Could the Internet Get Too Expensive to Use?
Cyberattacks as Default End Up Driving up the Cost of Simple Internet Existence
…I expect that we’ll end up with what I’ll term the Expensive Internet—the idea that every mundane digital action will require support from complex control agents because human-level digital crime will become so cheap and commonplace. - Esben Kran, The Expensive Internet hypothesis
The cost of sending an email is basically zero. But what if it cost a nickel every time we sent an email? Would that change things?
One potential future with regard to the advancement of artificial intelligence is the ability to perform cyberattacks independently. Right now, attacks happen all the time and very quickly. For example, you can’t leave an SSH or RDP port open for very long; it will quickly be attacked (in part because it's still relatively easy and fast to scan the entire IPv4 network space).
But…what if the cost of doing anything on the internet went up dramatically? What if, when we visited a website in our browser, we knew the likelihood of it being hacked was 98% instead of 5%, and that it would attack us in return. What if attacks became the default?
What if life on the internet became like knowing we would be mugged as soon as we left our house?
Attacks Become Default
Worldwide end-user spending on information security is projected to total $212 billion in 2025, an increase of 15.1% from 2024, according to a new forecast from Gartner, Inc. In 2024, global information security end-user spending is estimated to reach $183.9 billion. - https://www.gartner.com/en/newsroom/press-releases/2024-08-28-gartner-forecasts-global-information-security-spending-to-grow-15-percent-in-2025
Cyberattacks on Taiwan by Chinese groups doubled to 2.4 million daily attempts in 2024, primarily targeting government systems and telecommunications firms, according to Taiwan's National Security Bureau. Attackers aimed to steal sensitive data and disrupt critical infrastructure, with successful attacks rising by 20% compared to 2023. - https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents
Cyberattacks are somewhat rare at present; they are not the norm and are not expected at all times. However, if the cost of carrying out a sophisticated attack decreases, we will see more of them.
Web browsing may require real-time, AI-based threat assessments
Social media requires deepfake detection
Constant AI-based monitoring of bank accounts and credit ratings
Personal implementation of VPNs and cryptography…a cypherpunk era
Cybersecurity is already expensive and spending is constantly increasing, but it is not always clear what we get for it. Cybersecurity spending analysis is usually done at an enterprise level, not at an individual and societal level, where the most damage and cost increases are likely to occur.
Enterprise organisations have the funds to (at least try to) protect themselves from the internet through zero trust initiatives or good old VPNs, but the average person, school, hospital, daycare, etc, won't have the knowledge or means to do so, which will vastly increase the digital divide.
Things are starting to look more like cypherpunk than cyberpunk. There, as there are now but more so, will be the 'cypher' haves and the have-nots. People will have to incorporate sophisticated cyberdefence tools into their daily lives, but this will become increasingly expensive.
Asymmetric
"What it means for hackers," Harr explains, "is I can now take, say, a business email compromise (BEC), or a phishing attack, or malware attack, and do this at scale at very minimal cost. And I could be much more targeted than before." - https://www.darkreading.com/application-security/chatgpt-jailbreaking-forums-dark-web-communities
A key issue with cybersecurity is that cyberattacks are asymmetric, meaning that a small group of people, potentially armed with the right technology, can have an outsized effect. One team can attack thousands, if not millions, of websites, people and companies in a day, and this number will only grow as AI tools continue to improve, making the attacks more sophisticated and successful. In my mind, this is a key issue with cybersecurity overall.
Conclusion
To be clear, much of what Esben Kran says about AGI is essentially speculative fiction, which I find fascinating. However, these are simply forward-looking theories. They are not facts. These things may never come to fruition.
That said, we don’t need AGI for cybersecurity issues to make the internet more expensive as that has been happening for decades.
I believe that current large language models are very good at programming, not better than the best humans, but good enough, and that some nation states and other large organisations will be capable of turning various LLMs into high-speed hacking machines. This could massively increase the cost of using the internet, potentially making it impossible to simply host a website or payment link on the public web.
If we all need sophisticated cybersecurity, which company will provide these services? How much will they cost? Will I need a separate cybersecurity provider as well as an internet provider? Who will be able to afford $100 for internet services, plus $100–$500 for cybersecurity? Most people will not pay that kind of money, and think that could very well mean the (continued) end of the capital “I” Internet. The friendly MySpace era is long over, replaced with by social media, and we are well on our way to something else entirely.
Further Reading
https://blog.kran.ai/expensive-internet
https://slashnext.com/blog/wormgpt-the-generative-ai-tool-cybercriminals-are-using-to-launch-business-email-compromise-attacks/