That this tends to be true does not make it a law of nature. I think it’s a false dichotomy born of security people focusing on the outer extremes of threat modeling and preparing for worst case scenarios, and rarely if ever considering the most common cases and tradeoffs “real” security asks of users. See “Why Johnny Can’t Encrypt,” and the rest of the usable security literature.
To me this is the singular drive behind AI development. Big shops realized they can collect orders of magnitude more data than they can keep up with, so they started pushing to develop more and more sophisticated algorithms to process it all. Eventually that lead to LLMs that (maybe someday) can ingest it all, process it all, and reason about it all.
That this tends to be true does not make it a law of nature. I think it’s a false dichotomy born of security people focusing on the outer extremes of threat modeling and preparing for worst case scenarios, and rarely if ever considering the most common cases and tradeoffs “real” security asks of users. See “Why Johnny Can’t Encrypt,” and the rest of the usable security literature.