I find a strong single thread that unites both your post and the comments here: when/if LLMs become ASI, what capabilities does it require, how it will work, scale, etc.
It’s an important and consequential point, but I think there is another one that is not attended to:
If we completely disregard the granular definition of ASI and/or AGI, specifically because of, as you accurately caricaturized, “fogginess”—what are the downstream effects of a technology which will check enough of the boxes that we can claim are closely related with what we would expect from ASI/AGI.
For example, if we see:
Large job displacement of white collar workers
Strong take-off in scientific understanding
A system which increases its own development speed
An autonomous system which is unusually difficult to contain
Etc.
Then, perhaps, the discussion of specific architectures and training methods can, to some extent, be quieted down?
Stated plainly, is it not the case that we can claim that a system is an ASI / AGI if it checks enough of the boxes of downstream effects which we claim such a system will cause?
Your claim is correct in a narrow scope. Yes, Microsoft, Google, etc., can patch vulnerabilities somewhat quickly. This is derived from many reasons, but is essentially linearly correlated with the amount of security engineers the company has.
However.
A mind-boggingly large amount of modern software infrastructure is built upon the form of software that is run by 1 guy in Alaska who patches his project once a month after a fishing quest.
These are the bottlenecks, and in a large sense, the crown jewels.
If Alex from Alaska has had to patch his project once a month because of one vulnerability that was discovered by a white/black hat hacker, that’s manageable.
If Alex has to patch his project twenty times a month because Mythos-class models are repeatedly breaking it, that is not manageable.
When these software projects are hacked, which cause what is called a supply-chain attack, these are the class of attacks which reach breaking-news scale (e.g. the SolarWinds hack).
Bottom line, the risk of this transformational capability is not mainly does not rest on well-defended companies, but the smaller, under-defended ones.