Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label AI Assistant. Show all posts
Vulnerabilities and Exploits
AI Assistant Code OX Security Reachability analysis Vulnerabilities and Exploits

How Reachability Analysis Is Streamlining Security for Developers

 




Over the past few years, AI assistants have made coding easier for developers in that one is able to quickly develop and push code over to GitHub, among others. But with so much automation going on, the risk of coding vulnerabilities has also increased. The vast majority of those generated codes have security flaws. What has befallen the application security teams is a lot of vulnerability reports pouring in. But lately, Snyk has found that 31% of these vulnerability reports are completely false positives added to the burden of security teams.

In such cases, many teams tend to use a method called reachability analysis, which usually helps the security expert screen out noise and work only with the vulnerabilities that might be exploited during an attack-upon only accessible code during said attack. Since only 10% to 20% of the imported code is even used by any application on average, this approach cuts the number of reported vulnerabilities that developers have to fix in half. Joseph Hejderup, technical staff member at Endor Labs, demonstrated this approach during the SOSS Community Day Europe 2024 and talked about how it makes vulnerability reports more actionable.


False Positive Overload

The biggest problem of application security is false positives. The sooner security teams can ship out more code, the larger their impact will be as your security tool begins to flag issues that are not actually a risk. According to Snyk, 61% of the developers believe that the enhancement of false positives is due to automation. To the eyes of the security teams, sorting hundreds or thousands reported vulnerabilities in numerous projects becomes a daunting task.

According to Randall Degges, head of developer relations at Snyk, reachability analysis helps by narrowing down exactly which vulnerabilities are really dangerous. This calms the security teams, since they can now focus on issues being actively executed in the code. Filtering out the kind of vulnerabilities that attackers cannot reach makes companies remediate by as much as 60%. And as OX Security research put it, in some cases, teams even reduced the workload by nearly 99.5%, making improvements to the developers.


Reducing developer friction

It's not just about workload reduction, but rather reporting fewer, more accurate vulnerabilities back to developers, says Katie Teitler-Santullo, a cybersecurity strategist at OX Security. "Tools that focus on real risks over bombarding developers with false alerts improve collaboration and efficiency," she says.

The hardest part is to eliminate the noise that security tools produce, keeping the developers in the same pace with the growth of development while still having a secure solution. Focusing on reachability ensures that the reported vulnerabilities are really relevant to the code being worked on, allowing developers to tackle key issues without fear of information paralysis.


Two Approaches to Reachability Analysis

There are two primary ways of reachability analysis. The first of these is static code analysis-in the process, the code itself is analysed and a graph of function calls is constructed to determine whether vulnerable code can be executed. This method works but is not failsafe as some of the functions may only be called under specific conditions.

The second approach involves instrumenting the application to track code execution during runtime. This really gives a live snapshot of which parts are really being used, so you will be able to immediately know if the identified vulnerability is something that poses an actual threat.

While the current reachability analysis tools mainly focus on whether code is being executed, the future of this technology involves determining if vulnerable code is indeed exploitable. According to Hejderup, the next step in reaching that milestone of making security testing even more effective would be the combination of reachability with exploitability analysis.

Finally, reachability analysis offers an effective solution to the problem of vulnerability overload. This is because it allows security teams to remove extraneous reports and focus only on reachable, exploitable code. This approach reduces workloads and generates better collaboration between security teams and development teams. As companies adopt this way of doing things, the future of application security testing will be more complex, such that only the most crucial vulnerabilities are flagged and then fixed.

Reachability analysis isn't going to be a silver bullet, perhaps, but it is going to be a pretty useful tool in an era where code is being developed and deployed faster than ever-and the risks of ignorance on security have never been higher.


Read more »
Protonmail
AI Assistant AI tools Data Emails Languages Privacy Protonmail

Emailing in Different Languages Just Got Easier— This AI Will Amaze You


 


Proton, a company known for its commitment to privacy, has announced a paradigm altering update to its AI-powered email assistant, Proton Scribe. The tool, which helps users draft and proofread emails, is now available in eight additional languages: French, German, Spanish, Italian, Portuguese, Russian, Chinese, and Japanese. This expansion enables users to write emails in languages they may not be proficient in, ensuring that their communications remain accurate and secure. Proton Scribe is particularly designed for those who prioritise privacy, offering a solution that keeps their sensitive information confidential.

What sets Proton Scribe apart from other AI services is its focus on privacy. Unlike many AI tools that process data on external servers, Proton Scribe can operate locally on a user’s device. This means that the data never leaves the user's control, offering an added layer of security. For users who prefer not to run the service locally, Proton provides a no-logs server option, which also ensures that no data is stored or shared. Moreover, users have the flexibility to disable Proton Scribe entirely if they choose. This approach aligns with Proton’s broader mission of enabling productivity without compromising privacy.

The introduction of these new languages follows overwhelming demand from Proton’s user base. Initially launched for business users, Proton Scribe quickly gained traction among consumers seeking a private alternative to conventional AI tools. By integrating Proton Scribe directly into Proton Mail, users can now manage their email communications securely without needing to rely on third-party services. Proton has also expanded access to Scribe, making it available to subscribers of the Proton Family and Proton Duo plans, in addition to Proton Mail Business users who can add it on as a feature.

Proton’s commitment to privacy is further emphasised by its use of zero-access encryption. This technology ensures that Proton itself has no access to the data users input into Proton Scribe. Unlike other AI tools that might be trained using data from user interactions, Proton Scribe operates independently of user data. This means that no information typed into the assistant is retained or shared with third parties, providing users with peace of mind when managing sensitive communications.

Eamonn Maguire, head of machine learning at Proton, underlined the company's dedication to privacy-first solutions, stating that the demand for a secure AI tool was a driving force behind the expansion of Proton Scribe. He emphasised that Proton’s goal is to provide tools that enable users to maintain both productivity and privacy. With the expansion of Proton Scribe’s language capabilities and its availability across more subscription plans, Proton is making it easier for a broader audience to access secure AI tools directly within their inboxes.

Proton continues to set itself apart in the crowded field of AI-driven services by prioritising user privacy at every step. For those interested in learning more about Proton Scribe and its features, Proton has provided additional details in their official blog announcement.


Read more »
Truecaller AI voice feature
AI Assistant AI DIgital Assistant Microsoft Azure AI Speech personalized call responses record your voice spam call blocker Technology Truecaller AI voice feature

Truecaller Introduces AI Voice Feature for Personalized Call Responses

 

The Caller ID company Truecaller will now allow users to create an AI version of their voice to answer calls. Truecaller, known for identifying and blocking spam calls, is introducing a new feature for users with access to its AI Assistant. By partnering with Microsoft’s Azure AI Speech, Truecaller enables users to record their voice, which the AI will then learn from to create a synthetic version.

“This groundbreaking capability not only adds a touch of familiarity and comfort for the users but also showcases the power of AI in transforming the way we interact with our digital assistants,” says Raphael Mimoun, Truecaller’s product director and general manager, in a blog post.

Truecaller’s AI Assistant screens incoming calls and informs users of the caller's reason for calling. Customers can see this information and decide whether to answer the call themselves or have the AI Assistant respond. This feature, first introduced in 2022, is currently available only in select countries.

Previously, users could choose from a set of preset voices to represent them. Now, allowing users to record their own voices enhances the personalization of the service. During the Build conference, Azure AI Speech introduced a personal voice feature that enables recording and replicating voices. However, Microsoft notes in a blog post that this feature is available on a limited basis and is intended for specific use cases like voice assistants.

Microsoft automatically adds watermarks to voices generated by Azure AI Speech’s personal voice and has released a code of conduct that requires users to obtain full consent from those being recorded, prohibiting impersonation.

It remains to be seen how well the personal voice feature will perform compared to a user’s own voicemail message.
Read more »
Technology
AI Assistant AI technology Microsoft Microsoft Copilot Technology

Microsoft Copilot: A Visual Revolution in AI Image Editing

 

In a significant and forward-thinking development, Microsoft has recently upgraded its AI-powered coding assistant, Copilot, introducing a groundbreaking feature that extends its capabilities into the realm of AI image editing. This not only marks a substantial expansion of Copilot's functionalities but also brings about a visual overhaul to its interface, signifying a noteworthy stride in the convergence of artificial intelligence and creative processes. 

Microsoft Copilot initially gained prominence for its role in assisting developers with code suggestions. However, it has now transcended its traditional coding domain, venturing into the arena of image editing. Leveraging advanced machine learning algorithms, Copilot can intelligently understand and interpret user inputs, providing real-time suggestions for image editing. This fusion of coding assistance and visual creativity not only showcases the versatility of AI technologies but also points towards an era where these technologies seamlessly integrate into various aspects of digital workflows. 

Accompanying the introduction of AI image editing, Microsoft Copilot's user interface has undergone a substantial visual overhaul. The interface seamlessly integrates both coding and image editing functionalities, offering users a unified and intuitive experience. This revamped design is intended to streamline workflows, allowing users to transition seamlessly between coding tasks and creative endeavours without encountering friction in their digital workspaces. 

The integration of AI image editing within Microsoft Copilot holds the potential to revolutionize the collaborative efforts of developers and designers. With a single tool now offering both coding assistance and visual creativity, there is an opportunity for increased synergy between these traditionally distinct roles. This streamlined workflow could result in more efficient project development, ultimately reducing the gap between the ideation and execution phases of digital projects. 

Furthermore, Microsoft Copilot's foray into image editing emphasizes the growing influence of AI in creative processes. By harnessing machine learning capabilities, Copilot can analyze image contexts and user preferences, providing relevant and context-aware suggestions. This not only accelerates the image editing process but also introduces an element of creativity and inspiration driven by AI algorithms. 

In the ever-evolving landscape of technology, the upgrade to Microsoft Copilot with AI image editing capabilities signifies a significant step forward. As the boundaries between coding and creative tasks blur, this development showcases the transformative potential of artificial intelligence in shaping the future of digital workspaces. Microsoft Copilot stands as a testament to Microsoft's commitment to innovation, highlighting the seamless integration of technology into diverse aspects of digital work.
Read more »
Privacy
AI Assistant AI bots Artificial Intelligence Brave Browser Chatbots ChatGPT Generative AI Leo Leo AI Assistant Privacy

How is Brave’s ‘Leo’ a Better Generative AI Option?


Brave Browser 

Brave is a Chromium-based browser, running on Brave search engine, that restricted tracking for personal ads. 

Brave’s new product – Leo – is a generative AI assistant, on top of Anthropic's Claude and Meta's Llama 2. Apparently, Leo promotes user-privacy as its main feature. 

Unlike any other generative AI-chatbots, like ChatGPT, Leo offers much better privacy to its users. The AI assistant does not store any of the user’s chat history, neither does it use the user’s data for training purposes. 

Moreover, a user does not need to make an account in order to access Leo. Also, if a user is leveraging its premium experience, Brave will not link their accounts to the data they may have used. / Leo chatbot has been put to test for three months now. However, Brave is now making Leo available to all users of the most recent 1.60 desktop browser version. As soon as Brave rolls it out to you, you ought to see the Leo emblem on the sidebar of the browser. In the upcoming months, Leo support will be added to the Brave apps for Android and iPhone.

Privacy with Leo AI Assistant 

User privacy has remained a major concern when it comes to ChatGPT and Google Bard or any AI product. 

A better option in AI chatbots, along with their innovative features, will ultimately be the one which provides better privacy to its users. Leo, in this case, has a potential to bring a revolution, taking into account that Brave promotes the chatbot’s “unparalleled privacy” feature straight away. 

Since users do not require any account to access Leo, they need not verify their emails or phones numbers as well. This way, the user’s contact information is rather secure. 

Moreover, if the user chooses to use $15/month Leo Premium, they receive tokens that are not linked to their accounts. However, Brave notes that, this way, “ you can never connect your purchase details with your usage of the product, an extra step that ensures your activity is private to you and only you.”

The company says, “the email you used to create your account is unlinkable to your day-to-day use of Leo, making this a uniquely private credentialing experience.”

Brave further notes that all Leo requests will be sent via an anonymous server, meaning that Leo traffic cannot be connected to user’s IP addresses. 

More significantly, Brave will no longer host Leo's conversations. As soon as they are formed, they will be disposed of instantly. Leo will also not learn from those conversations. Moreover, Brave will not gather any personal identifiers, such as your IP address. Leo will not gather user data, nor will any other third-party model suppliers. Considering that Leo is based on two language models, this is significant.  

Read more »
Technology
AI Assistant AI Chatbot AI-powered tool Copilot Microsoft Microsoft 365 Microsoft Copilot Technology

Microsoft Copilot: New AI Chatbot can Attend Meetings for Users


A ChatGPT-style AI chatbot, developed by Microsoft will now help online users summarize their Teams meetings by drafting emails, and creating Word documents, spreadsheet graphs, and PowerPoint presentations in very little time. 

Microsoft introduced Copilot – its workplace assistant – earlier this year, labelling the product as a “copilot for work.”

Copilot which will be made available for the users from November 1, will be integrated to the subscribers of Microsoft 365 apps such as Word, Excel, Teams and PowerPoint – with a subscription worth $30 per user/month.

Additionally, as part of the new service, employees at companies who use Microsoft's Copilot could theoretically send their AI helpers to meetings in their place, allowing them to miss or double-book appointments and focus on other tasks.

‘Busywork That Bogs Us Down’

With businesses including General Motors, KPMG, and Goodyear, Microsoft has been testing Copilot, which assists users with tasks like email writing and coding. Early feedback from those companies has revealed that it is used to swiftly respond to emails and inquire about meetings. 

According to Jared Spataro, corporate vice president of modern work and business applications at Microsoft, “[Copilot] combines the power of large language models (LLMs) with your data…to turn your words into the most powerful productivity tool on the planet,” he said in a March blog post. 

Spataro promised that the technology would “lighten the load” for online users, stating that for many white-collar workers, “80% of our time is consumed with busywork that bogs us down.”

For many office workers, this so-called "busywork" includes attending meetings. According to a recent British study, office workers waste 213 hours annually, or 27 full working days, in meetings where the agenda could have been communicated by email.

Companies like Shopify are deliberately putting a stop to pointless meetings. When the e-commerce giant introduced an internal "cost calculator" for staff meetings, it made headlines during the summer. According to corporate leadership, each 30-minute meeting costs the company between $700 and $1,600.

Copilot will now help in reducing this expense. The AI assistant's services include the ability to "follow" meetings and produce a transcript, summary, and notes once they are over.

Microsoft, in July, noted that “the next wave of generative AI for Teams,” which included incorporating Copilot further into Teams calls and meetings.

“You can also ask Copilot to draft notes for you during the call and highlight key points, such as names, dates, numbers, and tasks using natural language commands[…]You can quickly synthesize key information from your chat threads—allowing you to ask specific questions (or use one of the suggested prompts) to help get caught up on the conversation so far, organize key discussion points, and summarize information relevant to you,” the company noted.

In regard to the same, Spataro states that “Every meeting is a productive meeting with Copilot in Teams[…]It can summarize key discussion points—including who said what and where people are aligned and where they disagree—and suggest action items, all in real-time during a meeting.

However, Microsoft is not the only tech giant working on making meeting tolerant, as Zoom and Google have also introduced AI-powered chatbots for the online workforce that can attend meetings on behalf of the user, and present its conclusions during the get-together.  

Read more »
Subscribe to: Posts (Atom)