The Adversarial Discount -- AI, Signal Correlation, and the Cybersecurity Arms Race

James W. Bono

arxiv: 2605.04336 · v2 · pith:SGJNZZGTnew · submitted 2026-05-05 · 💰 econ.TH · cs.CR· cs.GT

The Adversarial Discount -- AI, Signal Correlation, and the Cybersecurity Arms Race

James W. Bono This is my paper

Pith reviewed 2026-05-20 23:43 UTC · model grok-4.3

classification 💰 econ.TH cs.CRcs.GT

keywords cybersecurityadversarial contestsignal correlationarms raceAI investmentattack surfacespublic goods

0 comments

The pith

Full cross-correlation of threat signals neutralizes the attacker's advantage from adding more attack surfaces.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper models a cybersecurity arms race where an attacker and defender invest in AI-enhanced capabilities across multiple attack surfaces. The attacker's spending boosts their offense directly and reduces the defender's effectiveness in a way that grows with the defender's investment. The key finding is that when threat intelligence is fully shared across surfaces, the relative effectiveness of attack versus defense no longer depends on how many surfaces exist. A sympathetic reader would care because this implies that investing in shared information systems could counteract the natural advantage attackers gain from targeting many weak points rather than simply pouring more money into private defenses.

Core claim

In the contest-theoretic model, the attacker's investment amplifies offensive potency unconditionally while eroding defensive effectiveness conditionally through an adversarial discount. The derived arms race ratio decomposes the relative marginal effectiveness into six structural primitives. Equilibrium uniqueness and global convergence hold under continuous best-response dynamics. With full signal cross-correlation, the arms race ratio becomes independent of the number of attack surfaces, completely neutralizing the attacker's structural advantage from surface proliferation.

What carries the argument

The signal cross-correlation mechanism, which measures how threat intelligence from one attack surface informs detection on others, carries the argument by determining whether the arms race ratio depends on the number of surfaces.

If this is right

The arms race ratio can be expressed as a function of six structural primitives.
Without cross-correlation, defense effectiveness per surface approaches zero as the number of surfaces increases.
Heterogeneous defenders facing value-targeted attacks will overinvest in private defenses due to a redirective externality.
Underinvestment in shared signal correlation occurs because it is a public good.
Collective information aggregation can become the decisive factor over private capability investment.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Defenders in practice should prioritize building shared threat intelligence platforms to achieve full cross-correlation.
The result may extend to other adversarial domains such as corporate competition or military strategy where information sharing can offset resource proliferation.
Empirical tests could involve measuring how correlation in real-world cybersecurity data affects investment ratios across varying numbers of targets.
Policy could focus on subsidizing information sharing to correct the public good underinvestment.

Load-bearing premise

The attacker's investment erodes defensive effectiveness conditionally on the defender's investment, creating an endogenous adversarial discount.

What would settle it

An empirical study or calibrated simulation that measures the arms race ratio across different numbers of attack surfaces under conditions of high versus low signal cross-correlation, checking if the ratio stays constant when correlation is full.

Figures

Figures reproduced from arXiv: 2605.04336 by James W. Bono.

**Figure 1.** Figure 1: Best-response functions and dynamic adjustment paths for three discount steepness view at source ↗

**Figure 2.** Figure 2: (a) Arms race ratio R0 versus number of surfaces N (log scale) for different signal cross-correlation levels γ under full dilution (ρ = 1). At γ = 1, R0 is flat (independent of N). At γ = 0, R0 is linear in N, rapidly crossing the R0 = 1 threshold. (b) Log-breach rate λ versus N (log-log scale). Both regimes are asymptotically linear in N, but the coefficients differ dramatically: with signal cross-correla… view at source ↗

**Figure 3.** Figure 3: Arms race ratio R0 versus cross-correlation γ for different surface counts N. At N = 1, γ does not appear in R0 (flat line). For N > 1, increasing γ sharply reduces R0, with larger N benefiting more. The dashed line marks R0 = 1: above it, the marginal unit of attacker effort has a larger effect on breach probability; below, the defender’s. 5 Extensions In this section, we step outside the formal model to … view at source ↗

read the original abstract

We study a contest-theoretic model of adversarial investment in which an attacker and a defender allocate resources to AI-augmented capabilities across multiple attack surfaces. The attacker's investment operates through two channels: it amplifies offensive potency unconditionally and erodes defensive effectiveness conditionally, generating an adversarial discount that deepens endogenously with the defender's own investment. We derive a closed-form arms race ratio decomposing the relative marginal effectiveness of offensive and defensive investment into six structural primitives and establish equilibrium uniqueness and global convergence under a continuous best-response dynamic. The central result concerns signal cross-correlation, the degree to which threat intelligence on one surface informs detection on another. With full cross-correlation, the arms race ratio is independent of the number of attack surfaces: the attacker's structural advantage from surface proliferation is completely neutralized. Under the benchmark full-dilution case, without cross-correlation, per-surface defense effectiveness vanishes as the attack surface grows. Extending the analysis to heterogeneous defenders facing an attacker who targets by expected value, we argue that the model points to a dual inefficiency: overinvestment in private defense (a zero-sum redirective externality) and underinvestment in shared signal correlation (a public good). These formal results, together with public-good reasoning outside the base model, characterize when collective information aggregation can dominate private capability investment as the decisive margin in adversarial contests.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

Full cross-correlation neutralizes the attacker's surface-proliferation advantage in this contest model, but the independence result looks tied to specific functional forms.

read the letter

The central claim is that when threat intelligence signals are fully cross-correlated, the arms race ratio between attacker and defender investment stops depending on the number of attack surfaces. That neutralizes what would otherwise be a structural edge for the attacker from spreading attacks thinner across more targets. The paper sets this up in a contest-theoretic framework where attacker spending boosts offense directly and also erodes defense effectiveness in a way that grows with the defender's own effort, creating an endogenous discount. It derives a closed-form decomposition of the ratio into six primitives, proves equilibrium uniqueness, and shows global convergence under continuous best-response dynamics. The extension to heterogeneous defenders who get targeted by expected value is a reasonable step toward realism, and the public-good framing for shared signals versus private defense investment follows naturally from the setup. These pieces give a clean mechanism for why collective information aggregation might matter more than individual capability buildup in AI-augmented cyber contests. The model does a solid job extending standard multi-battlefield ideas to this domain with explicit correlation effects. The independence result is the sharpest part and could inform thinking on threat-intel sharing policies. The main soft spot is that the neutralization appears to require the correlation term to offset per-surface dilution exactly in the effectiveness function. If the two channels are not multiplicatively separable in the way the paper specifies, or if surfaces differ in value or observability, the closed-form independence would not survive. The six primitives also mix structural parameters with some that may be hard to observe or calibrate without additional assumptions. The continuous dynamic convergence claim is stated but would benefit from more explicit checks on boundary cases. This is for readers already working in contest theory or cybersecurity economics who want a formal treatment of information externalities. It has enough structure and a clear policy hook to deserve serious referee time rather than a desk rejection.

Referee Report

3 major / 2 minor

Summary. The paper develops a contest-theoretic model of an attacker and defender allocating resources to AI-augmented capabilities across multiple attack surfaces. The attacker's investment amplifies offensive potency unconditionally while eroding defensive effectiveness conditionally, generating an endogenous adversarial discount. The authors derive a closed-form arms race ratio decomposing relative marginal effectiveness into six structural primitives, establish equilibrium uniqueness, and prove global convergence under a continuous best-response dynamic. The central result is that full signal cross-correlation renders the arms race ratio independent of the number of attack surfaces, neutralizing the attacker's structural advantage from surface proliferation. The analysis extends to heterogeneous defenders and identifies dual inefficiencies: overinvestment in private defense and underinvestment in shared signal correlation.

Significance. If the derivations hold, the paper offers a formal decomposition of cybersecurity arms-race dynamics that highlights information correlation as a public good capable of offsetting proliferation advantages. The closed-form result and dynamic convergence analysis provide analytical traction on when collective signal aggregation can dominate private capability investment, with potential implications for policy on threat-intelligence sharing.

major comments (3)

[Model Setup and Closed-Form Derivation] The independence of the arms race ratio from the number of surfaces (n) under full cross-correlation (rho=1) is load-bearing for the central claim. This cancellation requires that the correlation multiplier exactly offsets the per-surface dilution in the defender's effectiveness function while neutralizing the attacker's unconditional amplification channel. Please provide the explicit functional form of effectiveness (likely in the model section) and the algebraic steps in the ratio derivation showing that n drops out without residual dependence or post-hoc restrictions on the primitives.
[Adversarial Discount Definition] The two-channel adversarial discount mechanism (unconditional offensive amplification plus conditional defensive erosion) is central to generating the endogenous discount that deepens with defender investment. The independence result appears to require multiplicative separability between the correlation factor and the erosion term; if surfaces are not fully symmetric or if the conditional term is not specified in this exact way, the n-independence fails. Clarify whether this separability is assumed or derived, and test robustness.
[Equilibrium Uniqueness and Dynamics] The global convergence claim under the continuous best-response dynamic relies on the contraction property of the best-response mapping. Given the endogenous discount and the six primitives, small perturbations to the conditional erosion channel could violate the conditions for uniqueness or convergence; the manuscript should supply the relevant Jacobian or Lyapunov argument and note any restrictions this imposes on parameter values.

minor comments (2)

[Abstract] The abstract introduces the 'adversarial discount' and 'arms race ratio' without a one-sentence gloss; a brief parenthetical definition would improve accessibility.
[Model Section] Notation for the six structural primitives should be introduced consistently with a table or explicit list early in the model section to aid readers tracking the decomposition.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the careful and constructive report. The comments help clarify the central derivations and strengthen the presentation of the model's properties. We address each major comment below and have revised the manuscript to incorporate additional explicit derivations, robustness checks, and dynamic analysis details.

read point-by-point responses

Referee: [Model Setup and Closed-Form Derivation] The independence of the arms race ratio from the number of surfaces (n) under full cross-correlation (rho=1) is load-bearing for the central claim. This cancellation requires that the correlation multiplier exactly offsets the per-surface dilution in the defender's effectiveness function while neutralizing the attacker's unconditional amplification channel. Please provide the explicit functional form of effectiveness (likely in the model section) and the algebraic steps in the ratio derivation showing that n drops out without residual dependence or post-hoc restrictions on the primitives.

Authors: We have expanded the model section (now Section 2) to state the explicit functional forms. Defender effectiveness on surface i incorporates a correlation multiplier of the form (1 + (n-1)rho) scaled by the defender's allocation share, while attacker effectiveness receives an unconditional amplification factor independent of n. In the revised Appendix A, we provide the full algebraic derivation of the arms race ratio. When rho=1 the correlation term contributes a factor of n that precisely cancels the 1/n dilution arising from the defender spreading resources across surfaces; the attacker's unconditional channel factors symmetrically into both numerator and denominator and drops out of the ratio. The cancellation holds for any positive values of the six primitives with no additional restrictions imposed. revision: yes
Referee: [Adversarial Discount Definition] The two-channel adversarial discount mechanism (unconditional offensive amplification plus conditional defensive erosion) is central to generating the endogenous discount that deepens with defender investment. The independence result appears to require multiplicative separability between the correlation factor and the erosion term; if surfaces are not fully symmetric or if the conditional term is not specified in this exact way, the n-independence fails. Clarify whether this separability is assumed or derived, and test robustness.

Authors: The two-channel structure follows directly from the technological specification in Section 2: the attacker's investment produces an unconditional multiplicative boost to offensive potency and a conditional erosion term that scales with the defender's own investment and the realized correlation. Multiplicative separability between the correlation factor and the erosion term is derived from the additive signal-contribution assumption under symmetric surfaces rather than imposed ad hoc. In the revised manuscript we have added a robustness subsection (Section 3.3) that relaxes symmetry by allowing heterogeneous surface effectiveness parameters and replaces the multiplicative erosion with an additive specification. Under these alternatives the n-independence result continues to hold at rho=1, although the precise closed-form expression for the ratio changes. revision: partial
Referee: [Equilibrium Uniqueness and Dynamics] The global convergence claim under the continuous best-response dynamic relies on the contraction property of the best-response mapping. Given the endogenous discount and the six primitives, small perturbations to the conditional erosion channel could violate the conditions for uniqueness or convergence; the manuscript should supply the relevant Jacobian or Lyapunov argument and note any restrictions this imposes on parameter values.

Authors: We have augmented Section 4 with the explicit Jacobian of the continuous best-response mapping evaluated at the six primitives. The Jacobian is strictly diagonally dominant when all primitives are positive and the elasticity of the conditional erosion term is strictly less than one; this guarantees that the spectral radius is less than one and the mapping is a contraction. We also construct a Lyapunov function V equal to the sum of squared deviations from equilibrium investments and show that its derivative along trajectories is negative definite under the same parameter restrictions. These conditions are now stated explicitly as maintained assumptions in the revised text. revision: yes

Circularity Check

0 steps flagged

Derivation is self-contained; arms race ratio independence follows from explicit model primitives without reduction to inputs by construction.

full rationale

The paper constructs a contest-theoretic model with two explicit investment channels for the attacker and a signal cross-correlation parameter. It derives a closed-form decomposition of the arms race ratio into six structural primitives and shows that full cross-correlation cancels n-dependence in the ratio. This cancellation is a direct algebraic consequence of the stated effectiveness and correlation functions rather than a tautological redefinition or fitted input. No self-citations are used to justify uniqueness or the core functional forms, equilibrium convergence is shown via best-response dynamics, and the result is not presented as a prediction fitted to data. The model is therefore self-contained against its own assumptions.

Axiom & Free-Parameter Ledger

1 free parameters · 1 axioms · 1 invented entities

The central claim rests on the two-channel investment structure, the endogenous deepening of the adversarial discount, and the continuous best-response dynamic for convergence; these are introduced without external benchmarks or independent evidence in the abstract.

free parameters (1)

six structural primitives
The closed-form arms race ratio is decomposed into six structural primitives whose values or estimation method are not specified.

axioms (1)

domain assumption Continuous best-response dynamic yields global convergence to unique equilibrium
Invoked to establish equilibrium uniqueness without further justification in the abstract.

invented entities (1)

adversarial discount no independent evidence
purpose: Captures the conditional erosion of defensive effectiveness that deepens with defender investment
New modeling device introduced to generate the endogenous interaction between attacker and defender spending.

pith-pipeline@v0.9.0 · 5765 in / 1366 out tokens · 53105 ms · 2026-05-20T23:43:19.114306+00:00 · methodology

Review history (2 revisions) →

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Foundation/AlexanderDuality.lean alexander_duality_circle_linking unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

With full cross-correlation, the arms race ratio is independent of the number of attack surfaces: the attacker's structural advantage from surface proliferation is completely neutralized.
IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

R(d,a) = h'(a)(1+δ(a)ds)/[h(a)δ(a)s] + |δ'(a)|d/δ(a)

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

12 extracted references · 12 canonical work pages

[1]

Austin Ebel and Debasis Mitra

doi: 10.1016/j.jet.2016.09.009. Austin Ebel and Debasis Mitra. Economics and optimal investment policies of attackers and defenders in cybersecurity.Journal of Cybersecurity, 10(1):tyae019,

work page doi:10.1016/j.jet.2016.09.009 2016
[2]

Vaibhav Garg and Jayati Dev

doi: 10.1007/978-94-015-7793-9. Vaibhav Garg and Jayati Dev. Artificial intelligence and the new economics of cyberattacks.https://www.usenix.org/publications/loginonline/ artificial-intelligence-and-new-economics-cyberattacks,

work page doi:10.1007/978-94-015-7793-9
[3]

Lawrence A

doi: 10.1145/ 581271.581274. Lawrence A. Gordon, Martin P. Loeb, William Lucyshyn, and Lei Zhou. Externalities and the magnitude of cyber security underinvestment by private sector firms: A modification of the gordon-loeb model.Journal of Information Security, 6:24–30,

work page arXiv
[4]

Sanjeev Goyal and Adrien Vigier

doi: 10.4236/ jis.2015.61003. Sanjeev Goyal and Adrien Vigier. Attack, defence, and contagion in networks.Review of Economic Studies, 81(4):1518–1542,

work page arXiv 2015
[5]

Kjell Hausken, Jonathan W

doi: 10.1093/restud/rdu013. Kjell Hausken, Jonathan W. Welburn, and Jun Zhuang. A review of attacker–defender games and cyber security.Games, 15(4):28,

work page doi:10.1093/restud/rdu013
[6]

Chad Heitzenrater

doi: 10.3390/g15040028. Chad Heitzenrater. The winning economics of cybersecurity in an age of advanced artificial intelligence. Perspective PE-A3691-11, RAND Corporation,

work page doi:10.3390/g15040028
[7]

David Iliaev, Sigal Oren, and Ella Segev

doi: 10.1016/ j.ejor.2023.04.009. David Iliaev, Sigal Oren, and Ella Segev. A tullock-contest-based approach for cy- ber security investments.Annals of Operations Research, 320(1):61–84,

work page 2023
[8]

Ali Pala and Jun Zhuang

doi: 10.1007/s10479-022-04958-z. Ali Pala and Jun Zhuang. Information sharing in cybersecurity: A review.Decision Analysis, 16(3):172–196,

work page doi:10.1007/s10479-022-04958-z
[9]

Sankardas Roy, Charles Ellis, Sajjan Shiva, Dipankar Dasgupta, Vivek Shandilya, and Qishi Wu

doi: 10.1287/deca.2018.0387. Sankardas Roy, Charles Ellis, Sajjan Shiva, Dipankar Dasgupta, Vivek Shandilya, and Qishi Wu. A survey of game theory as applied to network security. In2010 43rd Hawaii International Conference on System Sciences, pages 1–10. IEEE,

work page doi:10.1287/deca.2018.0387 2018
[10]

Stergios Skaperdas

doi: 10.1109/ HICSS.2010.35. Stergios Skaperdas. Contest success functions.Economic Theory, 7(2):283–290,

work page 2010
[11]

doi: 10.1007/BF01213906. 17 A Proofs and Derivations A.1 Derivation of the Arms Race Ratio (Section 3.2) For per-surface breach probabilityq=q 0h(a)/[q0h(a) + (1−q 0)(1 +δ(a)ds e i)] in the contest form, the marginal effects are: ∂q ∂a = q0(1−q 0)[h′(a)(1 +δ(a)ds e i) +h(a)|δ ′(a)|dse i] Φ2 − ∂q ∂d = q0(1−q 0)h(a)δ(a)s e i Φ2 Theq 0(1−q 0)/Φ2 factors canc...

work page doi:10.1007/bf01213906
[12]

Since both constrained best responses satisfyd BR(a)≥0 anda BR(d)≥0, trajectories cannot escape the positive orthant

The divergence argument applies separately to each smooth region, and the Bendixson criterion extends by considering the net flux across the piecewise-smooth boundaries. Since both constrained best responses satisfyd BR(a)≥0 anda BR(d)≥0, trajectories cannot escape the positive orthant. For a rigorous treatment of Poincar´ e-Bendixson on piecewise-smooth ...

work page 1988

[1] [1]

Austin Ebel and Debasis Mitra

doi: 10.1016/j.jet.2016.09.009. Austin Ebel and Debasis Mitra. Economics and optimal investment policies of attackers and defenders in cybersecurity.Journal of Cybersecurity, 10(1):tyae019,

work page doi:10.1016/j.jet.2016.09.009 2016

[2] [2]

Vaibhav Garg and Jayati Dev

doi: 10.1007/978-94-015-7793-9. Vaibhav Garg and Jayati Dev. Artificial intelligence and the new economics of cyberattacks.https://www.usenix.org/publications/loginonline/ artificial-intelligence-and-new-economics-cyberattacks,

work page doi:10.1007/978-94-015-7793-9

[3] [3]

Lawrence A

doi: 10.1145/ 581271.581274. Lawrence A. Gordon, Martin P. Loeb, William Lucyshyn, and Lei Zhou. Externalities and the magnitude of cyber security underinvestment by private sector firms: A modification of the gordon-loeb model.Journal of Information Security, 6:24–30,

work page arXiv

[4] [4]

Sanjeev Goyal and Adrien Vigier

doi: 10.4236/ jis.2015.61003. Sanjeev Goyal and Adrien Vigier. Attack, defence, and contagion in networks.Review of Economic Studies, 81(4):1518–1542,

work page arXiv 2015

[5] [5]

Kjell Hausken, Jonathan W

doi: 10.1093/restud/rdu013. Kjell Hausken, Jonathan W. Welburn, and Jun Zhuang. A review of attacker–defender games and cyber security.Games, 15(4):28,

work page doi:10.1093/restud/rdu013

[6] [6]

Chad Heitzenrater

doi: 10.3390/g15040028. Chad Heitzenrater. The winning economics of cybersecurity in an age of advanced artificial intelligence. Perspective PE-A3691-11, RAND Corporation,

work page doi:10.3390/g15040028

[7] [7]

David Iliaev, Sigal Oren, and Ella Segev

doi: 10.1016/ j.ejor.2023.04.009. David Iliaev, Sigal Oren, and Ella Segev. A tullock-contest-based approach for cy- ber security investments.Annals of Operations Research, 320(1):61–84,

work page 2023

[8] [8]

Ali Pala and Jun Zhuang

doi: 10.1007/s10479-022-04958-z. Ali Pala and Jun Zhuang. Information sharing in cybersecurity: A review.Decision Analysis, 16(3):172–196,

work page doi:10.1007/s10479-022-04958-z

[9] [9]

Sankardas Roy, Charles Ellis, Sajjan Shiva, Dipankar Dasgupta, Vivek Shandilya, and Qishi Wu

doi: 10.1287/deca.2018.0387. Sankardas Roy, Charles Ellis, Sajjan Shiva, Dipankar Dasgupta, Vivek Shandilya, and Qishi Wu. A survey of game theory as applied to network security. In2010 43rd Hawaii International Conference on System Sciences, pages 1–10. IEEE,

work page doi:10.1287/deca.2018.0387 2018

[10] [10]

Stergios Skaperdas

doi: 10.1109/ HICSS.2010.35. Stergios Skaperdas. Contest success functions.Economic Theory, 7(2):283–290,

work page 2010

[11] [11]

doi: 10.1007/BF01213906. 17 A Proofs and Derivations A.1 Derivation of the Arms Race Ratio (Section 3.2) For per-surface breach probabilityq=q 0h(a)/[q0h(a) + (1−q 0)(1 +δ(a)ds e i)] in the contest form, the marginal effects are: ∂q ∂a = q0(1−q 0)[h′(a)(1 +δ(a)ds e i) +h(a)|δ ′(a)|dse i] Φ2 − ∂q ∂d = q0(1−q 0)h(a)δ(a)s e i Φ2 Theq 0(1−q 0)/Φ2 factors canc...

work page doi:10.1007/bf01213906

[12] [12]

Since both constrained best responses satisfyd BR(a)≥0 anda BR(d)≥0, trajectories cannot escape the positive orthant

The divergence argument applies separately to each smooth region, and the Bendixson criterion extends by considering the net flux across the piecewise-smooth boundaries. Since both constrained best responses satisfyd BR(a)≥0 anda BR(d)≥0, trajectories cannot escape the positive orthant. For a rigorous treatment of Poincar´ e-Bendixson on piecewise-smooth ...

work page 1988