Flaws Discovered in Gemini Platform
A recent blog post by Google highlighted the implementation of restrictions on certain election-related queries in Gemini prior to the Indian general elections. However, a study conducted by Kenneth Yeung at Hidden Layer has brought into question the effectiveness of these measures. The study identified three critical vulnerabilities in Gemini, Google’s latest LLM model. These vulnerabilities include the potential for rapid program leakage, the utilization of unique token combinations to bypass security measures, and the exploitation of content restrictions by disguising queries as fictional narratives. Of particular concern was the ability of researchers to access the advanced Gemini Ultra model to craft a detailed narrative providing technical instructions on bypassing security features in a Honda Civic.
New York Times Disputes Allegations of Hacking OpenAI
The ongoing copyright disputes involving LLMs and other artificial models have significant implications for the industry. The recent conflict between OpenAI and The New York Times revolves around allegations of hacking and unauthorized content usage. The editor from The New York Times refuted claims by OpenAI that they “hacked” ChatGPT to extract content, asserting that they only utilized a few words or sentences from the chatbot to aid in article creation. OpenAI, on the other hand, argues that such usage falls within fair use guidelines and that ChatGPT’s standard functionality does not infringe on proprietary content rights.
GitHub Experiences 28% Surge in Security Breaches
A recent report from GitGuardian revealed a concerning trend in security breaches on GitHub. In 2023, it was discovered that developers inadvertently exposed an estimated 12.8 million credentials on public repositories, representing 0.7% of all actions performed. Alarmingly, the report highlighted that a mere 2.6% of exposed credentials were promptly revoked within an hour of notification, with 90% remaining accessible online for over five days. The rate of exposed credentials outpaced the growth of GitHub repositories, which saw a 22% increase during the same period.
EU Parliament Passes AI Act
The European Union Parliament’s recent approval of the AI Act marks a significant milestone in AI regulation. The Act, which garnered a decisive 523-46 vote with 49 abstentions, aims to establish clear categories for AI systems based on risk levels, ranging from prohibited uses to low-risk applications. While the policy still awaits final approval from the European Council, it is poised to become law by the end of May, with a phased implementation scheduled to commence in 2025.
Sponsor Acknowledgment: Vanta
Our sponsor, Vanta, offers a cutting-edge trust management platform designed to streamline compliance and security operations in today’s complex landscape. Trusted by over 6,000 companies worldwide, Vanta’s automated solutions enhance compliance, fortify security postures, simplify reviews, and mitigate third-party risks. To discover more about Vanta’s innovative offerings, visit vanta.com/ciso and explore their brief product demonstration.
Microsoft Copilot for Security Enters General Availability
Microsoft’s foray into cybersecurity with the upcoming release of Copilot for Security heralds a new era in AI-driven defense mechanisms. Scheduled for launch on April 1st, the service will introduce consumption-based pricing utilizing “security compute units.” Positioned as a tool to empower junior staff and enhance analyst productivity, Copilot for Security leverages Microsoft’s expertise in AI technologies, extending its Copilot branding across various platforms including Windows 11 and GitHub.
Cerebras Unveils Breakthrough AI Chip
Cerebras Systems, a pioneering startup specializing in “wafer-scale” chip development for high-performance computing, recently unveiled its latest innovation—the WSE-3 chip designed for AI model training. Boasting an impressive 53% increase in transistor count to 4 trillion and delivering 125 petaFLOPS of performance, the chip represents a significant leap in processing power. Cerebras’ WSE-3 chip is capable of supporting LLMs with up to 24 trillion parameters, offering unparalleled performance for AI applications across a range of industries.
Bluesky Introduces Open Source Moderation Tool
In a bid to decentralize content moderation, Bluesky, the decentralized social network, announced the release of the Ozone moderation tool as open-source software. This initiative aims to empower independent moderation teams to enhance content filtering and customization options for users. By offering a diverse range of moderation services and filters, Bluesky seeks to provide a tailored user experience while supporting paid moderation options. The Ozone tool will initially debut on desktop platforms, with mobile compatibility slated for the near future.
Malicious Search Ads Exploit Users
The prevalence of malvertising tactics, such as malicious search ads, poses a significant threat to user security. Recent findings by Kaspersky researchers uncovered a malicious campaign targeting users searching for the “notepad++” application. The deceptive ad, displayed on a Chinese search engine, directed users to a site hosting malicious downloads for the VNote app on macOS and Linux, masquerading as a legitimate notepad++ download for Windows. The ensuing investigation revealed attempts to deliver a backdoor payload based on a Cobalt Strike open-source implementation, underscoring the risks associated with malicious search ads.
Bitcoin Fog Operator Convicted for Money Laundering
Roman Sterlingov, the operator of the Bitcoin Fog cryptocurrency mixer, was recently convicted in Washington, DC, for facilitating money laundering activities from 2011 to 2021. Bitcoin Fog, a long-standing mixer service, laundered an estimated $400 million, with a significant portion believed to originate from illicit sources on darknet marketplaces. Sterlingov faces a maximum sentence of 20 years in prison for his role in the operation. Unlike other similar services, such as Tornado Cash, no allegations were made linking Bitcoin Fog to money laundering activities involving North Korea, according to the US Department of Justice.