recommend setting up a Hermes agent. The sheer amount of resources and power at our disposal is unfathomable.

Hidden Costs and My Thoughts on AI

When I think of the IT sector as a whole right now, it is hard to ignore the number of jobs reportedly being eliminated because of AI. Whether it is cuts due to efficiency, automation, workforce reduction, or the rising cost of chips and compute, things are moving extraordinarily fast. The dust has not settled yet.

We are already seeing AI eat into low-level repetitive work. Help desk, Tier 1 SOC/NOC work, scripting, documentation, and troubleshooting are all going to feel it.

AI accelerates this field, but acceleration cuts both ways. Those who blindly trust its output will be punished. Those who verify, understand, and secure their AI systems will prove to be invaluable.

I am by no means blindly pro or anti-AI.

There are a lot of things I hate, love, agree with, and disagree with when it comes to AI. For starters, the sheer amount of AI slop images and videos I see plastered everywhere, serving no value whatsoever, is reprehensible. The environmental impact of your dog drinking a latte in a tutu is an injustice to Mother Nature.

All I ask is that people use these tools wisely and understand that they truly do use an insane amount of resources. You wouldn’t use a 4,000-horsepower Komatsu excavator to plant your marigolds.

This brings us to the cost of AI, and how that cost may change.

Currently, the top AI providers are burning through and committing massive amounts of money to keep these systems running and improving. Free-tier users, $20/month users, and even $200/month users can all contribute to an unprofitable model when usage gets heavy enough. These costs are being subsidized by investors, hype, and the race to dominate the market.

But what happens when the buck stops?

What happens when the cost to use AI goes up 10x? What happens to the companies that only exist today because AI resources are currently cheap? They could charge 10x today and still be unprofitable for the heaviest users.

I envision some mix of these outcomes:

• Some companies will absorb the costs.
• Some companies will reject AI and rehire lost talent.
• Some companies will move to local LLMs and local AI solutions.
• Some companies will literally disappear.

The local LLM angle excites me.

I set up LM Studio on my computer, which has a pretty beefy graphics processor. This allowed me to host my own local AI model, on my own computer, under my desk. Surprisingly enough, my computer was able to provide the model backbone needed for Hermes Agent to run relatively well.

There was a novelty in watching my computer troubleshoot, diagnose, and implement solutions to itself autonomously.

I find this to be a strong argument for a more decentralized AI landscape in the future, where companies host their own internal large language models because of the rising costs of frontier models from OpenAI, Anthropic, Alphabet, and others.

With all of this going on, I don’t think you could pick a more exciting time to be alive.

I just hope we use the time wisely and considerately.

Wesley Schaeppi

References

• Hermes Agent by Nous Research
• Anthropic: Fable / Mythos Access
• MindStudio: AI Pricing Shock and the End of Cheap Subscriptions
• CNBC: AI is now the leading reason companies give for cutting jobs