Security News

Security experts are increasingly resorting to unauthorized AI tools, possibly because they are unhappy with the level of automation implemented in their organization's security operation centers, according to a study conducted by Wakefield Research. Security pros are using AI tools without authorization.

Microsoft has announced a new assistant powered by artificial intelligence to help boost productivity across Microsoft 365 apps, currently being tested by select commercial customers. Known as Copilot, the new AI feature helps create and manage documents, presentations, and spreadsheets, as well as triage and reply to emails.

Amid all of the buzz around ChatGPT and other artificial intelligence apps, cybercriminals have already started using AI to generate phishing emails. In the end, human-generated phishing mails caught more victims than did those created by ChatGPT. Specifically, the rate in which users fell for the human-generated messages was 4.2%, while the rate for the AI-generated ones was 2.9%. That means the human social engineers outperformed ChatGPT by around 69%. One positive outcome from the study is that security training can prove effective at thwarting phishing attacks.

The unavoidable conclusion is that AI will make lobbying more guileful, and perhaps more successful. While the idea of monied interests incorporating AI assistive technologies into their lobbying remains hypothetical, specific machine-learning technologies exist today that would enable them to do so.

Skyhigh Security has seen firsthand how 33,000 enterprise users have accessed ChatGPT through corporate infrastructures. Almost 7 TB of data has been transacted with ChatGPT through corporate web and cloud assets between Nov 2022 - Feb 2023.

Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar. "The videos lure users by pretending to be tutorials on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other products that are licensed products available only to paid users," CloudSEK researcher Pavan Karthick M said.

Privacy-focused search engine DuckDuckGo has launched the first beta version of DuckAssist, an AI-assisted feature that writes accurate summaries to answer users' search queries. DuckAssist uses OpenAI's natural language technology to generate answers to user's search queries at the top of the search results page, making responses more direct than traditional search results.

92% of organizations have fallen victim to successful phishing attacks in the last 12 months, while 91% of organizations have admitted to experiencing email data loss, according to Egress. "The growing sophistication of phishing emails is a major threat to organizations and needs to be urgently addressed," said Jack Chapman, VP of Threat Intelligence, Egress.

Brave Search has incorporated a new AI-powered tool named Summarizer, which gives a summarized answer to an inputted question before the rest of the search results. Brave Search is a fast-growing privacy-centric internet search engine allowing users to search the web anonymously without being tracked.

If AI-based cybersecurity tools leveraged RLHF, they would be immensely powerful, intuitive, and effective and could improve detection and response times to even the most sophisticated threats. RLHF can be used to train AI-based models to detect and respond to potential threats more effectively by using human feedback to learn from real-world examples.