Prashant Kulkarni

What's the difference between model explainability, interpretability, and observability? Jason Zhong's debut TDS article outlines the nuanced distinctions you should be aware of.

15

1 Comment

🔍 New research reveals that teams of Large Language Models (#LLMs) can autonomously identify and exploit zero-day vulnerabilities without prior description of the flaw's nature. According to Tom's Hardware, a study from the University of Illinois Urbana-Champaign demonstrates that coordinated teams of GPT-4 instances outperform human experts and dedicated software in breaching security flaws. This breakthrough underscores the potential for LLMs to outpace human hackers in both speed and efficiency. Read more: https://lnkd.in/gr3xFens

26

See me in this article on CNBC: https://lnkd.in/e2H6_SyS Let me know what you think. #TheGodfatherofTech #TimBates #CNBC #AI #AIWashing #Mircosoft

3

ICYMI: The inaugural study on EPSS performance and broader vulnerability exploitation trends published this week. If you've ever wanted data-driven answers to questions like these listed in the ToC shown here, download it today (free, no registration req'd): https://lnkd.in/gBbsgwQM #vulnerabilitymanagement #vulnerabilities #infosec

51

8 Comments

Time for organizations to start thinking about transiting to quantum safe cryptography. Understanding Cryptography Bill of Materials (CBOMs) is a good first step...

1

1 Comment

Cybersecurity researchers have unearthed new network infrastructure set up by Iranian threat actors to support activities linked to the recent targeting of U.S. political campaigns. Recorded Future's Insikt Group has linked the infrastructure to a hacking group it tracks as GreenCharlie, an Iran-nexus cyber threat group that overlaps with APT42, Charming Kitten, Damselfly, Mint Sandstorm (formerly Phosphorus), TA453, and Yellow Garuda. https://lnkd.in/g6vDKJET

8

APT45: North Korea’s Digital Military Machine "APT45 is a long-running, moderately sophisticated North Korean cyber operator that has carried out espionage campaigns as early as 2009. APT45 has gradually expanded into financially-motivated operations, and the group’s suspected development and deployment of ransomware sets it apart from other North Korean operators. APT45 and activity clusters suspected of being linked to the group are strongly associated with a distinct genealogy of malware families separate from peer North Korean operators like TEMP.Hermit and APT43. Among the groups assessed to operate from the Democratic People's Republic of Korea (DPRK), APT45 has been the most frequently observed targeting critical infrastructure."

2

1 Comment

📣As we observe Memorial Day, I'd like to share some thoughts on the vastness and connectivity of the Internet. It's astounding how we interact with millions of people, many of whom we know little about. As a Marine and a war veteran🪖, I've had experiences where individuals approached me with questionable intentions, often revealing hidden agendas.🥸 In the realm of cybersecurity, vigilance is crucial. Platforms like WhatsApp and Signal are popular for their encrypted communications, but they come with their own sets of risks and considerations. While Signal is secure, it has been decrypted for court cases, which raises questions about privacy. WhatsApp, on the other hand, is often criticized for security, but its point-to-point encryption ensures conversations remain private.🔐 As someone experienced in detecting potential threats, I understand the importance of cybersecurity. However, many citizens lack this awareness. It's crucial to remain cautious when engaging with others online, as we may unknowingly interact with individuals with harmful intentions. On this Memorial Day, let's remember the sacrifices made for our freedoms and acknowledge the importance of security in protecting those freedoms. Without vigilance and sacrifice, our liberties could be at risk.🧐 Let's honor those who have served and continue to safeguard our nation. #Memorialday #technology ##Leadership https://lnkd.in/epnSXFiW

3

Earlier this week, the National Institute of Standards and Technology (NIST) issued interim guidance for agencies seeking to make use of ‘syncable authenticators’ (for example, passkeys) in both enterprise-facing and public-facing use cases. What does this mean? Essentially, NIST is saying that it is acceptable to use a passkey that can be shared across multiple devices as way to meet AAL2 standards for authentication. NIST acknowledges the risk that come along with syncable authenticators, many of which we spelled out in a blog post a while ago (see here - https://lnkd.in/eiDMtNtt): - How to securely store, transmit and protect the keys - How to ensure that the keys are used by the authorized person - How to implement strong authentication in shared device scenarios The challenge becomes really obvious when you look at the definition of AAL2 with the updated definition: 1. "To meet AAL2 requirements, the syncable authenticator SHALL make use of a local authentication event to unlock the locally stored key or SHALL be used with another authenticator (e.g., a user-selected password) if no local authentication mechanism is available." So essentially, you can either unlock the key with a local authenticator (implying a biometric) or with a password. What do you think the fraudsters are going to do? 2. "Private keys stored in cloud-based accounts SHALL be protected by access control mechanisms such that only the authenticated user can access their private keys in the sync fabric." Cloud-based accounts today are also primarily protected by passwords. So again I ask, what do you think the fraudsters are going to do? We built Anonybit to handle this scenario exactly. The decentralized data vault can securely store the passkey. The passkey will then get bound to the user's biometric in the decentralized cloud. To retrieve the passkey, the user needs to authenticate themselves with the biometric. This solution ensures that only the authorized person can retrieve and use the passkey. No more tradeoffs between privacy and security. Have your cake and eat it too. DM me to see it in action. #passkeys #fido2 #authentication #passwordlessauthentication #identitymanagement #innovation #datavault #decentralizedbiometrics #enterprisesecurity https://lnkd.in/e3de-DK7

30

2 Comments

This is BIG! - The National Institute of Standards and Technology (NIST) has published draft report that includes the deprecation of the RSA, ECDSA and EdDSA by 2030. Check Table 2 (Quantum-vulnerable digital signature algorithms) on page 13 (20 in the viewer below)! #rsa #ecdsa #cryptography #pqc

185

9 Comments

Here is the next episode of The Intelligence Cycle. https://lnkd.in/gXE5948N

3

✦ The Open Source Initiative unveils OSAID 1.0, establishing STANDARDS for classifying AI models as OPEN SOURCE ✦ Key criteria include REPRODUCIBILITY, USAGE RIGHTS, and LACK OF ENFORCEMENT ✦ OSAID aims to UNIFY policymakers and developers amid tensions between TECH GIANTS and true open source compliance #OpenSourceAI #OSAID #TechStandards

IBM's Granite 13B LLM just got a major boost! VP Armand Ruiz revealed the 6.48 TB dataset used for training, which was meticulously refined to 2.07 TB to ensure top-notch quality and ethical standards. Curated from diverse sources like arXiv, GitHub, Pubmed, and more, this dataset promises unbiased and robust enterprise AI applications. With four Granite code model variations, IBM's latest release outshines competitors like Code Llama in multiple benchmarks. Curious to dive deeper? Link in the comments below 👇

31

1 Comment

We’re excited to have Xiaoyi Chen from Indiana University Bloomington, co-author of the paper "The Janus Interface: How Fine-Tuning in Large Language Models Amplifies Privacy Risks," joining us this Friday for our Paper Reading Session! RSVP👉 https://lu.ma/jok7bp2m The research introduces a novel attack, Janus, which exploits the fine-tuning interface to recover forgotten PIIs from the pre-training data in LLMs. It also formalizes the privacy leakage problem in LLMs and explains why forgotten PIIs can be retrieved through empirical analysis of open-source language models 🧠👩‍💻 Check out the Paper👉 https://lnkd.in/gDGH6Gcv See you there!

16

Extortion is a form of terrorism. So when are we going to start treating terrorists like terrorists and deal with them the same way we dealt with the Baader–Meinhof Gang, IS, or Al-Qaeda? Just because its a 'cyber' crime doesn't mean its not a crime or is some how something lesser. The Port of Seattle is confronting a severe cybersecurity crisis as the Rhysida ransomware group demands a ransom of 100 bitcoins (approximately $5.9 million). Rhysida, which has gained notoriety for targeting organizations worldwide, released screenshots of stolen documents, claiming they possess sensitive data such as scanned U.S. passports, Social Security numbers, and tax forms. The group has threatened to sell this data on the dark web if their ransom demands are not met within a week. In a joint statement with Seattle-Tacoma International Airport, the Port of Seattle has made it clear they will not pay the ransom, despite threats to publicly release the stolen data. A Port spokesperson emphasized that refusing to comply is part of their firm stance against negotiating with cybercriminals. The extent of the data breach is still under investigation, but Rhysida’s involvement suggests a sophisticated attack that exploited vulnerabilities in the port’s systems. The attack was initially detected on August 24, leading to widespread service disruptions. https://lnkd.in/gxKHV5Yj

15

5 Comments

Inference servers are the backbone of AI applications💪, acting as the vital link 🔗between the trained AI model & real-world applications. In this blog post, Aman Juneja explains AI model inference servers, their frameworks, & optimization strategies👇 https://lnkd.in/dcG8V__4

19

🇨🇳 RED ALERT: 𝑪𝒐𝒖𝒏𝒕𝒆𝒓𝒊𝒏𝒈 𝒕𝒉𝒆 𝑪𝒚𝒃𝒆𝒓𝒕𝒉𝒓𝒆𝒂𝒕 𝒇𝒓𝒐𝒎 𝑪𝒉𝒊𝒏𝒂 - 🏛️ United States House Committee on Oversight and Accountability Subcommittee on Cybersecurity, Information Technology, and Government Innovation. The panel discussion focused on cyber warfare threats, particularly those orchestrated by the 𝑷𝒆𝒐𝒑𝒍𝒆'𝒔 𝑹𝒆𝒑𝒖𝒃𝒍𝒊𝒄 𝒐𝒇 𝑪𝒉𝒊𝒏𝒂 (𝑷𝑹𝑪), against the United States' critical infrastructure. ✅𝗖𝗥𝗜𝗧𝗜𝗖𝗔𝗟 𝗥𝗘𝗖𝗢𝗠𝗠𝗘𝗡𝗗𝗔𝗧𝗜𝗢𝗡𝗦 📍𝗙𝗲𝗱𝗲𝗿𝗮𝗹 𝘀𝘂𝗽𝗽𝗼𝗿𝘁 𝘀𝗵𝗼𝘂𝗹𝗱 𝗯𝗲 𝗶𝗻𝗰𝗿𝗲𝗮𝘀𝗲𝗱 to develop and replace outdated technology in critical infrastructure with secure alternatives. 📍𝗣𝗿𝗼𝗺𝗼𝘁𝗲 𝗮𝗻𝗱 𝗶𝗺𝗽𝗹𝗲𝗺𝗲𝗻𝘁 President Biden's national cybersecurity strategy. 📍𝗔𝘀𝘀𝗶𝘀𝘁 𝗮𝗹𝗹𝗶𝗲𝘀 in resolving cyber incidents by engaging in *proactive international diplomacy.* 📍𝗜𝗻𝘃𝗲𝘀𝘁 𝗶𝗻 𝗔𝗜 𝗮𝗻𝗱 𝗾𝘂𝗮𝗻𝘁𝘂𝗺 𝗰𝗼𝗺𝗽𝘂𝘁𝗶𝗻𝗴 𝗿𝗲𝘀𝗲𝗮𝗿𝗰𝗵 to improve cyber defenses, recognizing the potential of these technologies to detect and mitigate attacks. 📍𝗣𝗿𝗼𝘃𝗶𝗱𝗲 𝗴𝘂𝗶𝗱𝗮𝗻𝗰𝗲 𝘁𝗼 𝗻𝗼𝗻-𝗳𝗲𝗱𝗲𝗿𝗮𝗹 𝗲𝗻𝘁𝗶𝘁𝗶𝗲𝘀, clarify protocols, and support victims of cybercrime instead of imposing punishment. 📍𝗖𝗼𝗻𝘀𝗶𝗱𝗲𝗿 𝗿𝗲𝗴𝘂𝗹𝗮𝘁𝗼𝗿𝘆 𝗮𝗻𝗱 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗮𝗹 𝘀𝘁𝗿𝗮𝘁𝗲𝗴𝗶𝗲𝘀 to incentivize the removal of obsolete technologies and encourage updated and secure systems. ✅𝗞𝗘𝗬 𝗤𝗨𝗢𝗧𝗘𝗦 𝗙𝗥𝗢𝗠 𝗧𝗛𝗘 𝗛𝗘𝗔𝗥𝗜𝗡𝗚: "𝑇ℎ𝑒𝑠𝑒 𝑎𝑡𝑡𝑎𝑐𝑘𝑠 𝑜𝑛 𝑜𝑢𝑟 𝑐𝑟𝑖𝑡𝑖𝑐𝑎𝑙 𝑖𝑛𝑓𝑟𝑎𝑠𝑡𝑟𝑢𝑐𝑡𝑢𝑟𝑒 𝑎𝑟𝑒 𝑛𝑜𝑡 𝑗𝑢𝑠𝑡 𝑖𝑛𝑐𝑖𝑑𝑒𝑛𝑡𝑠 𝑜𝑓 𝑐𝑦𝑏𝑒𝑟𝑐𝑟𝑖𝑚𝑒 𝑜𝑟 𝑒𝑠𝑝𝑖𝑜𝑛𝑎𝑔𝑒; 𝑡ℎ𝑒𝑦 𝑎𝑟𝑒 𝑑𝑒𝑙𝑖𝑏𝑒𝑟𝑎𝑡𝑒 𝑎𝑛𝑑 𝑐𝑎𝑙𝑐𝑢𝑙𝑎𝑡𝑒𝑑 𝑠𝑡𝑟𝑎𝑡𝑒𝑔𝑖𝑒𝑠 𝑒𝑚𝑝𝑙𝑜𝑦𝑒𝑑 𝑏𝑦 𝑡ℎ𝑒 𝐶ℎ𝑖𝑛𝑒𝑠𝑒 𝑔𝑜𝑣𝑒𝑟𝑛𝑚𝑒𝑛𝑡 𝑎𝑖𝑚𝑒𝑑 𝑎𝑡 𝑑𝑒𝑠𝑡𝑎𝑏𝑖𝑙𝑖𝑧𝑖𝑛𝑔 𝑜𝑢𝑟 𝑐𝑜𝑛𝑓𝑖𝑑𝑒𝑛𝑐𝑒 𝑎𝑛𝑑 𝑤𝑖𝑙𝑙𝑖𝑛𝑔𝑛𝑒𝑠𝑠 𝑡𝑜 ℎ𝑒𝑙𝑝 𝑚𝑎𝑖𝑛𝑡𝑎𝑖𝑛 𝑡ℎ𝑒 𝑝𝑒𝑎𝑐𝑒𝑓𝑢𝑙 𝑤𝑜𝑟𝑙𝑑 𝑜𝑟𝑑𝑒𝑟." ~ Rob Joyce, Former Special Assistant to the President and The White House Cybersecurity Coordinator. "𝐼𝑡 𝑖𝑠 𝑒𝑠𝑡𝑖𝑚𝑎𝑡𝑒𝑑 𝑡ℎ𝑎𝑡 80% 𝑜𝑓 𝐴𝑚𝑒𝑟𝑖𝑐𝑎𝑛 𝑎𝑑𝑢𝑙𝑡𝑠 ℎ𝑎𝑣𝑒 ℎ𝑎𝑑 𝑎𝑙𝑙 𝑜𝑓 𝑡ℎ𝑒𝑖𝑟 𝑝𝑒𝑟𝑠𝑜𝑛𝑎𝑙 𝑑𝑎𝑡𝑎 𝑠𝑡𝑜𝑙𝑒𝑛 𝑏𝑦 𝑡ℎ𝑒 𝐶𝐶𝑃" ~ William Evanina, Former Director of the National Counterintelligence and Security Center. "𝑇ℎ𝑒𝑦 𝑜𝑓𝑡𝑒𝑛 𝑟𝑒𝑠𝑒𝑎𝑟𝑐ℎ 𝑎𝑛𝑑 𝑑𝑒𝑣𝑒𝑙𝑜𝑝 𝑒𝑥𝑝𝑙𝑜𝑖𝑡𝑠 𝑓𝑜𝑟 '𝑧𝑒𝑟𝑜 𝑑𝑎𝑦' 𝑣𝑢𝑙𝑛𝑒𝑟𝑎𝑏𝑖𝑙𝑖𝑡𝑖𝑒𝑠... 𝑂𝑣𝑒𝑟 𝑡ℎ𝑒 𝑝𝑎𝑠𝑡 𝑓𝑒𝑤 𝑦𝑒𝑎𝑟𝑠, 𝑤𝑒’𝑣𝑒 𝑜𝑏𝑠𝑒𝑟𝑣𝑒𝑑 𝑡𝑎𝑟𝑔𝑒𝑡𝑒𝑑 𝑧𝑒𝑟𝑜-𝑑𝑎𝑦 𝑒𝑥𝑝𝑙𝑜𝑖𝑡𝑎𝑡𝑖𝑜𝑛 𝑜𝑓 𝑣𝑢𝑙𝑛𝑒𝑟𝑎𝑏𝑖𝑙𝑖𝑡𝑖𝑒𝑠 𝑖𝑛 𝑉𝑃𝑁, 𝑓𝑖𝑟𝑒𝑤𝑎𝑙𝑙, 𝑒𝑚𝑎𝑖𝑙 𝑠𝑒𝑐𝑢𝑟𝑖𝑡𝑦 𝑔𝑎𝑡𝑒𝑤𝑎𝑦, ℎ𝑦𝑝𝑒𝑟𝑣𝑖𝑠𝑜𝑟𝑠, 𝑎𝑛𝑑 𝑜𝑡ℎ𝑒𝑟 𝑡𝑒𝑐ℎ𝑛𝑜𝑙𝑜𝑔𝑖𝑒𝑠 𝑡ℎ𝑎𝑡 𝑑𝑜 𝑛𝑜𝑡 𝑐𝑜𝑚𝑚𝑜𝑛𝑙𝑦 𝑠𝑢𝑝𝑝𝑜𝑟𝑡 𝑒𝑛𝑑𝑝𝑜𝑖𝑛𝑡 𝑑𝑒𝑡𝑒𝑐𝑡𝑖𝑜𝑛 𝑎𝑛𝑑 𝑟𝑒𝑠𝑝𝑜𝑛𝑠𝑒 𝑠𝑜𝑙𝑢𝑡𝑖𝑜𝑛𝑠." ~ Charles Carmakal, Chief Technology Officer Mandiant (part of Google Cloud)

92

5 Comments