Security Pressures Mount Around AI's Promises & Peril
Both threats to enterprises and career opportunities are being created by the escalation of generative AI and ChatGPT, warns Maria 'Azeria' Markstedter.
Explore the intersection of AI and cybersecurity. Stay informed on AI-driven security trends, tools, and threats in the ever-evolving digital landscape.
Search across headline titles and summaries.
Background for this topic.
Artificial intelligence (AI) describes computer systems that perform tasks such as recognizing patterns, making predictions, understanding language, or generating content. In security reporting, the term commonly includes machine-learning models used for detection and analysis, as well as generative AI applications that produce text, code, images, or other outputs.
AI can help analyze security telemetry, prioritize vulnerabilities, and support investigations, but its outputs can be wrong or manipulated. Important attack surfaces include prompt injection that steers an application into unintended actions, sensitive data being exposed through prompts or model outputs, and excessive permissions granted to AI systems that use external tools. Models can also be degraded by poisoned training data or evaded with carefully crafted inputs. Practitioners should protect training and operational data, limit model access and tool permissions, test for adversarial behavior, and require appropriate human validation before high-impact decisions.
Both threats to enterprises and career opportunities are being created by the escalation of generative AI and ChatGPT, warns Maria 'Azeria' Markstedter.
Enterprise usages of generative AI are what is going to turn the threat model of many organizations upside down, Maria Markstedter argued during her speech at Black Hat USA
Time to get real about what it takes to set and enforce cybersecurity and resilience standards for AI risk management in the enterprise.
The new AI Cyber Challenge (AIxCC) is sponsored by DARPA, Google, Microsoft, OpenAI, Anthropic and the Open Source Security Foundation
A challenge will be offered to teams to build tools using AI in order to solve open source's vulnerability challenges.
Without cybersecurity guardrails now, AI will be harder to harness in the future.
The open source tool — a collaboration between Robust Intelligence, MITRE, and Indiana University — assesses heavily shared, public machine learning models for risk.
WormGPT, a private new chatbot service advertised as a way to use Artificial Intelligence (AI) to help write malicious software without all the pesky prohibitions on such activity enforced by ChatGPT and Google Bard, has started adding restrictions on how the service can be used. Faced with customers trying to use WormGPT to create ransomware and phishing scams, the 23-year-old Portuguese programmer who created the project now says his service is slowly morphing into “a more controlled environment.” The large language models (LLMs) made by ChatGPT parent OpenAI or Google or Microsoft all have various safety measures designed to prevent people from abusing them for nefarious purposes — such as creating malware or hate speech. In contrast, WormGPT has promoted itself as a new LLM that was created specifically for cybercrime activities.
Are we really improving security, or are we just imposing more regulation?
How generative AI influenced threat trends in 1H 2023
ChatGPT promises to transform all sorts of corporate business functions, but your business needs to be prepared to address the new risks that come with it.