Hello all is OPNsense considering deploying AI into its software for proper network and security checks and analysis ??? I think it will be a fine addition to this firewall
So called "AI" and "proper network and security checks" are a contradiction.
sounds like a terrible idea
Quote from: Patrick M. Hausen on April 10, 2026, 12:49:31 PMSo called "AI" and "proper network and security checks" are a contradiction.
Quote from: DEC740airp414user on April 10, 2026, 01:04:32 PMsounds like a terrible idea
Agree with the above! :)
#SayNOtoMachineLearningChatBots!
Three question marks, what seems like puked-out grammar that lacks any effort, and a broad and unspecific question, all reeks of a spammer/bot, but the OP has at least a little posting history so I assume they wrote this in good faith instead of just spam or parroting buzzwords.
As such: it might be possible to have an AI-based rule analyzer that could possibly spot common mistakes and omissions. However, their results must be treated with care, just like if you'd manually fish random rule snippets off the internet. Maybe that could be worthwhile, but spending this much effort and likely fees on something so minor... nah. But since firewall rules are in the end generic, this sort of tool could be developed independently by the OP and work on the exported rule sets from all (Free)BSD-based firewalls, and a second version for Linux based ones. That could then be integrated as a community plugin if it proves to be helpful.
If this is what you have in mind: give it a go and see what it can do!
AI things are good at pattern recognition, so this would also be something for intrusion detection / prevention system makers to consider. But in that case the AI would have to run on the Firewall machine, given contemporary technology that'd be hard or need to be done like these voice-assistants using some external provider, nothing I would want to touch. Core OPNsense wouldn't benefit from this, except for the mentioned hypothetical analyzer. An AI-based rule generator wouldn't be worth it because AI-generated stuff is full of BS. It's fine for creating jokes and maybe translations, but most definitely not for anything even remotely security-related.
Possibly in some decades after the AI things have learnt to actually know what they're doing, if they ever will. Currently, "made with AI" is a stigma, not a badge of honor and definitely not a sign of quality, except in very specific cases.
The question is too broad in general. What exactly should AI aim at in OpnSense?
- Finding software vulnerabilities? Yes, that is possible and is seems quite conceivable that Anthropics' Mythos model may find some bugs in the building blocks of OpnSense. But actually, that is not "using AI" in the product in the strict sense.
- Helping block hacking attempts? Because of the fact that AI does not "understand" anything, this may create errors of both first and second degree (i.e.: block both less and more than desired), like almost any old-fashioned IPS would do - which is why I do not trust those. Happy hunting for things that do not work if you try that...
- Helping users configure their firewalls? Well, at least you can argue that an AI will not lose it like some of us experts sometimes do... but seriously, I doubt that the results would be convincing. Been there, done that - and I consider myself somewhat knowledgable in the field. I even fear to imagine a beginner configuring OpnSense in tandem with an AI. On the other hand, you never know, maybe that is better than the beginner alone...
- So finally, an AI might also be useful by bringing to mind what high level of expertise is needed to configure a firewall by hacking away at users' setups on demand - in the hopes of finding at least the most obvious misconfigurations.
Speaking of the Mythos model, I don't know how much of this is industry hype but if it's really as capable as I'm reading, then I hope FreeBSD, OPNsense, and open source projects broadly figure out their strategy before those discovered vulnerabilities become liabilities to all the users. This is my fear.
It's not difficult to imagine the immense pressure that these AI owners will be able to put on companies in order to pay them extortion fees for priority access to security findings.
And even then, who knows if and how many vulnerabilities are being sold and kept quiet. We can guess who might be be buying.
I thought this article asked some good questions, even though it's written by a security company that I presume uses AI:
https://www.picussecurity.com/resource/blog/anthropics-project-glasswing-paradox
What's your level of trust for running configuration tests and such offboard? A local implementation seems unlikely.
AI is sometimes useful to lead you to a result. But if you trust it to be the absolute truth, sooner than later, you will get bitten.
I'm at about 30% with AI. I use it to help me make different types of configurations by typing a prompt of what I want done, then using the result to test the function. About 70% of the time it does not work due to factors that I don't understand. Sometimes it is just plain wrong, and sometimes it spits out something that was deprecated 10 years ago from Server 2008 or server 2003. This is mostly group policy stuff, but when I define server 2022 and windows 11, I would kind of expect it to get closer.
And there are a few times it didn't spit out the correct or full answer, but gave me enough to remind me of the solution. And sometimes it is right on target. Mostly I use Copilot built into our suite of tools, I figure for Microslop stuff, it should be pretty accurate, but not as often as I would like.
Quote from: Greg_E on April 14, 2026, 09:17:35 PMMostly I use Copilot built into our suite of tools, I figure for Microslop stuff, it should be pretty accurate, but not as often as I would like.
- Copilot is for entertainment purposes only. It can make mistakes, and it may not work as intended. Don't rely on Copilot for important advice. Use Copilot at your own risk.
Direct quote from Microslops own terms of service. (https://www.microsoft.com/en-us/microsoft-copilot/for-individuals/termsofuse)
If you need more dumb takes from Microsoft about AI look no further than
https://www.geekwire.com/2025/the-surprising-way-that-microsoft-ceo-satya-nadella-uses-ai-to-consume-podcasts-on-his-commute/
I'm convinced that tech CEOs and all the finance people undergo mandatory training on how to leave reality and join shareholders in an imagined dreamland of infinite growth...
It must take a lot of drugs to get there.
Problem is: These slightly under-intelligent people make the decisions. No matter if AI can do your job or not: as long as these people THINK it can do your job, you're out.
And: They like chaos, they like jungle, as they hate regulation and rule of law. That's the key to understand this kind of people.
Quote from: chemlud on April 17, 2026, 12:21:15 PMProblem is: These slightly under-intelligent people make the decisions. [...] And: They like chaos, they like jungle, as they hate regulation and rule of law. That's the key to understand this kind of people.
Hm. I'd say you're on the right track in general: that is, that their actions are (at least largely) deliberate. But you are underestimating their intelligence and over-specifying their motives. The few high-level executives I interacted with were uniformly highly intelligent, very well-informed, and, in my opinion, narcissistic sociopaths. I do not understand (or share) their motives, but I do understand that they are... not entirely straightforward.
To me, intelligence is more than use of rationality and reasoning capabilities, but includes a broader understanding, how society and organizations (Luhmann) work and how to make them work.
Some months ago I read a story by some well-known sociologist who had a meeting with some of our billionare sociopaths and they asked him, what they could do in case of turmoil and social degradation to make their armed "security" to NOT shoot them and take their money. He answered: How about trying empathy and social behaviour?
I think, the guys didn't even understand the answer. Their solution: Replace security by armed robots (AI-driven, for sure :-D ). That's what we currently see, I guess.
(And here I am again to drop some YT links... :P)
On the Mythos AI topic, I wonder if I might have bitten on the hype a little too soon. I caught an episode on the Internet of Bugs (https://www.youtube.com/watch?v=urkVFZAhz3U) channel that seems grounded. Anybody follow him?
@chemlud the type of societal structures and systems-level thinking you refer to is something I have been learning about lately. Highly recommend to watch the Nate Hagens (https://www.youtube.com/@thegreatsimplification) channel for his theories on what lies ahead of us (what he calls "The Great Simplification"). Second, third, fourth order effects of having exhausted our one-time planetary endowment of fossil fuel that nobody in the public sphere is talking about... and certainly nobody in business. But it's coming.
Quote from: franco on April 17, 2026, 10:40:40 AMIf you need more dumb takes from Microsoft about AI look no further than
https://www.geekwire.com/2025/the-surprising-way-that-microsoft-ceo-satya-nadella-uses-ai-to-consume-podcasts-on-his-commute/
It's Microsoft : Can't expect anything else from them! LOL! ^_^
Silly "GamingOS Company" that we can't seem to get rid off fast enough somehow...
Quote from: OPNenthu on April 17, 2026, 11:32:26 AMI'm convinced that tech CEOs and all the finance people undergo mandatory training on how to leave reality and join shareholders in an imagined dreamland of infinite growth...
It must take a lot of drugs to get there.
MWAHAHAHA!!! EPIC !!! NICE !!! :P
Quote from: chemlud on April 17, 2026, 06:12:22 PM[...]I think, the guys didn't even understand the answer.[...]
Understanding is not directly connected to motivation. It's easy to draw the conclusion that they just don't understand, are stupid, etc. It's just not likely correct. It may seem like a small detail. Don't overestimate these people, but don't underestimate them, either.
Sociopathy is some kind of blindness, a total lack of understanding how society works or even negation that it exists at all ("There is no such thing as society..." you remember?).
So: Yes, these people literally don't understand what sociologists think and do. And fight them as their enemies.
Quote from: OPNenthu on April 17, 2026, 11:32:26 AMI'm convinced that tech CEOs and all the finance people undergo mandatory training on how to leave reality and join shareholders in an imagined dreamland of infinite growth...It must take a lot of drugs to get there.
Ed Zitron (https://www.wheresyoured.at/four-horsemen-of-the-aipocalypse/#this-is-the-era-of-ai-hysteria)--who makes a good living mocking the AI business, its investors and media coverage:
QuoteSo, yeah, anyone in the media who bought the line of shit from Dario Amodei that this was "too dangerous to release" is a mark. Cal Newport has an excellent piece debunking the hype (https://calnewport.com/is-claude-mythos-terrifying-or-just-hype/), but my general feeling is that if Mythos was so powerful, how did Claude Code's source code leak (https://www.theguardian.com/technology/2026/apr/01/anthropic-claudes-code-leaks-ai)?
Quote from: qarkhs on April 23, 2026, 06:48:33 PM[...] if Mythos was so powerful, how did Claude Code's source code leak (https://www.theguardian.com/technology/2026/apr/01/anthropic-claudes-code-leaks-ai)?
oops!
Quote from: OPNenthu on April 23, 2026, 07:29:10 PMQuote from: qarkhs on April 23, 2026, 06:48:33 PM[...] if Mythos was so powerful, how did Claude Code's source code leak (https://www.theguardian.com/technology/2026/apr/01/anthropic-claudes-code-leaks-ai)?
oops!
More likely a planned "leak". It went viral, created tons more chatter and attention than if they just released it and asked in a press release "Developers, would you please review this code so you can use it in the future?" I imagine it was well scrubbed of anything sensitive they wouldn't want released.
I'm not sure anyone would willing leak what's described here: The Snake That Ate Itself: What Claude Code's Source Revealed About AI Engineering Culture (https://techtrenches.dev/p/the-snake-that-ate-itself-what-claude)