Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Generative AI. Show all posts
User Security
Artificial Intelligence Dark Patterns Generative AI Technology Threat Landscape User Security

AI-Powered Dark Patterns: What's Up Next?

 

The rapid growth of generative AI (artificial intelligence) highlights how urgent it is to address privacy and ethical issues related to the use of these technologies across a range of sectors. Over the past year, data protection conferences have repeatedly emphasised AI's expanding role in the privacy and data protection domains as well as the pressing necessity for Data Protection Officers (DPOs) to handle the issues it presents for their businesses. 

These issues include the creation of deepfakes and synthetic content that could sway public opinion or threaten specific individuals as well as the public at large, the leakage of sensitive personal information in model outputs, the inherent bias in generative algorithms, and the overestimation of AI capabilities that results in inaccurate output (also known as AI hallucinations), which often refer to real individuals. 

So, what are the AI-driven dark patterns? These are deceptive UI strategies that use AI to influence application users into making decisions that favour the company rather than the user. These designs employ user psychology and behaviour in more sophisticated ways than typical dark patterns. 

Imagine getting a video call from your bank manager (created by a deepfake) informing you of some suspicious activity on your account. The AI customises the call for your individual bank branch, your bank manager's vocal patterns, and even their look, making it quite convincing. This deepfake call could tempt you to disclose sensitive data or click on suspicious links. 

Another alarming example of AI-driven dark patterns may be hostile actors creating highly targeted social media profiles that exploit your child's flaws. The AI can analyse your child's online conduct and create fake friendships or relationships that could trick the child into disclosing personal information or even their location to these people. Thus, the question arises: what can we do now to minimise these ills? How do we prevent future scenarios in which cyber criminals and even ill-intentioned organisations contact us and our loved ones via technologies on which we have come to rely for daily activities? 

Unfortunately, the solution is not simple. Mitigating AI-driven dark patterns necessitates a multifaceted approach that includes consumers, developers, and regulatory organisations. The globally recognised privacy principles of data quality, data collection limitation, purpose specification, use limitation, security, transparency, accountability, and individual participation are universally applicable to all systems that handle personal data, including training algorithms and generative AI. We must now test these principles to discover if they can actually protect us from this new, and often thrilling, technology.

Prevention tips 

First and foremost, we must educate people on AI-driven dark trends and fraudulent techniques. This can be accomplished by public awareness campaigns, educational tools at all levels of the education system, and the incorporation of warnings into user interfaces, particularly on social media platforms popular with young people. Cigarette firms must disclose the risks of their products, as should AI-powered services to which our children are exposed.

We should also look for ways to encourage users, particularly young and vulnerable users, to be critical consumers of information they come across online, especially when dealing with AI systems. In the twenty-first century, our educational systems should train members of society to question (far more) the source and intent of AI-generated content. 

Give the younger generation, and even the older ones, the tools they need to control their data and customise their interactions with AI systems. This might include options that allow users or parents of young users to opt out of AI-powered suggestions or data collection. Governments and regulatory agencies play an important role to establish clear rules and regulations for AI development and use. The European Union plans to propose its first such law this summer. The long-awaited EU AI Act puts many of these data protection and ethical concerns into action. This is a positive start.
Read more »
Google Cloud
AI Models AI technology Cyber Security Data integrity data poisoning data security Generative AI Google Cloud

Securing Generative AI: Tackling Unique Risks and Challenges

 

Generative AI has introduced a new wave of technological innovation, but it also brings a set of unique challenges and risks. According to Phil Venables, Chief Information Security Officer of Google Cloud, addressing these risks requires expanding traditional cybersecurity measures. Generative AI models are prone to issues such as hallucinations—where the model produces inaccurate or nonsensical content—and the leaking of sensitive information through model outputs. These risks necessitate the development of tailored security strategies to ensure safe and reliable AI use. 

One of the primary concerns with generative AI is data integrity. Models rely heavily on vast datasets for training, and any compromise in this data can lead to significant security vulnerabilities. Venables emphasizes the importance of maintaining the provenance of training data and implementing controls to protect its integrity. Without proper safeguards, models can be manipulated through data poisoning, which can result in the production of biased or harmful outputs. Another significant risk involves prompt manipulation, where adversaries exploit vulnerabilities in the AI model to produce unintended outcomes. 

This can include injecting malicious prompts or using adversarial tactics to bypass the model’s controls. Venables highlights the necessity of robust input filtering mechanisms to prevent such manipulations. Organizations should deploy comprehensive logging and monitoring systems to detect and respond to suspicious activities in real time. In addition to securing inputs, controlling the outputs of AI models is equally critical. Venables recommends the implementation of “circuit breakers”—mechanisms that monitor and regulate model outputs to prevent harmful or unintended actions. This ensures that even if an input is manipulated, the resulting output is still within acceptable parameters. Infrastructure security also plays a vital role in safeguarding generative AI systems. 

Venables advises enterprises to adopt end-to-end security practices that cover the entire lifecycle of AI deployment, from model training to production. This includes sandboxing AI applications, enforcing the least privilege principle, and maintaining strict access controls on models, data, and infrastructure. Ultimately, securing generative AI requires a holistic approach that combines innovative security measures with traditional cybersecurity practices. 

By focusing on data integrity, robust monitoring, and comprehensive infrastructure controls, organizations can mitigate the unique risks posed by generative AI. This proactive approach ensures that AI systems are not only effective but also safe and trustworthy, enabling enterprises to fully leverage the potential of this groundbreaking technology while minimizing associated risks.
Read more »
Trafficking
AI generated Deepfake AI tools China Cyber Security Generative AI Pig Butchering Scamming Trafficking

AI Tools Fueling Global Expansion of China-Linked Trafficking and Scamming Networks

 

A recent report highlights the alarming rise of China-linked human trafficking and scamming networks, now using AI tools to enhance their operations. Initially concentrated in Southeast Asia, these operations trafficked over 200,000 people into compounds in Myanmar, Cambodia, and Laos. Victims were forced into cybercrime activities, such as “pig butchering” scams, impersonating law enforcement, and sextortion. Criminals have now expanded globally, incorporating generative AI for multi-language scamming, creating fake profiles, and even using deepfake technology to deceive victims. 

The growing use of these tools allows scammers to target victims more efficiently and execute more sophisticated schemes. One of the most prominent types of scams is the “pig butchering” scheme, where scammers build intimate online relationships with their victims before tricking them into investing in fake opportunities. These scams have reportedly netted criminals around $75 billion. In addition to pig butchering, Southeast Asian criminal networks are involved in various illicit activities, including job scams, phishing attacks, and loan schemes. Their ability to evolve with AI technology, such as using ChatGPT to overcome language barriers, makes them more effective at deceiving victims. 

Generative AI also plays a role in automating phishing attacks, creating fake identities, and writing personalized scripts to target individuals in different regions. Deepfake technology, which allows real-time face-swapping during video calls, is another tool scammers are using to further convince their victims of their fabricated personas. Criminals now can engage with victims in highly realistic conversations and video interactions, making it much more difficult for victims to discern between real and fake identities. The UN report warns that these technological advancements are lowering the barrier to entry for criminal organizations that may lack advanced technical skills but are now able to participate in lucrative cyber-enabled fraud. 

As scamming compounds continue to operate globally, there has also been an uptick in law enforcement seizing Starlink satellite devices used by scammers to maintain stable internet connections for their operations. The introduction of “crypto drainers,” a type of malware designed to steal funds from cryptocurrency wallets, has also become a growing concern. These drainers mimic legitimate services to trick victims into connecting their wallets, allowing attackers to gain access to their funds.  

As global law enforcement struggles to keep pace with the rapid technological advances used by these networks, the UN has stressed the urgency of addressing this growing issue. Failure to contain these ecosystems could have far-reaching consequences, not only for Southeast Asia but for regions worldwide. AI tools and the expanding infrastructure of scamming operations are creating a perfect storm for criminals, making it increasingly difficult for authorities to combat these crimes effectively. The future of digital scamming will undoubtedly see more AI-powered innovations, raising the stakes for law enforcement globally.
Read more »
Generative AI
Asian Cyber Syndicate Cyber Crime Cybercrime Industry Generative AI

How Southeast Asian Cyber Syndicates Stole Billions

How Southeast Asian Cyber Syndicates Stole Billions

In 2023, cybercrime syndicates in Southeast Asia managed to steal up to $37 billion, according to a report by the United Nations Office on Drugs and Crime (UNODC).

Inside the World of Cybercrime Syndicates in Southeast Asia

This staggering figure highlights the rapid evolution of the transnational organized crime threat landscape in the region, which has become a hotbed for illegal cyber activities. The UNODC report points out that countries like Myanmar, Cambodia, and Laos have become prime locations for these crime syndicates.

These groups are involved in a range of fraudulent activities, including romance-investment schemes, cryptocurrency scams, money laundering, and unauthorized gambling operations.

Unveiling the Secrets of a $37 Billion Cybercrime Industry

The report also notes that these syndicates are increasingly adopting new service-based business models and advanced technologies, such as malware, deepfakes, and generative AI, to carry out their operations. One of the most alarming aspects of this rise in cybercrime is the professionalization and innovation of these criminal groups.

The UNODC report highlights that these syndicates are not just using traditional methods of fraud but are also integrating cutting-edge technologies to create more sophisticated and harder-to-detect schemes. For example, generative AI is being used to create phishing messages in multiple languages, chatbots that manipulate victims, and fake documents to bypass know-your-customer (KYC) checks.

How Advanced Tech Powers Southeast Asia's Cybercrime Surge

Deepfakes are also being used to create convincing fake videos and images to deceive victims. The report also sheds light on the role of messaging platforms like Telegram in facilitating these illegal activities.

Criminal syndicates are using Telegram to connect with each other, conduct business, and even run underground cryptocurrency exchanges and online gambling rings. This has led to the emergence of a "criminal service economy" in Southeast Asia, where organized crime groups are leveraging technological advances to expand their operations and diversify their activities.

Southeast Asia: The New Epicenter of Transnational Cybercrime

The impact of this rise in cybercrime is not just financial It also has significant social and political implications. The report notes that the sheer scale of proceeds from the illicit economy reflects the growing professionalization of these criminal groups, which has made Southeast Asia a testing ground for transnational networks eager to expand their reach.

This has put immense pressure on law enforcement agencies in the region, which are struggling to keep up with the rapidly evolving threat landscape.

In response to this growing threat, the UNODC has called for increased international cooperation and stronger law enforcement efforts to combat cybercrime in Southeast Asia The report emphasizes the need for a coordinated approach to tackle these transnational criminal networks and disrupt their operations.

It also highlights the importance of raising public awareness about the risks of cybercrime and promoting cybersecurity measures to protect individuals and businesses from falling victim to these schemes.

Read more »
Technology
AI Data Privacy Deloitte Generative AI GPT Technology

Ethics and Tech: Data Privacy Concerns Around Generative AI

Ethics and Tech: Data Privacy Concerns Around Generative AI

The tech industry is embracing Generative AI, but the conversation around data privacy has become increasingly important. The recent “State of Ethics and Trust in Technology” report by Deloitte highlights the pressing ethical considerations that accompany the rapid adoption of these technologies. 30% of organizations have adjusted new AI projects, and 25% have modified existing ones in response to the AI Act, the report mentions.

The Rise of Generative AI

54% of professionals believe that generative AI poses the highest ethical risk among emerging technologies. Additionally, 40% of respondents identified data privacy as their top concern. 

Generative AI, which includes technologies like GPT-4, DALL-E, and other advanced machine learning models, has shown immense potential in creating content, automating tasks, and enhancing decision-making processes. 

These technologies can generate human-like text, create realistic images, and even compose music, making them valuable tools across industries such as healthcare, finance, marketing, and entertainment.

However, the capabilities of generative AI also raise significant data privacy concerns. As these models require vast amounts of data to train and improve, the risk of mishandling sensitive information increases. This has led to heightened scrutiny from both regulatory bodies and the public.

Key Data Privacy Concerns

Data Collection and Usage: Generative AI systems often rely on large datasets that may include personal and sensitive information. The collection, storage, and usage of this data must comply with stringent privacy regulations such as GDPR and CCPA. Organizations must ensure that data is anonymized and used ethically to prevent misuse.

Transparency and Accountability: One of the major concerns is the lack of transparency in how generative AI models operate. Users and stakeholders need to understand how their data is being used and the decisions being made by these systems. Establishing clear accountability mechanisms is crucial to build trust and ensure ethical use.

Bias and Discrimination: Generative AI models can inadvertently perpetuate biases present in the training data. This can lead to discriminatory outcomes, particularly in sensitive areas like hiring, lending, and law enforcement. Addressing these biases requires continuous monitoring and updating of the models to ensure fairness and equity.

Security Risks: The integration of generative AI into various systems can introduce new security vulnerabilities. Cyberattacks targeting AI systems can lead to data breaches, exposing sensitive information. Robust security measures and regular audits are essential to safeguard against such threats.

Ethical Considerations and Trust

80% of respondents are required to complete mandatory technology ethics training, marking a 7% increase since 2022.  Nearly three-quarters of IT and business professionals rank data privacy among their top three ethical concerns related to generative AI:

  • Developing and implementing ethical frameworks for AI usage is crucial. These frameworks should outline principles for data privacy, transparency, and accountability, guiding organizations in the responsible deployment of generative AI.
  • Engaging with stakeholders, including employees, customers, and regulatory bodies, is essential to build trust. Open dialogues about the benefits and risks of generative AI can help in addressing concerns and fostering a culture of transparency.
  • The dynamic nature of AI technologies necessitates continuous monitoring and improvement. Regular assessments of AI systems for biases, security vulnerabilities, and compliance with privacy regulations are vital to ensure ethical use.

Read more »
threat report
AI Tool Artificial Intelligence AsyncRAT Generative AI malware threat report

AI-Generated Malware Discovered in the Wild

 

Researchers found malicious code that they suspect was developed with the aid of generative artificial intelligence services to deploy the AsyncRAT malware in an email campaign that was directed towards French users. 

While threat actors have employed generative AI technology to design convincing emails, government agencies have cautioned regarding the potential exploit of AI tools to create malicious software, despite the precautions and restrictions that vendors implemented. 

Suspected cases of AI-created malware have been spotted in real attacks. The malicious PowerShell script that was uncovered earlier this year by cybersecurity firm Proofpoint was most likely generated by an AI system. 

As less technical threat actors depend more on AI to develop malware, HP security experts discovered a malicious campaign in early June that employed code commented in the same manner a generative AI system would. 

The VBScript established persistence on the compromised PC by generating scheduled activities and writing new keys to the Windows Registry. The researchers add that some of the indicators pointing to AI-generated malicious code include the framework of the scripts, the comments that explain each line, and the use of native language for function names and variables. 

AsyncRAT, an open-source, publicly available malware that can record keystrokes on the victim device and establish an encrypted connection for remote monitoring and control, is later downloaded and executed by the attacker. The malware can also deliver additional payloads. 

The HP Wolf Security research also states that, in terms of visibility, archives were the most popular delivery option in the first half of the year. Lower-level threat actors can use generative AI to create malware in minutes and customise it for assaults targeting different areas and platforms (Linux, macOS). 

Even if they do not use AI to create fully functional malware, hackers rely on it to accelerate their labour while developing sophisticated threats.
Read more »
Work Management
Business Security Cyber Security Generative AI IT Leaders Work Management

IT Leaders Raise Security Concerns Regarding Generative AI

 

According to a new Venafi survey, developers in almost all (83%) organisations utilise AI to generate code, raising concerns among security leaders that it might lead to a major security incident. 

In a report published earlier this month, the machine identity management company shared results indicating that AI-generated code is widening the gap between programming and security teams. 

The report, Organisations Struggle to Secure AI-Generated and Open Source Code, highlighted that while 72% of security leaders believe they have little choice but to allow developers to utilise AI in order to remain competitive, virtually all (92%) are concerned regarding its use. 

Because AI, particularly generative AI technology, is advancing so quickly, 66% of security leaders believe they will be unable to stay up. An even more significant number (78%) believe that AI-generated code will lead to a security reckoning for their organisation, and 59% are concerned about the security implications of AI. 

The top three issues most frequently mentioned by survey respondents are the following: 

  • Over-reliance on AI by developers will result in a drop in standards
  • Ineffective quality checking of AI-written code 
  • AI to employ dated open-source libraries that have not been well-maintained

“Developers are already supercharged by AI and won’t give up their superpowers. And attackers are infiltrating our ranks – recent examples of long-term meddling in open source projects and North Korean infiltration of IT are just the tip of the iceberg,” Kevin Bocek, Chief Innovation Officer at Venafi, stated. 

Furthermore, the Venafi poll reveals that AI-generated code raises not only technology issues, but also tech governance challenges. For example, nearly two-thirds (63%) of security leaders believe it is impossible to oversee the safe use of AI in their organisation because they lack visibility into where AI is being deployed. Despite concerns, fewer than half of firms (47%) have procedures in place to ensure the safe use of AI in development settings. 

“Anyone today with an LLM can write code, opening an entirely new front. It’s the code that matters, whether it is your developers hyper-coding with AI, infiltrating foreign agents or someone in finance getting code from an LLM trained on who knows what. We have to authenticate code from wherever it comes,” Bocek concluded. 

The Venafi report is the outcome of a poll of 800 security decision-makers from the United States, the United Kingdom, Germany, and France.
Read more »
OpenAI
AGI AI technology AI Tool Cyber Security Generative AI generative AI tools OpenAI

Project Strawberry: Advancing AI with Q-learning, A* Algorithms, and Dual-Process Theory

Project Strawberry, initially known as Q*, has quickly become a focal point of excitement and discussion within the AI community. The project aims to revolutionize artificial intelligence by enhancing its self-learning and reasoning capabilities, crucial steps toward achieving Artificial General Intelligence (AGI). By incorporating advanced algorithms and theories, Project Strawberry pushes the boundaries of what AI can accomplish, making it a topic of intense interest and speculation. 

At the core of Project Strawberry are several foundational algorithms that enable AI systems to learn and make decisions more effectively. The project utilizes Q-learning, a reinforcement learning technique that allows AI to determine optimal actions through trial and error, helping it navigate complex environments. Alongside this, the A* search algorithm provides efficient pathfinding capabilities, ensuring AI can find the best solutions to problems quickly and accurately. 

Additionally, the dual-process theory, inspired by human cognitive processes, is used to balance quick, intuitive judgments with thorough, deliberate analysis, enhancing decision-making abilities. Despite the project’s promising advancements, it also raises several concerns. One of the most significant risks involves encryption cracking, where advanced AI could potentially break encryption codes, posing a severe security threat. 

Furthermore, the issue of “AI hallucinations”—errors in AI outputs—remains a critical challenge that needs to be addressed to ensure accurate and trustworthy AI responses. Another concern is the high computational demands of Project Strawberry, which may lead to increased costs and energy consumption. Efficient resource management and optimization will be crucial to maintaining the project’s scalability and sustainability. The ultimate goal of Project Strawberry is to pave the way for AGI, where AI systems can perform any intellectual task a human can. 

Achieving AGI would revolutionize problem-solving across various fields, enabling AI to tackle long-term and complex challenges with advanced reasoning capabilities. OpenAI envisions developing “reasoners” that exhibit human-like intelligence, pushing the frontiers of AI research even further. While Project Strawberry represents a significant step forward in AI development, it also presents complex challenges that must be carefully navigated. 

The project’s potential has fueled widespread excitement and anticipation within the AI community, with many eagerly awaiting further updates and breakthroughs. As OpenAI continues to refine and develop Project Strawberry, it could set the stage for a new era in AI, bringing both remarkable possibilities and significant responsibilities.
Read more »
Technology
AI regulation Data Regulation Generative AI Tech Firms Technology

World's First AI Law: A Tough Blow for Tech Giants

World's First AI Law: A Tough Blow for Tech Giants

In May, EU member states, lawmakers, and the European Commission — the EU's executive body — finalized the AI Act, a significant guideline that intends to oversee how corporations create, use, and use AI. 

The European Union's major AI law goes into effect on Thursday, bringing significant implications for American technology companies.

About the AI Act

The AI Act is a piece of EU legislation that regulates AI. The law, first suggested by the European Commission in 2020, seeks to combat the harmful effects of artificial intelligence.

The legislation establishes a comprehensive and standardized regulatory framework for AI within the EU.

It will largely target huge U.S. tech businesses, which are currently the main architects and developers of the most advanced AI systems.

However, the laws will apply to a wide range of enterprises, including non-technology firms.

Tanguy Van Overstraeten, head of legal firm Linklaters' technology, media, and technology practice in Brussels, described the EU AI Act as "the first of its kind in the world." It is expected to influence many enterprises, particularly those building AI systems, as well as those implementing or simply employing them in certain scenarios, he said.

High-risk and low-risk AI systems

High-risk AI systems include self-driving cars, medical equipment, loan decisioning systems, educational scores, and remote biometric identification systems.

The regulation also prohibits all AI uses that are judged "unacceptable" in terms of danger. Unacceptable-risk artificial intelligence applications include "social scoring" systems that evaluate citizens based on data gathering and analysis, predictive policing, and the use of emotional detection technology in the workplace or schools.

Implication for US tech firms

Amid a global craze over artificial intelligence, US behemoths such as Microsoft, Google, Amazon, Apple, and Meta have been aggressively working with and investing billions of dollars in firms they believe can lead the field.

Given the massive computer infrastructure required to train and run AI models, cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud are critical to supporting AI development.

In this regard, Big Tech companies will likely be among the most aggressively targeted names under the new regulations.

Generative AI and EU

The EU AI Act defines generative AI as "general-purpose" artificial intelligence. This title refers to tools that are designed to do a wide range of jobs on a par with, if not better than, a person.

General-purpose AI models include but are not limited to OpenAI's GPT, Google's Gemini, and Anthropic's Claude.

The AI Act imposes stringent standards on these systems, including compliance with EU copyright law, disclosure of how models are trained, routine testing, and proper cybersecurity measures.

Read more »
Threat Management
Artificial Intelligence Cyber Security Generative AI Security Leader Threat Management

Generative AI is Closing The Tech Gap Between Security Teams And Threat Actors

 

With over 17 billion records breached in 2023, data breaches have reached an all-time high. Businesses are more vulnerable than ever before due to increased ransomware attacks, third-party hacks, and the increasing sophistication of threat actors. 

Still, many security teams are ill-equipped, particularly given new data from our team shows that 55% of IT security leaders believe modern cybercriminals are more advanced than their internal teams. The perpetrators are raising their game as they adopt and weaponize the new generation of emerging artificial intelligence (AI) technology, while companies continue to slip behind. Security teams require the necessary technology and tools to overcome common obstacles and avoid falling victim to these malicious actors. 

It takes minutes, not days, for an attacker to exploit a vulnerability. Cybersecurity Ventures predicts that by 2031, a ransomware assault will occur every two seconds. The most powerful new instrument for fuelling attacks is generative AI (GenAI). 

It enables hackers to find gaps, automate attacks, and even mimic company employees to steal credentials and system access. According to the findings, the most concerning use cases for security teams include GenAI model prompt hacking (46%), LLM data poisoning (38%), RaaS (37%), API breaches (24%), and GenAI phishing. 

Ultimately, GenAI and other smart technologies are catching security personnel off guard. Researchers discovered that 35% feel the technology used in hacks is more sophisticated than what their team has access to. In fact, 53% of organisations fear that new AI tactics utilised by criminals are opening up new assault spots for which they are unprepared. Better technology will always win.

As attack methods evolve, it is logical to expect additional breaches, ransomware installations, and stolen data. According to 49% of security leaders, the frequency of cyberattacks has increased over the last year, while 43% think the severity of cyberattacks has increased. It's time for security teams to enhance their technology in order to catch up and move ahead, especially while other well-known industry pain points linger. 

While the digital divide may be growing due to new criminal usage of AI, long-standing industry issues are making matters worse. Despite the steady growth of the cybersecurity industry, there are still an estimated 4 million security experts needed to fill open positions globally. One analyst now performs the duties of numerous. Lack of technology causes manual labour, mistakes, and exhaustion for understaffed security teams. Surprisingly, despite the ongoing cybersecurity talent need, our team found that only 10% of businesses have boosted cyber hiring in the last 12 months.
Read more »
Wipro Ltd
Business CISO Cyber Security Generative AI Wipro Ltd

Why Every Business is Scrambling to Hire Cybersecurity Experts


 

The cybersecurity arena is developing at a breakneck pace, creating a significant talent shortage across the industry. This challenge was highlighted by Saugat Sindhu, Senior Partner and Global Head of Advisory Services at Wipro Ltd. He emphasised the pressing need for skilled cybersecurity professionals, noting that the rapid advancements in technology make it difficult for the industry to keep up.


Cybersecurity: A Business Enabler

Over the past decade, cybersecurity has transformed from a corporate function to a crucial business enabler. Sindhu pointed out that cybersecurity is now essential for all companies, not just as a compliance measure but as a strategic asset. Businesses, clients, and industries understand that neglecting cybersecurity can give competitors an advantage, making robust cybersecurity practices indispensable.

The role of the Chief Information Security Officer (CISO) has also evolved. Today, CISOs are responsible for ensuring that businesses have the necessary tools and technologies to grow securely. This includes minimising outages and reputational damage from cyber incidents. According to Sindhu, modern CISOs are more about enabling business operations rather than restricting them.

Generative AI is one of the latest disruptors in the cybersecurity field, much like the cloud was a decade ago. Sindhu explained that different sectors face varying levels of risk with AI adoption. For instance, healthcare, manufacturing, and financial services are particularly vulnerable to attacks like data poisoning, model inversions, and supply chain vulnerabilities. Ensuring the security of AI models is crucial, as vulnerabilities can lead to severe backdoor attacks.

At Wipro, cybersecurity is a top priority, involving multiple departments including the audit office, risk office, core security office, and IT office. Sindhu stated that cybersecurity considerations are now integrated into the onset of any technology transformation project, rather than being an afterthought. This proactive approach ensures that adequate controls are in place from the beginning.

Wipro is heavily investing in cybersecurity training for its employees and practitioners. The company collaborates with major universities in India to support training courses, making it easier to attract new talent. Sindhu emphasised the importance of continuous education and certification to keep up with the fast-paced changes in the field.

Wipro's commitment to cybersecurity is evident in its robust infrastructure. The company boasts over 9,000 cybersecurity specialists and operates 12 global cyber defence centres across more than 60 countries. This extensive network underscores Wipro's dedication to maintaining high security standards and addressing cyber risks proactively.

The rapid evolution of cybersecurity presents pivotal challenges, but also underscores the importance of viewing it as a business enabler. With the right training, proactive measures, and integrated approaches, companies like Wipro are striving to stay ahead of threats and ensure robust protection for their clients. As the demand for cybersecurity talent continues to grow, ongoing education and collaboration will be key to bridging the skills gap.



Read more »
Technology
antivirus software Artifcial Intelligence CISOs Cyber Threats Generative AI Technology

AI Brings A New Era of Cyber Threats – Are We Ready?

 



Cyberattacks are becoming alarmingly frequent, with a new attack occurring approximately every 39 seconds. These attacks, ranging from phishing schemes to ransomware, have devastating impacts on businesses worldwide. The cost of cybercrime is projected to hit $9.5 trillion in 2024, and with AI being leveraged by cybercriminals, this figure is likely to rise.

According to a recent RiverSafe report surveying Chief Information Security Officers (CISOs) in the UK, one in five CISOs identifies AI as the biggest cyber threat. The increasing availability and sophistication of AI tools are empowering cybercriminals to launch more complex and large-scale attacks. The National Cyber Security Centre (NCSC) warns that AI will significantly increase the volume and impact of cyberattacks, including ransomware, in the near future.

AI is enhancing traditional cyberattacks, making them more difficult to detect. For example, AI can modify malware to evade antivirus software. Once detected, AI can generate new variants of the malware, allowing it to persist undetected, steal data, and spread within networks. Additionally, AI can bypass firewalls by creating legitimate-looking traffic and generating convincing phishing emails and deepfakes to deceive victims into revealing sensitive information.

Policies to Mitigate AI Misuse

AI misuse is not only a threat from external cybercriminals but also from employees unknowingly putting company data at risk. One in five security leaders reported experiencing data breaches due to employees sharing company data with AI tools like ChatGPT. These tools are popular for their efficiency, but employees often do not consider the security risks when inputting sensitive information.

In 2023, ChatGPT experienced an extreme data breach, highlighting the risks associated with generative AI tools. While some companies have banned the use of such tools, this is a short-term solution. The long-term approach should focus on education and implementing carefully managed policies to balance the benefits of AI with security risks.

The Growing Threat of Insider Risks

Insider threats are a significant concern, with 75% of respondents believing they pose a greater risk than external threats. Human error, often due to ignorance or unintentional mistakes, is a leading cause of data breaches. These threats are challenging to defend against because they can originate from employees, contractors, third parties, and anyone with legitimate access to systems.

Despite the known risks, 64% of CISOs stated their organizations lack sufficient technology to protect against insider threats. The rise in digital transformation and cloud infrastructure has expanded the attack surface, making it difficult to maintain appropriate security measures. Additionally, the complexity of digital supply chains introduces new vulnerabilities, with trusted business partners responsible for up to 25% of insider threat incidents.

Preparing for AI-Driven Cyber Threats

The evolution of AI in cyber threats necessitates a revamp of cybersecurity strategies. Businesses must update their policies, best practices, and employee training to mitigate the potential damages of AI-powered attacks. With both internal and external threats on the rise, organisations need to adapt to the new age of cyber threats to protect their valuable digital assets effectively.




Read more »
Technology
AI Chatbot Generative AI Google Gemini Open AI Technology

From Text to Action: Chatbots in Their Stone Age

From Text to Action: Chatbots in Their Stone Age

The stone age of AI

Despite all the talk of generative AI disrupting the world, the technology has failed to significantly transform white-collar jobs. Workers are experimenting with chatbots for activities like email drafting, and businesses are doing numerous experiments, but office work has yet to experience a big AI overhaul.

Chatbots and their limitations

That could be because we haven't given chatbots like Google's Gemini and OpenAI's ChatGPT the proper capabilities yet; they're typically limited to taking in and spitting out text via a chat interface.

Things may become more fascinating in commercial settings when AI businesses begin to deploy so-called "AI agents," which may perform actions by running other software on a computer or over the internet.

Tool use for AI

Anthropic, a rival of OpenAI, unveiled a big new product today that seeks to establish the notion that tool use is required for AI's next jump in usefulness. The business is allowing developers to instruct its chatbot Claude to use external services and software to complete more valuable tasks. 

Claude can, for example, use a calculator to solve math problems that vex big language models; be asked to visit a database storing customer information; or be forced to use other programs on a user's computer when it would be beneficial.

Anthropic has been assisting various companies in developing Claude-based aides for their employees. For example, the online tutoring business Study Fetch has created a means for Claude to leverage various platform tools to customize the user interface and syllabus content displayed to students.

Other businesses are also joining the AI Stone Age. At its I/O developer conference earlier this month, Google showed off a few prototype AI agents, among other new AI features. One of the agents was created to handle online shopping returns by searching for the receipt in the customer's Gmail account, completing the return form, and scheduling a package pickup.

Challenges and caution

  • While tool use is exciting, it comes with challenges. Language models, including large ones, don’t always understand context perfectly.
  • Ensuring that AI agents behave correctly and interpret user requests accurately remains a hurdle.
  • Companies are cautiously exploring these capabilities, aware of the potential pitfalls.

The Next Leap

The Stone Age of chatbots represents a significant leap forward. Here’s what we can expect:

Action-oriented chatbots

  • Chatbots that can interact with external services will be more useful. Imagine a chatbot that books flights, schedules meetings, or orders groceries—all through seamless interactions.
  • These chatbots won’t be limited to answering questions; they’ll take action based on user requests.

Enhanced Productivity

  • As chatbots gain tool-using abilities, productivity will soar. Imagine a virtual assistant that not only schedules your day but also handles routine tasks.
  • Businesses can benefit from AI agents that automate repetitive processes, freeing up human resources for more strategic work.

Read more »
Technology
Business Security ChatGPT Data Privacy Generative AI Technology

Risks of Generative AI for Organisations and How to Manage Them

 

Employers should be aware of the potential data protection issues before experimenting with generative AI tools like ChatGPT. You can't just feed human resources data into a generative AI tool because of the rise in privacy and data protection laws in the US, Europe, and other countries in recent years. After all, employee data—including performance, financial, and even health data—is often quite sensitive.

Obviously, this is an area where companies should seek legal advice. It's also a good idea to consult with an AI expert regarding the ethics of utilising generative AI (to ensure that you're acting not only legally, but also ethically and transparently). But, as a starting point, here are two major factors that employers should be aware of. 

Feeding personal data

As I previously stated, employee data is often highly sensitive and sensitive. It is precisely the type of data that, depending on your jurisdiction, is usually subject to the most stringent forms of legal protection.

This makes it highly dangerous to feed such data into a generative AI tool. Why? Because many generative AI technologies use the information provided to fine-tune the underlying language model. In other words, it may use the data you provide for training purposes, and it may eventually expose that information to other users. So, suppose you employ a generative AI tool to generate a report on employee salary based on internal employee information. In the future, the AI tool can employ the data to generate responses for other users (outside of your organisation). Personal information could easily be absorbed by the generative AI tool and reused. 

This isn't as shady as it sounds. Many generative AI programmes' terms and conditions explicitly specify that data provided to the AI may be utilised for training and fine-tuning or revealed when users request cases of previously submitted inquiries. As a result, when you agree to the terms of service, always make sure you understand exactly what you're getting yourself into. Experts urge that any data given to a generative AI service be anonymised and free of personally identifiable information. This is frequently referred to as "de-identifying" the data.

Risks of generative AI outputs 

There are risks associated with the output or content developed by generative AIs, in addition to the data fed into them. In particular, there is a possibility that the output from generative AI technologies will be based on personal data acquired and handled in violation of data privacy laws. 

For example, suppose you ask a generative AI tool to provide a report on average IT salary in your area. There is a possibility that the programme will scrape personal data from the internet without your authorization, violating data protection rules, and then serve it to you. Employers who exploit personal data provided by a generative AI tool may be held liable for data protection violations. For the time being, it is a legal grey area, with the generative AI provider likely bearing the most or all of the duty, but the risk remains. 

Cases like this are already appearing. Indeed, one lawsuit claims that ChatGPT was trained on "massive amounts of personal data," such as medical records and information about children, that was accessed without consent. You do not want your organisation to become unwittingly involved in a litigation like this. Essentially, we're discussing an "inherited" risk of violating data protection regulations. However, there is a risk involved. 

The way forward

Employers must carefully evaluate the data protection and privacy consequences of utilising generative AI and seek expert assistance. However, don't let this put you off adopting generative AI altogether. Generative AI, when used properly and within the bounds of the law, can be an extremely helpful tool for organisations.
Read more »
Spear Phishing
AI threats Business Email Compromise CISOs Cyber Security Email Safety Generative AI Impersonation online threats Security Policies Spear Phishing

Adapting Cybersecurity Policies to Combat AI-Driven Threats

 

Over the last few years, the landscape of cyber threats has significantly evolved. The once-common traditional phishing emails, marked by obvious language errors, clear malicious intent, and unbelievable narratives, have seen a decline. Modern email security systems can easily detect these rudimentary attacks, and recipients have grown savvy enough to recognize and ignore them. Consequently, this basic form of phishing is quickly becoming obsolete. 

However, as traditional phishing diminishes, a more sophisticated and troubling threat has emerged. Cybercriminals are now leveraging advanced generative AI (GenAI) tools to execute complex social engineering attacks. These include spear-phishing, VIP impersonation, and business email compromise (BEC). In light of these developments, Chief Information Security Officers (CISOs) must adapt their cybersecurity strategies and implement new, robust policies to address these advanced threats. One critical measure is implementing segregation of duties (SoD) in handling sensitive data and assets. 

For example, any changes to bank account information for invoices or payroll should require approval from multiple individuals. This multi-step verification process ensures that even if one employee falls victim to a social engineering attack, others can intercept and prevent fraudulent actions. Regular and comprehensive security training is also crucial. Employees, especially those handling sensitive information and executives who are prime targets for BEC, should undergo continuous security education. 

This training should include live sessions, security awareness videos, and phishing simulations based on real-world scenarios. By investing in such training, employees can become the first line of defense against sophisticated cyber threats. Additionally, gamifying the training process—such as rewarding employees for reporting phishing attempts—can boost engagement and effectiveness. Encouraging a culture of reporting suspicious emails is another essential policy. 

Employees should be urged to report all potentially malicious emails rather than simply deleting or ignoring them. This practice allows the Security Operations Center (SOC) team to stay informed about ongoing threats and enhances organizational security awareness. Clear policies should emphasize that it's better to report false positives than to overlook potential threats, fostering a vigilant and cautious organizational culture. To mitigate social engineering risks, organizations should restrict access to sensitive information on a need-to-know basis. 

Simple policy changes, like keeping company names private in public job listings, can significantly reduce the risk of social engineering attacks. Limiting the availability of organizational details helps prevent cybercriminals from gathering the information needed to craft convincing attacks. Given the rapid advancements in generative AI, it's imperative for organizations to adopt adaptive security systems. Shifting from static to dynamic security measures, supported by AI-enabled defensive tools, ensures that security capabilities remain effective against evolving threats. 

This proactive approach helps organizations stay ahead of the latest attack vectors. The rise of generative AI has fundamentally changed the field of cybersecurity. In a short time, these technologies have reshaped the threat landscape, making it essential for CISOs to continuously update their strategies. Effective, current policies are vital for maintaining a strong security posture. 

This serves as a starting point for CISOs to refine and enhance their cybersecurity policies, ensuring they are prepared for the challenges posed by AI-driven threats. In this ever-changing environment, staying ahead of cybercriminals requires constant vigilance and adaptation.
Read more »
Technology
Artifcial Intelligence Generative AI Machine learning Predictive AI Technology

Predictive AI: What Do We Need to Understand?


We all are no strangers to artificial intelligence (AI) expanding over our lives, but Predictive AI stands out as uncharted waters. What exactly fuels its predictive prowess, and how does it operate? Let's take a detailed exploration of Predictive AI, unravelling its intricate workings and practical applications.

What Is Predictive AI?

Predictive AI operates on the foundational principle of statistical analysis, using historical data to forecast future events and behaviours. Unlike its creative counterpart, Generative AI, Predictive AI relies on vast datasets and advanced algorithms to draw insights and make predictions. It essentially sifts through heaps of data points, identifying patterns and trends to inform decision-making processes.

At its core, Predictive AI thrives on "big data," leveraging extensive datasets to refine its predictions. Through the iterative process of machine learning, Predictive AI autonomously processes complex data sets, continuously refining its algorithms based on new information. By discerning patterns within the data, Predictive AI offers invaluable insights into future trends and behaviours.


How Does It Work?

The operational framework of Predictive AI revolves around three key mechanisms:

1. Big Data Analysis: Predictive AI relies on access to vast quantities of data, often referred to as "big data." The more data available, the more accurate the analysis becomes. It sifts through this data goldmine, extracting relevant information and discerning meaningful patterns.

2. Machine Learning Algorithms: Machine learning serves as the backbone of Predictive AI, enabling computers to learn from data without explicit programming. Through algorithms that iteratively learn from data, Predictive AI can autonomously improve its accuracy and predictive capabilities over time.

3. Pattern Recognition: Predictive AI excels at identifying patterns within the data, enabling it to anticipate future trends and behaviours. By analysing historical data points, it can discern recurring patterns and extrapolate insights into potential future outcomes.


Applications of Predictive AI

The practical applications of Predictive AI span a number of industries, revolutionising processes and decision-making frameworks. From cybersecurity to finance, weather forecasting to personalised recommendations, Predictive AI is omnipresent, driving innovation and enhancing operational efficiency.


Predictive AI vs Generative AI

While Predictive AI focuses on forecasting future events based on historical data, Generative AI takes a different approach by creating new content or solutions. Predictive AI uses machine learning algorithms to analyse past data and identify patterns for predicting future outcomes. In contrast, Generative AI generates new content or solutions by learning from existing data patterns but doesn't necessarily focus on predicting future events. Essentially, Predictive AI aims to anticipate trends and behaviours, guiding decision-making processes, while Generative AI fosters creativity and innovation, generating novel ideas and solutions. This distinction highlights the complementary roles of both AI approaches in driving progress and innovation across various domains.

Predictive AI acts as a proactive defence system in cybersecurity, spotting and stopping potential threats before they strike. It looks at how users behave and any unusual activities in systems to make digital security stronger, protecting against cyber attacks.

Additionally, Predictive AI helps create personalised recommendations and content on consumer platforms. Studying what users like and how they interact provides customised experiences, making users happier and more engaged.

The bottom line is its ability to forecast future events and behaviours based on historical data heralds a new era of data-driven decision-making and innovation. 




Read more »
Technology
Artificial Intelligence Business AI Financial Institution Generative AI Technology

AI Could Be As Impactful as Electricity, Predicts Jamie Dimon

 

Jamie Dimon might be concerned about the economy, but he's optimistic regarding artificial intelligence.

In his annual shareholder letter, JP Morgan Chase's (JPM) CEO stated that he believes the effects of AI on business, society, and the economy would be not just significant, but also life-changing. 

Dimon stated, we are fully convinced that the consequences of AI will be extraordinary and possibly as transformational as some of the major technological inventions of the past several hundred years: Think of the printing press, the steam engine, electricity, computing, and the Internet, among others. However, we do not know the full effect or the precise rate at which AI will change our business — or how it will affect society at large. 

Since the financial institution has been employing AI for over a decade, more than 2,000 data scientists and experts in AI and machine learning are employed there, according to Dimon. More than 400 use cases involving the technology are in the works, and they include fraud, risk, and marketing. 

“We're also exploring the potential that generative AI (GenAI) can unlock across a range of domains, most notably in software engineering, customer service and operations, as well as in general employee productivity,” Dimon added. “In the future, we envision GenAI helping us reimagine entire business workflows.”

JP Morgan is capitalising on its interest in artificial intelligence, advertising for almost 3,600 AI-related jobs last year, nearly twice as many as Citigroup, which had the second largest number of financial service industry ads (2,100). Deutsche Bank and BNP Paribas both advertised for little over 1,000 AI posts. 

JP Morgan is developing a ChatGPT-like service to assist consumers in making investing decisions. The company trademarked IndexGPT in May, stating that it would use "cloud computing software using artificial intelligence" for "analysing and selecting securities tailored to customer needs." 

Dimon has long advocated for artificial intelligence, stating earlier this year that the technology "can do things that the human mind simply cannot do." 

While Dimon is upbeat regarding the bank's future with AI, he also stated in his letter that the company is not disregarding the technology's potential risks.
Read more »
Technology
AI technology AI tools Generative AI generative AI tools innovative features Technology

What AI Can Do Today? The latest generative AI tool to find the perfect AI solution for your tasks

 

Generative AI tools have proliferated in recent times, offering a myriad of capabilities to users across various domains. From ChatGPT to Microsoft's Copilot, Google's Gemini, and Anthrophic's Claude, these tools can assist with tasks ranging from text generation to image editing and music composition.
 
The advent of platforms like ChatGPT Plus has revolutionized user experiences, eliminating the need for logins and providing seamless interactions. With the integration of advanced features like Dall-E image editing support, these AI models have become indispensable resources for users seeking innovative solutions. 

However, the sheer abundance of generative AI tools can be overwhelming, making it challenging to find the right fit for specific tasks. Fortunately, websites like What AI Can Do Today serve as invaluable resources, offering comprehensive analyses of over 5,800 AI tools and cataloguing over 30,000 tasks that AI can perform. 

Navigating What AI Can Do Today is akin to using a sophisticated search engine tailored specifically for AI capabilities. Users can input queries and receive curated lists of AI tools suited to their requirements, along with links for immediate access. 

Additionally, the platform facilitates filtering by category, further streamlining the selection process. While major AI models like ChatGPT and Copilot are adept at addressing a wide array of queries, What AI Can Do Today offers a complementary approach, presenting users with a diverse range of options and allowing for experimentation and discovery. 

By leveraging both avenues, users can maximize their chances of finding the most suitable solution for their needs. Moreover, the evolution of custom GPTs, supported by platforms like ChatGPT Plus and Copilot, introduces another dimension to the selection process. These specialized models cater to specific tasks, providing tailored solutions and enhancing efficiency. 

It's essential to acknowledge the inherent limitations of generative AI tools, including the potential for misinformation and inaccuracies. As such, users must exercise discernment and critically evaluate the outputs generated by these models. 

Ultimately, the journey to finding the right generative AI tool is characterized by experimentation and refinement. While seasoned users may navigate this landscape with ease, novices can rely on resources like What AI Can Do Today to guide their exploration and facilitate informed decision-making. 

The ecosystem of generative AI tools offers boundless opportunities for innovation and problem-solving. By leveraging platforms like ChatGPT, Copilot, Gemini, Claude, and What AI Can Do Today, users can unlock the full potential of AI and harness its transformative capabilities.
Read more »
Online Security
CISOs Cyber Security Data Privacy Digital Literacy Generative AI IP addresses Online Security

What Are The Risks of Generative AI?

 




We are all drowning in information in this digital world and the widespread adoption of artificial intelligence (AI) has become increasingly commonplace within various spheres of business. However, this technological evolution has brought about the emergence of generative AI, presenting a myriad of cybersecurity concerns that weigh heavily on the minds of Chief Information Security Officers (CISOs). Let's synthesise this issue and see the intricacies from a microscopic light.

Model Training and Attack Surface Vulnerabilities:

Generative AI collects and stores data from various sources within an organisation, often in insecure environments. This poses a significant risk of data access and manipulation, as well as potential biases in AI-generated content.


Data Privacy Concerns:

The lack of robust frameworks around data collection and input into generative AI models raises concerns about data privacy. Without enforceable policies, there's a risk of models inadvertently replicating and exposing sensitive corporate information, leading to data breaches.


Corporate Intellectual Property (IP) Exposure:

The absence of strategic policies around generative AI and corporate data privacy can result in models being trained on proprietary codebases. This exposes valuable corporate IP, including API keys and other confidential information, to potential threats.


Generative AI Jailbreaks and Backdoors:

Despite the implementation of guardrails to prevent AI models from producing harmful or biased content, researchers have found ways to circumvent these safeguards. Known as "jailbreaks," these exploits enable attackers to manipulate AI models for malicious purposes, such as generating deceptive content or launching targeted attacks.


Cybersecurity Best Practices:

To mitigate these risks, organisations must adopt cybersecurity best practices tailored to generative AI usage:

1. Implement AI Governance: Establishing governance frameworks to regulate the deployment and usage of AI tools within the organisation is crucial. This includes transparency, accountability, and ongoing monitoring to ensure responsible AI practices.

2. Employee Training: Educating employees on the nuances of generative AI and the importance of data privacy is essential. Creating a culture of AI knowledge and providing continuous learning opportunities can help mitigate risks associated with misuse.

3. Data Discovery and Classification: Properly classifying data helps control access and minimise the risk of unauthorised exposure. Organisations should prioritise data discovery and classification processes to effectively manage sensitive information.

4. Utilise Data Governance and Security Tools: Employing data governance and security tools, such as Data Loss Prevention (DLP) and threat intelligence platforms, can enhance data security and enforcement of AI governance policies.


Various cybersecurity vendors provide solutions tailored to address the unique challenges associated with generative AI. Here's a closer look at some of these promising offerings:

1. Google Cloud Security AI Workbench: This solution, powered by advanced AI capabilities, assesses, summarizes, and prioritizes threat data from both proprietary and public sources. It incorporates threat intelligence from reputable sources like Google, Mandiant, and VirusTotal, offering enterprise-grade security and compliance support.

2. Microsoft Copilot for Security: Integrated with Microsoft's robust security ecosystem, Copilot leverages AI to proactively detect cyber threats, enhance threat intelligence, and automate incident response. It simplifies security operations and empowers users with step-by-step guidance, making it accessible even to junior staff members.

3. CrowdStrike Charlotte AI: Built on the Falcon platform, Charlotte AI utilizes conversational AI and natural language processing (NLP) capabilities to help security teams respond swiftly to threats. It enables users to ask questions, receive answers, and take action efficiently, reducing workload and improving overall efficiency.

4. Howso (formerly Diveplane): Howso focuses on advancing trustworthy AI by providing AI solutions that prioritize transparency, auditability, and accountability. Their Howso Engine offers exact data attribution, ensuring traceability and accountability of influence, while the Howso Synthesizer generates synthetic data that can be trusted for various use cases.

5. Cisco Security Cloud: Built on zero-trust principles, Cisco Security Cloud is an open and integrated security platform designed for multicloud environments. It integrates generative AI to enhance threat detection, streamline policy management, and simplify security operations with advanced AI analytics.

6. SecurityScorecard: SecurityScorecard offers solutions for supply chain cyber risk, external security, and risk operations, along with forward-looking threat intelligence. Their AI-driven platform provides detailed security ratings that offer actionable insights to organizations, aiding in understanding and improving their overall security posture.

7. Synthesis AI: Synthesis AI offers Synthesis Humans and Synthesis Scenarios, leveraging a combination of generative AI and cinematic digital general intelligence (DGI) pipelines. Their platform programmatically generates labelled images for machine learning models and provides realistic security simulation for cybersecurity training purposes.

These solutions represent a diverse array of offerings aimed at addressing the complex cybersecurity challenges posed by generative AI, providing organizations with the tools needed to safeguard their digital assets effectively.

While the adoption of generative AI presents immense opportunities for innovation, it also brings forth significant cybersecurity challenges. By implementing robust governance frameworks, educating employees, and leveraging advanced security solutions, organisations can navigate these risks and harness the transformative power of AI responsibly.

Read more »
Technology
CPU Generative AI GPUs NVIDIA Online Security Technology

Are GPUs Ready for the AI Security Test?

 


As generative AI technology gains momentum, the focus on cybersecurity threats surrounding the chips and processing units driving these innovations intensifies. The crux of the issue lies in the limited number of manufacturers producing chips capable of handling the extensive data sets crucial for generative AI systems, rendering them vulnerable targets for malicious attacks.

According to recent records, Nvidia, a leading player in GPU technology, announced cybersecurity partnerships during its annual GPU technology conference. This move underscores the escalating concerns within the industry regarding the security of chips and hardware powering AI technologies.

Traditionally, cyberattacks garner attention for targeting software vulnerabilities or network flaws. However, the emergence of AI technologies presents a new dimension of threat. Graphics processing units (GPUs), integral to the functioning of AI systems, are susceptible to similar security risks as central processing units (CPUs).


Experts highlight four main categories of security threats facing GPUs:


1. Malware attacks, including "cryptojacking" schemes where hackers exploit processing power for cryptocurrency mining.

2. Side-channel attacks, exploiting data transmission and processing flaws to steal information.

3. Firmware vulnerabilities, granting unauthorised access to hardware controls.

4. Supply chain attacks, targeting GPUs to compromise end-user systems or steal data.


Moreover, the proliferation of generative AI amplifies the risk of data poisoning attacks, where hackers manipulate training data to compromise AI models.

Despite documented vulnerabilities, successful attacks on GPUs remain relatively rare. However, the stakes are high, especially considering the premium users pay for GPU access. Even a minor decrease in functionality could result in significant losses for cloud service providers and customers.

In response to these challenges, startups are innovating AI chip designs to enhance security and efficiency. For instance, d-Matrix's chip partitions data to limit access in the event of a breach, ensuring robust protection against potential intrusions.

As discussions surrounding AI security evolve, there's a growing recognition of the need to address hardware and chip vulnerabilities alongside software concerns. This shift reflects a proactive approach to safeguarding AI technologies against emerging threats.

The intersection of generative AI and GPU technology highlights the critical importance of cybersecurity in the digital age. By understanding and addressing the complexities of GPU security, stakeholders can mitigate risks and foster a safer environment for AI innovation and adoption.


Read more »
Subscribe to: Posts (Atom)