Your claim is correct in a narrow scope. Yes, Microsoft, Google, etc., can patch vulnerabilities somewhat quickly. This is derived from many reasons, but is essentially linearly correlated with the amount of security engineers the company has.
However.
A mind-boggingly large amount of modern software infrastructure is built upon the form of software that is run by 1 guy in Alaska who patches his project once a month after a fishing quest.
These are the bottlenecks, and in a large sense, the crown jewels.
If Alex from Alaska has had to patch his project once a month because of one vulnerability that was discovered by a white/black hat hacker, that’s manageable.
If Alex has to patch his project twenty times a month because Mythos-class models are repeatedly breaking it, that is not manageable.
When these software projects are hacked, which cause what is called a supply-chain attack, these are the class of attacks which reach breaking-news scale (e.g. the SolarWinds hack).
Bottom line, the risk of this transformational capability is not mainly does not rest on well-defended companies, but the smaller, under-defended ones.
Great insight. I may have had the framing backwards, and your point makes more sense than mine.
This is arguably more interesting, because, if true, it shows that Gemma does have some strategic thinking, but it may be underused.
By underused, I mean specifically that a good researcher would have laid out hypotheses, and under fixed time, would presumably allocate that time more wisely.
An obvious follow up experiment I have in mind would be some intervention within a run. That would resolve the causation question you’re raising.
Additionally, an interesting experiment would be a qualitative contrast with a larger model, to see if there is some divergence in resource allocation.