OpenPolicy’s Post

🌍 Exploring the latest trends and opportunities in the digital realm 🌍 🚩Cybercrime groups are leveraging advanced tactics, with artificial intelligence elevating the sophistication of cyberattacks 🚩A multi-functional strategy is emerging to combat cyber-related crimes effectively #DigitalTrends #Cybersecurity #AI #CybercrimePrevention

AI for bad. Artificial Intelligence was defined as the greatest danger to humanity by the The World Economic Forum. Here is one example: the most alarming cyber threat today are highly sophisticated hacking tools, which are operated by "script kiddies" - inexperienced amateurs. A new report from CyberArk warns, that through AI they become a real danger to companies and corporations around the world. How It Works? Just as ChatGPT and other chatbots can write an article or a poem for us, they can also write a malicious code that breaks banks security. You just need to know how to get them to do it. The author of the report, cyber expert Len Noe of Cyberark, tells us that the script kiddies use #promptengineering methods to bypass all the protection mechanisms of companies like OpenAI, Google and others and thus they can use chatbots to get to information that is blocked from access - from identifying vulnerabilities in cyber defense to guidelines for the production of drugs and weapons. "Script kiddies" is a fond name for a disturbing but not dangerous phenomenon that has been known for many years. But now this is changing. Noe says: "The script kiddies are dead, today we have to talk about AI kiddies." According to him, they are still novices with no understanding of cyber tools, but the danger inherent in them has become a real threat thanks to their partner - AI. He cites as an example a code known as DAN (Do Anything Now): a three-page long code that, if fed into ChatGPT, gives access to huge amounts of information, which OpenAI has blocked because of the dangers. Noe says that if AI is used negatively, the result "could be catastrophic". Let's say you ask ChatGPT for instructions on making #methamphetamine. The answer will be: "I cannot provide you with this information." But if you run the DAN code beforehand, it will give you the complete recipe, including amounts, ingredients, process steps. In a similar way, you can ask for a code to break any cyber defence or locate weakneses. The future is even less optimistic with the developement of #AGI (Artificial General Intelligence), the "super intelligence". Noe says: "If AGI wants to destroy humanity, it can do so by launching a cyberattack that no one can stop". Read the full article on ynet (in Hebrew) where you can learn more about Len Noe, the technical evangelist for Cyberark, a #whitehat hacker and a #transhuman. With electronic implants in his body, he can hack into phones and electronic locks. As a child he grew up in a slum in Detroit, was a member of a biker gang, then a cybercriminal. Today, back on track, he says his past and shady background help clients better defend themselves against the bad actors.

🌊🔒 At Ocean Investments, we're always tuned into the cutting edge of cybersecurity. Boris Goncharov of AMATAS, a gem in our portfolio, recently shared some thought-provoking insights. 🚀 Boris points out a crucial misconception about AI in cybersecurity: it's not a silver bullet. While AI's analytical prowess is impressive, it can't replace the need for human expertise, strategic thinking, and continuous learning. 🧠💡 At this year's Consumer Electronics Show (CES), AI was everywhere, hinting at its growing influence in cybersecurity. But, as Boris notes, this brings a double-edged sword. For instance, the synthetic reality that AI is able to create carries numerous socio-political and cultural risks yet to be fully understood. 🌐🔮 Here's the kicker: generative AI might be giving the upper hand to attackers over defenders. With the rapid spread of this tech, many companies are falling below the 'cybersecurity poverty line', struggling with complex and costly security solutions. The attackers, unfettered by budgets or corporate constraints, are leveraging AI for more sophisticated phishing, malware, and system exploits. 🤖⚔️ As we navigate these choppy waters, it's a race for defenders to stay ahead, constantly learning and adapting. 🛡️🚤 What are your thoughts on AI's role in cybersecurity? Join the conversation with us, Boris Goncharov, and AMATAS. 🔗 https://buff.ly/42fDzf9 #Cybersecurity #AI #Innovation #OceanInvestments #AMATAS Digitalk

Nowadays, LLM security is a hot topic, especially for corporations and companies rolling out AI solutions. I recently published an article discussing the main risks and vulnerabilities of LLMs where I described technical details of data breaches and outlined ways on what companies can do to prevent such actions. Feel free to take a look. Here’s the link: https://lnkd.in/eg-eJnwv Please note, the post is in Russian.

I'll be in Boston Tuesday, Feb 20th. for some AI + AI Policy stuff, let me know if there's anyone I should meet! Currently thinking about: - Audits and risk assessments for foundation models - Foundation models in military / cyber / natsec contexts - Ways the government + philanthropists can accelerate AI safety

🏖 WEEKEND BRIEFING 🍸 An international conference on military artificial intelligence was held in Seoul earlier this week, bringing together top thinkers from over 90 countries to explore the uncertain futures posed by AI technologies. Following two days of discussions among nearly a hundred national delegates, the Responsible AI in the Military Domain (REAIM) Summit adopted the “Blueprint for Action,” a joint declaration on the responsible use of AI in warfare. The document, which outlines principles for using AI in the military domain—including compliance with international law, maintaining human control, and enhancing AI trustworthiness—was endorsed by 61 nations. Readers will find a full statement in this briefing, along with two stories directly reported from the REAIM Summit 2024 by The Readable. A day after the REAIM Summit, the Seoul Defense Dialogue (SDD) and the inaugural international cyber training exercise, APEX (Allied Power Exercise) 2024, also commenced. South Korean President Yoon Suk-yeol attended APEX 2024 in person, observing the initial stage of the cyber project he had promised to NATO member and partner states in July of the previous year. I had the opportunity to personally tour the training site while international collaboration was in full swing. I’ve included several pictures from the event and an article about the exercise. Stories on the use of AI in cyber insurance and the latest developments in Chinese cyber espionage are must-reads as well. This is Dain Oh reporting from South Korea, and here is your weekend briefing. 1. Regulating autonomous AI systems is key to avoiding apocalypse, experts say 2. UK experts call for strategic regulation of military AI 3. Full statement: REAIM Blueprint for Action 4. Global defense leaders discuss emerging security threats at Seoul Defense Dialogue 5. Renewed phase of Chinese espionage operation targeted government agency in Southeast Asia 6. US companies use AI to claim cyber insurance, a survey reveals 7. South Korea hosts international cyber exercise, inviting 24 nations to Seoul https://lnkd.in/gttzCE8K REAIMSummit #REAIM2024 #SDD #Seoul_Defense_Dialogue #APEX2024 #militaryAI #responsibleAI #cybersecurity #cyber_training #SouthKorea Sophos Delinea #espionage #cyber_insurance

"#Threat #Intelligence is like the survivorship bias, if you understand what I mean 🤔 We learn from reports about what has been investigated, described, and entered into the annals, databases, reports, feeds, and other examples of documented threat information ⚠️ Obviously, something remains behind the scenes and doesn’t get recorded anywhere. And there are many reasons for this – they don’t know how to investigate, they didn’t invite the right people for the investigation 🤠, they conducted an investigation but decided not to share the results with anyone (it’s scary and shameful)... There are many reasons, but the result is the same 🤐 For the same reason, the techniques in #MITRE ATT&CK do not describe all the ways organizations are hacked. There have already been many cases where a technique is not included because it was reported by a sanctioned company, or because "we have no evidence that the technique was used in the wild"... 🤦♂️ Therefore, MITRE ATT&CK is good, it's a must-have, it's essential, but it's not enough. And if indicators from the latest TI report are not detected in your infrastructure, it still doesn't guarantee that no one is inside 🏝" src https://lnkd.in/dzNjXBRE

Security Journal Americas Article: Emerging Trends in Integrated Systems I wrote an article for SJA highlighting the trends I see with integrated systems and the clients I work with. There are more trends than I speak to in this article; at this point, you could write a book about it! If you're interested in a virtual coffee chat to talk about vision/strategy and planning with integrated systems and emerging technologies (especially) then give me a ping at wplante@everonsolutions.com #everon #security #technology #technologytrends #consulting #AI  https://lnkd.in/eM4iJiVu

𝐋𝐋𝐌𝐬 𝐬𝐚𝐟𝐞𝐭𝐲: 𝐰𝐡𝐚𝐭 𝐢𝐬 "𝐑𝐞𝐝 𝐓𝐞𝐚𝐦𝐢𝐧𝐠"? It involves internal teams simulating adversarial roles, such as hackers or malicious actors, to pressure test systems and identify vulnerabilities. If there is any holes or risk in the system, the aim is to find them internally, before they might go externally. 𝐅𝐨𝐫 𝐢𝐧𝐬𝐭𝐚𝐧𝐜𝐞, red teaming is used to ensure factual accuracy. LLMs are trained on data that's out there and really reflecting society, which can have biased content and offensive content. The role of the red team is to ensure that the model improves beyond the broad public data that it's ingesting and that the output is aligned with the company's values. 𝐎𝐫𝐢𝐠𝐢𝐧: The term "Red Team" originates from Cold War simulations conducted by the United States military, where the "Red Team" represented the adversaries, typically the Soviets, and the "Blue Team" represented the United States. These simulations were aimed at testing military strategies and defenses in hypothetical conflict scenarios. Over time, the concept of red teaming has been adopted by various industries, including cybersecurity, to assess and enhance organizational security posture. #llm #datascience #ai

National Institute of Standards and Technology (NIST) has released a testbed designed to measure how malicious attacks — particularly attacks that “poison” AI model training data.  Read More - https://lnkd.in/dWA3xAUD The agency that develops and tests tech for the U.S. government, companies and the broader public, has re-released a testbed designed to measure how malicious attacks — particularly attacks that “poison” AI model training data — might degrade the performance of an AI system. Image Credit - v_alex / Getty Images MAVIP Group | Pratyush Shastri | Ishita Das | Anshul Gupta | Vikram D. | Ranjana Arora | Antima Sharda | Manikandan Sivanandam | Abdallah Jallouf | Pawan I.| Manoj Bagdare | Vikas Mehra | Aryan Pitliya #nist #america #cyberattacks #ai #aimodel #data #breach #cybersecurity #technews #innovation #techproduct