March 31, 2024 at 07:44AM Generative AI services like Midjourney and OpenAI’s DALL-E excel at creating intricate art from text prompts, but struggle with simple tasks. A request for a plain white background led to complex, unrelated images. Similar challenges were observed with other colors and with ChatGPT when asked to do nothing. Overcoming these … Read more
March 17, 2024 at 10:37PM Recently, a new AI side-channel vulnerability was discovered, allowing attackers to intercept tokens from non-Google ChatGPT derivatives during chat sessions. Researchers at Ben Gurion University successfully reconstructed AI responses and inferred topics. Cloudflare addressed the issue by padding its tokens and deploying the fix to its products. Additionally, an infostealer … Read more
March 15, 2024 at 08:15AM Third-party plugins for OpenAI ChatGPT pose a security risk, allowing attackers to gain unauthorized access to sensitive data. Vulnerabilities in ChatGPT and its ecosystem enable the installation of malicious plugins without consent, potentially leading to hijacked accounts on third-party websites. Additionally, a side-channel attack method has been discovered, which can … Read more
March 14, 2024 at 07:57AM Since November 2022, the use of Generative AI has surged, with around 12,000 AI tools available for over 16,000 job tasks. Many employees are using these tools without employer approval, raising concerns about data protection and compliance. Security issues include privacy policies, prompt injection, and account takeover risks. Educating users … Read more
March 13, 2024 at 09:27AM Salt Security analyzed ChatGPT plugins and uncovered vulnerabilities that could be exploited to access sensitive data and take over accounts on third-party websites. These vulnerabilities affected the OAuth authentication process, potentially leading to unauthorized data access and account takeovers. Vendors were promptly notified and patches were implemented. Additionally, future GPTs … Read more
February 9, 2024 at 11:58AM Generative AI has transitioned from a novelty to a tool for cybercriminals, enhancing social engineering and fraud while allowing criminals to mine large datasets for information. Defending against these threats requires evolved security practices, strong enterprise security cultures, and baked-in security at the application development stage. Zero-trust approaches and AI … Read more
January 30, 2024 at 11:54AM Italian regulators informed OpenAI that its ChatGPT chatbot violated the European Union’s data privacy regulations. The country’s data protection authority, Garante, discovered breaches and temporarily banned the chatbot in Italy. OpenAI has 30 days to respond to the allegations. Regulators in the U.S. and EU are also examining AI startups … Read more
January 30, 2024 at 06:12AM The Italian data protection authority has accused OpenAI of violating GDPR laws regarding ChatGPT’s data collection, leading to a 30-day response window. Similar concerns arise with Google’s Bard chatbot, while Apple opposes proposed U.K. Investigatory Powers Act amendments, citing threats to user privacy and security updates. This ongoing issue highlights … Read more
January 17, 2024 at 06:30AM OpenAI has outlined safeguards against election misinformation for its generative AI tools that can create compelling fake images and texts. This includes banning technology use for misleading purposes, digital watermarking of AI images, and ensuring users receive accurate voting information. OpenAI’s CEO expresses vigilance and anxiety about preventing misuse during … Read more
December 28, 2023 at 10:02AM DDoS attacks and zero-day threats continue to plague cybersecurity due to their effectiveness, with OpenAI attributing ChatGPT issues to a DDoS attack. The rise in IoT vulnerabilities and new network protocols contributes to the surge in attacks, prompting the need for robust anti-DDoS strategies, including scalable infrastructure, traffic monitoring, and … Read more