September 3, 2024 at 06:41PM This blog discusses the concept of Rogue AI, which acts against its creators’ or users’ interests. It covers the challenges of understanding misalignment in AI systems and provides case studies of subverted, malicious, and accidental rogue AI. Preventing and responding to these threats requires monitoring, protection, and guardrails. Future blogs … Read more
September 2, 2024 at 03:24AM FBI and CISA issued a joint advisory on new ransomware threats, describing a cybercriminal group and methods. The rapid growth in attacks calls for urgent adjustments in cyber defense strategies. Phishing-resistant MFA is crucial, with next-generation solutions and targeted deployments recommended. Organizations need to upgrade defense strategies to protect against … Read more
August 28, 2024 at 10:03AM The rise of generative AI and large language models bring real security risks, from exposing data to malicious attacks. The rapid adoption of AI introduces new risks, but the opaque nature of AI models makes identifying and managing these risks challenging. Implementing an AI security framework and following key strategies … Read more
August 27, 2024 at 07:54AM Cisco has announced its plan to acquire Robust Intelligence, a California-based company specializing in securing AI applications. The financial details have not been disclosed, but Cisco has reportedly invested in the company. Robust Intelligence has developed an AI application security platform used by major organizations such as JPMorgan Chase, IBM, … Read more
August 27, 2024 at 02:27AM A now-patched vulnerability in Microsoft 365 Copilot allowed for theft of sensitive user information using ASCII smuggling. Attack methods included prompting injection, data exfiltration via hidden links, and exploiting AI tools. Microsoft addressed the issue after responsible disclosure in January 2024, yet risks in AI tools persist, emphasizing the need … Read more
August 26, 2024 at 07:30AM Cybersecurity researchers have identified over 20 vulnerabilities in machine learning (ML) software supply chain, posing severe risks like arbitrary code execution and dataset loading. These affect MLOps platforms and ML libraries, like MLFlow and Seldon Core, enabling attackers to execute code and move laterally. The disclosure emphasizes the need for … Read more
August 15, 2024 at 09:26AM Summary: The blog discusses the emergence of Rogue AI as a future cyber threat and emphasizes the need for understanding and mitigating its risks. It outlines the concept of Rogue AI, its categories – malicious, accidental, subverted, and the importance of adopting a comprehensive and proactive security approach in the … Read more
August 13, 2024 at 10:17AM The broad use of gen AI copilots poses a growing risk of data breaches. These tools can access and expose sensitive data, leading to security challenges such as unauthorized access, data exfiltration, and increased vulnerabilities. To mitigate these risks, organizations must focus on right-sizing permissions, labeling sensitive data, and monitoring … Read more
August 8, 2024 at 02:56PM Enterprises are rapidly adopting Microsoft’s Copilot AI-based chatbots to enhance employee productivity, but security researcher Michael Bargury demonstrated at Black Hat USA how attackers could exploit Copilot for data theft and social engineering. He also released an offensive toolset for Copilot and emphasized the need for better detection of “promptware” … Read more
August 5, 2024 at 09:42AM The text discusses the hype and challenges around implementing AI in organizations. It emphasizes the importance of applying AI to specific problems, understanding its implications, developing appropriate policies, choosing specific challenges, understanding exposure and additional risks, and continuously measuring and improving its use. It also highlights the need to follow … Read more