Low-Level Security Separation via hashcoding of all executables/scripts via cached/validated Hashcodes

Why do we still have malware, spyware, ransomware, or backdoors? Is it because our firewalls or Anti-virus solutions are only reactive and not proactive? Or is it because we don’t have walled/secured gardens or has security a too high price we would need to pay (i.e., restricting our dynamic progress or open standards)?

Currently, Computer Security is based on paradigms that are NOT capable of “eliminating” malware or restricting AI/AGI (capable of coding or reverse code engineering (RCE)). We also can’t kill an out-of-control AI globally or treat an escaped AI as malware. However, if a rogue AI escapes, we would need a global Kill-Switch to regain control over our technology.

I wrote a book on AI-assisted hacking (i.e., hacking based on an assumed/extreme level of skills, like reverse code engineering): “2028 - Hacker-AI and Cyberwar 2.0+ (Securing our Future: Proactive Resilience through Separated Security Measures)”. The main conclusion is that we must remove cyberspace as a battlefield for cyberwar with technical solutions; we must be able to stop AI-based malware. Any scenario of using AI in cyberwar or cybercrime is pure madness.

The proposed solution is based on low-level security separation that prevents the commingling of regular computation from security-related confirmation/validation code. Initially, it is based on updatable low-level/hypervisor-based software; in the 2nd step: separate, non-bypassable, retrofittable hardware components within the databus or storage/network components.

A fast quantum leap in computer security is urgently needed if we want to remain in control of our IT hardware. My concern is (1) rogue nations (starting a cyberwar using AI tools), (2) criminals using AI to bypass 2FA and automate cybercrime, and (3) AI hiding within our technical ecosystem trying to gain covert control over IT resources. Due to our dependence on technology, cybersecurity is a human rights issue – which means it should not matter how much security a person/organization can afford – it means we must be fundamentally safe from malware, trojans, spyware, ransomware, or we can easily/quickly attribute damage to a culprit (and not a patsy). This is feasible (and not wishful thinking).

Using AI in cyber defense will not automatically shift the balance toward defender advantage. However, a defender advantage is required – otherwise, the speed of AI misusing vulnerabilities could make our security unmanageable and untrustworthy.

What I want to propose is cybersecurity that provides proactive, redundant, low-level separable (updateable/retrofittable) protection without bothering users (or developers). My goal would be “security overkill” against misuse of CPUs by nation actors and AI/AGI (even if it uses reverse code engineering or dynamic code modifications. The solution is voluntary, interoperable with existing tech, and does NOT include potentially illegal methods (like hackbacks or beacons)

Preparing the world for AI/AGI and against rogue/adversarial nations eager to utilize our vulnerabilities is extremely urgent (see letter for 6 months of AI moratorium). I thought about solution(s) and included some fundamental ideas in my above-mentioned book. I worked out more details for this solution – I am certain it is doable.