The patch-obfuscation crossover
Where Vendor Group 2’s patch obfuscation actually tips net attacker throughput downward. Last updated: 02 June 2026 14:43 UTC
In the Defenders’ playbook I argued that Vendor Group 2 — attractive target, fast on AI adoption — should respond to the Mythos volume by obfuscating patch distribution. Bundle the diff so the change set isn’t legible. Reverse-engineering a patch becomes more expensive, and attackers have less to work with. Reasonable on its face. But every vendor in that group is also generating seven to twelve times more advisories than they were before the LLMs landed. The honest question is which effect wins, and where the cross-over sits.
The model
Two inputs, one throughput equation. Call the Mythos volume multiplier m — the factor by which an LLM-using vendor’s annual CVE volume rises versus the pre-LLM baseline. The Mythos paper documented this as 7–12× for the leading-edge vendors; I’ll use 9× as the mid-point. Call c the per-patch-diff cost expressed relative to today (so today = 1×). An attacker reverse-engineering a single bundled, signed-only patch at c = 3 takes three times as long to extract the bug as today.
Net attacker output is then volume divided by per-bug cost: throughput = m/c. The crossover — the per-patch-diff cost at which throughput returns to today’s baseline — is c* = m.
Where the line sits in practice
For the mid scenario (9×), obfuscation has to make single-patch reverse-engineering nine times more expensive than today before it starts buying the defender any net throughput decline. That’s a heavy lift. Today’s baseline already includes binary-only patches for proprietary software, signed and stripped binaries for the OS layer, and patch-Tuesday-style bundling for the platform vendors. Pushing past nine times that cost probably means giving up the textual changelog entirely, dropping the per-CVE references in the advisory, and shipping diffs as encrypted bundles that only the auto-update agent can unpack.
Plenty of vendors will draw the ethical line well before they get there. Refusing to publish the CVE reference is a step outside the FIRST disclosure norms, and shipping non-introspectable patches breaks the assumption that customers can audit what their tools are running. Vendor Group 2 has the attractiveness to maybe afford the reputational cost; smaller vendors do not.
The interesting question is not whether obfuscation can work — the math says it can — but whether the obfuscation level required is reachable without abandoning the disclosure and auditability norms the industry has spent fifteen years building. For the mid multiplier the threshold is steep. For the high multiplier it’s 12× today’s diff cost, which is probably unreachable inside current norms. For the low multiplier it’s 7×, still demanding.
Caveats
The throughput model is intentionally back-of-envelope. Real attackers don’t reverse-engineer every advisory; they pick the high-EPSS subset and let the rest age. The cost distribution is heavy-tailed. The defender side also gets non-linear gains as patch bundles trigger fleet-wide auto-update — that’s not in the model. The story I’m telling is the direction of the trade-off, not a precise crossover estimate. The chart shows where the indifference line would sit under a clean throughput model; treat the c* values as lower bounds on what obfuscation would have to deliver before it earns its disclosure cost.
If you want to track the next argument forward, this article pairs with the open question on attacker counter-adaptation timelines — how fast attackers learn to defeat the obfuscation tactics that work today, which determines whether the model’s constants stay constant for any useful window of time.