Defensive technologies for a world with digital minds
Everyone can be safe.
A society with AIs and other digital minds will be far more capable and dynamic. To fully enjoy the benefits, we have to mitigate the risks.
The first line of defense should be technology rather than policy1. Technology gives people more choice and more opportunity to experiment. Markets for technology better suit peoples diverse needs. Policy, on the other hand, is a double-edged sword. It should only be used when the problem is both significant and insoluble in technology. Even then, the benefit of the policy must outweigh the downsides.
Ideally, defensive technologies will lower the risks enough to make it worthwhile to proceed with AI. Fortunately, we have good reason to believe this is possible.
Defense will continue to dominate
A world where offense was winning would look very different from our own. Nations initiating conflict constantly. Aggressors wiping out their victims using their offensive advantage. Any small escalation becomes war; better to strike first and ask questions later. Building up an army without using it is akin to throwing it away.
This isn’t true today, nor has it been true historically. Most times and places have been peaceful. Enemies prefer to loathe each other in peace. Defense has been dominant because any offense you might mount can be employed by your enemy as a form of defense2.
Modern technology has entrenched this paradigm. Nuclear weapons, a purely offensive tool, have brought nearly a century of uneasy peace between great powers. Drones have turned the modern battlefield into a stalemate.
We can expect this to continue into the future. The world just doesn’t seem that vulnerable. Like all technology, war converges on a handful of good solutions. Eventually, everyone will be stuck with the same stuff and little reason to think they can win a fair fight.
This is good news for the project of building defensive technologies. The world favors defense and further empowering defenders is feasible. We should accelerate towards the peaceful equilibrium.
Now let’s look at specific technologies that will improve our situation.

Pandemics
I’m pretty optimistic about the prospect of eliminating pandemics. People have spent a lot of time thinking about pandemic prevention. A few starting points:
Reasons to be pessimistic (and optimistic) on the future of biosecurity
Book review: Barriers to Bioweapons
Delay, Detect, Defend: Preparing for a Future in which Thousands Can Release New Pandemics
Bioweapons are hard and pandemics are rare. We can prepare for them by using wastewater surveillance to identify outbreaks3. We can slow (or eliminate) their spread via sanitation. For instance, clean water, clean surfaces, and good ventiliation have eliminated most infectious diseases in developed countries.
But airborne pathogens remain. Several technologies can stop the spread such as personal protection equipment, air filters, far UV-C lighting, upper-room UV, and glycol vapors4.
But the most important opportunity is the rapid deployment of vaccines. mRNA vaccines are particularly valuable given their rapid development time and effectiveness5. We can stack this with human challenge trials so that successful vaccines can be identified quickly. For more, see CEPI on Developing pandemic-busting vaccines in 100 days.
Hopefully, the combination of early detection, air sanitation, and rapid vaccine deployment can all but eliminate pandemics.
Nuclear war
(Un)fortunately, the world has a defense against nuclear weapons. It’s more nuclear weapons. I’d prefer if we didn’t keep the peace based on a tacit agreement not to kill millions of people.
Missile defense can mitigate some of the risk. Current GBMs have a ~50% interception rate. So deploying as many interceptors has your enemy has warheads would roughly halve the number of missiles that get through. Presumably, more interceptors per missile can lower the fraction that reach their target. The biggest limitation is the fact that interceptors are very expensive, approaching $100M per shot. Getting the cost down and the success rate up might be possible. There’s also an array of other missile defense systems capable of handling slower missiles or hitting ICBMs earlier in their flight.
A more speculative approach would be to deploy swarms of drones along the closing trajectory of the missile. While drones move at a snails pace relative to reentering missiles, a cloud of them a few miles outside a city might put one of them in position to detonate in the missiles path.
The holy grail of missile defense would be laser air defenses. It is in principle possible to coherently combine enough beams (and acquire the target fast enough) to destroy incoming missiles in a fraction of a second. The prospect of a world without nuclear weapons makes this a worthy challenge.
Cybersecurity
Language models and formal verification promise to make hacking prohibitively hard (though not impossible). Experts believe that AI capabilities systematically favor defense in the cyber realm.
The next step is to prepare for the possibility of quantum computers by adopting post quantum cryptography6. Fortunately, some protocols such as Signal have already done this.
More speculatively, practical obfuscation may unlock a variety of other secure protocols. With the software domain secure, the main vulnerability is physical devices.
Secure infrastructure
Physical stuff cannot be made perfectly secure. Walls must be made of ordinary matter, and even a relatively weak laser can cut through any material given enough time. But it is possible to make it prohibitively expensive to break in to something.
One step in this direction is to use hardware security tokens to unlock (and log in to) everything. These devices can store a much longer password than you can memorize, such that it is physically impossible to brute force. Challenge-response authentication means that attackers can’t get the password from monitoring the communication between key and lock. This system can be made stronger by using biometrics as your username7.
For stuff like houses or cars, this level of security might be enough to deter attacks. But for more important systems, there’s a risk that attackers try to extract the password from the hardware directly. Secure hardware still trying to establish a paradigm, as many implementations have been broken. FlexHEG is one attempt. Open-source hardware8, from a variety of manufacturers, inspected by IRIS, and wrapped in shielding might deter all but the most dedicated attacks. Further work is needed, particularly algorithms that use a small amount of secure hardware to protect a large amount of computation or memory.
Besides hardware, the energy system as it is currently constructed is pretty fragile. One of the benefits of switching to renewables and batteries is to decentralize energy production. People with batteries can live without the grid for a few days. Ukraine finds itself using more renewables as the war continues because renewables are a lot harder to destroy than a power plant.
One specific risk for the grid is solar storms and EMP weapons. These do most of their damage by destroying the high voltage transformers that underpin the grid. The solution is simple: manufacture more transformers. Failing that, install more SolidGround systems. Other critical systems might benefit from a Faraday cage.
Fortunately, much of our other physical infrastructure (roads, canals, communications, etc) is hard to destroy without engaging in all out war. Traditional defense will suffice.
Space
Space is a shared resource that everyone should have access to. To enforce this right, we must distribute the ability to protect ones own interests in space. Solutions here will have to wait until space colonization becomes more common.
There are two risks we might address in the near term. The first is the risk of space debris making certain orbits unusable. Of the methods I’ve seen proposed, laser systems seem the most feasible, particularly if the system can be operated from the ground. One concept that doesn’t get discussed much is ablating the top of Earths atmosphere or releasing pockets of gas in low orbits to increase drag on the debris.
A longer term concern is asteroids hitting Earth or space colonies. This risk becomes acute if humanity develops the ability to move asteroids, perhaps for the purposes of asteroid mining. The first step is to build more telescopes that can track asteroid trajectories. For objects on course for Earth, many ideas have been proposed. I personally think kinetic impactors and laser ablation are the most promising9.
Protecting digital minds
A society of humans and AIs will be dependent on both. It’s important to build technologies that protect all interests. A few of the above ideas can be remixed to ensure the safety of digital minds.
As a first step, secure computing infrastructure protects the substrate they run on. Distributed computation is the next step, dodging the risk of a single server failure. Encrypted multiparty computation is an extreme version of this, enabling distributed parties perform a computation without knowing the contents.
Presumably, the safest way to get people to run these computations is payment via decentralized currency. Sovereign currencies enable everyone to engage in exchange without the drawbacks of fiat currency. Decentralized finance and contract may also reduce regulatory shocks and stabilize the financial system.
The long-term goal will be to build secure homes for digital people.
Other
There are a few loose ends that didn’t fit anywhere else. Continuing research is needed into these and other threats.
Volcano geoengineering might be necessary long term.
Synthetic food would make us more resilient to agricultural catastrophes.
I’m skeptical that past visions of nanotechnology will come about. But if it is developed, we should build mitigations such as hard-to-digest barriers and nanomoeba10.
Science fiction is filled with fears of infecting minds via digital media. Humans might fall prey to superpersuasion or be driven mad by a sequence of blinking lights. Digital minds might be subverted by the contents of a single message. If this becomes practical, we’ll need to develop filters, sandboxes, public key blacklists, and other mitigations.
Institutions for truth may become more important. Prediction markets, mechanism design, reputation systems for arbiters, and credibly-neutral research institutions may come to the fore.
Mechanisms for funding public goods without relying on governments might increase the speed at which defensive technologies are established.
Conclusion
This concludes a loose thread in writing about proceeding with AI. The benefits are large enough to accept a substantial amount of risk. The industry is moving towards a development paradigm that safely satisfies our demand for intelligence, while sapping the incentive to build dangerous intelligence. In that safer paradigm, using aligned data solves alignment. Adding engineering safeguards, legal protections, and defensive technologies can unlock a world that digital minds can safely participate in.
There is no single solution to the challenges of digital minds, society should push on all fronts. The risks can be mitigated enough to proceed with confidence, and share the future with everyone.
EDIT see also: Most Externalities are Solved with Technology, Not Coordination.
Stronger offense also incentivizes defenders to invest more in defense.
Mass-spec and other spectroscopy techniques might help too, they double as a means to detect chemical attacks and explosives.
A host of other ideas such as test-and-trace, virulence management, and prophylactic solutions might help too.
Other modalities should also be considered such as peptide vaccines, convalescent plasma therapy, monoclonal antibodies, and variolation.
The advent of quantum technologies might be a boon for cryptography for applications such as device-independent quantum randomness.
Why a username and not as the password itself? Biometrics are attached to you, hard to change, and possible for attackers to read off you. This makes them more suitable as a hard-to-steal username rather than a true password. Even if someone steals your fingerprint, you can always swap hardware tokens and be fine.
Ideally FPGAs so the computation can be routed randomly on the chip, making it harder for individually corrupted components to leak information.
Of course, the ability to deflect asteroids away from Earth also enables us to deflect them towards Earth, so such capabilities should only be fully established if the threat becomes significant. Another example of why it’s often better to react to potential threats when they come to fruition, rather than try to pre-empt them.
A term I made up for nanobots that consume malicious nanobots.

