Security News
As early as 2018, the powerful foundation models powering cutting-edge applications like chatbots have been called "Frontier AI." In previous decades, the internet itself was considered an electronic frontier. Turner grappled with some of the negative consequences and contradictions of the frontier ethic and how it shaped American democracy.
"[I]n just one minute per prompt, we get an attack success rate of 89 percent on jailbreaking Vicuna-7B- v1.5, while the best baseline method achieves 46 percent," the authors state in their paper. "BEAST can attack a model as long as the model's token probability scores from the final network layer can be accessed. OpenAI is planning on making this available. Therefore, we can technically attack publicly available models if their token probability scores are available."
At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor. JFrog's security team found that roughly a hundred models hosted on the platform feature malicious functionality, posing a significant risk of data breaches and espionage attacks.
In this Help Net Security interview, Itamar Friedman, CEO of Codium AI, discusses the integration of AI into DevOps practices and its impact on software development processes, particularly in automating code review, ensuring compliance, and improving efficiency. How is AI integrated into DevOps practices, and what are the most significant changes you've observed in software development processes?
88% of cybersecurity professionals believe that AI will significantly impact their jobs, now or in the near future, and 35% have already witnessed its effects, according to ISC2's AI study, AI Cyber 2024. The survey respondents are highly positive about the potential for AI. Overall, 82% agree that AI will improve their job efficiency as cybersecurity professionals.
Centralizing strategy, unifying risk and compliance data, and revamping the approach to cybersecurity are becoming more popular strategic objectives among respondents, especially with the rise of AI technology dismantling barriers and fostering collaboration among various GRC functions. It's no surprise that AI in cybersecurity presents a complex duality: AI simultaneously introduces new business risks while streamlining workflows for GRC professionals and helping stay abreast of innovative new cyberattacks, like deepfakes, more advanced phishing emails, better password guessing, neutralizing off-the-shelf security tools, and much more.
Meta, the company that owns some of the biggest social networks in use today, has explained how it means to tackle disinformation related to the upcoming EU Parliament elections, with a special emphasis on how it plans to treat AI-generated content that's meant to deceive. Many platforms have been publishing reports on their efforts to curb influence operations, disinformation and misleading content for many years, but it's becoming obvious that they must ramp up their efforts.
Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain...
Identifying and securing these secrets has proven challenging, in part because of high rates of false positives. AI and ML hold promise in identifying secrets more accurately; our recent research has found they can reduce the rate of false positives by as much as 86%. The article will explore the types of secrets, limitations of current security solutions, and the efficacy of integrating artificial intelligence and machine learning in security tools, allowing cybersecurity leaders to focus on the most critical risks.
Please turn on your JavaScript for this page to function normally. Big tech firms are already rolling out AI remediation tools to prevent developers from introducing security risks into the software development lifecycle.