CyberSecurityBoard
Sponsor Register Login

Three Tips To Use AI Securely at Work

Simon makes a very good point that AI is becoming similar to open source software in a way.
To remain nimble and leverage the work of great minds from around the world, companies will need to adopt it or spend a lot of time and money trying to achieve on their own what AI can achieve for them.
In May of 2023, Samsung banned ChatGPT because an employee uploaded some sensitive internal source code to the service.
While it may have been useful to the employee, OpenAI could retain that code and even train upcoming models on it.
Big companies like Amazon and Microsoft have policies about how to classify information and what information can be stored, transmitted, or processed outside the corporate network.
Training on those policies is both part of new hire orientation and periodic security refreshers.
Tip 2: An AI can't reveal what it doesn't know.
LLM's keep secrets about as well as toddlers do.
During the podcast, Simon mentioned a great example/trainer about prompt injection called Gandalf.
Simply put, do not throw mountains of unsanitized training data at your LLM. GitGuardian literally came to be because developers were leaking secrets in public GitHub repositories.
If a company trained an LLM on its private repositories, it's possible that an attacker could get the LLM to spit out anything from proprietary code to hard-coded secrets.
If a public or all-company facing LLM isn't trained on information you don't want shared, it can't share it.
Some LLMs have been trained on a ton of GitHub repositories.
While there's a lot of good code on Github, there's a lot of bad code, and most LLMs aren't smart enough to tell the difference.
According to Simon, this comes down to how the LLMs process things.
An LLM doesn't truly understand your question and it doesn't truly understand its answer.
The AI can't step through the code and tell you what the output of a specific variable would be under specific conditions.
It doesn't actually understand what the code will do.
If you're getting an AI to write code, you still need to inspect and test it.
Realize that there is exploit code and backdooring code and all sorts of other poisoned data in the average LLM's training data, and therefore while it may be very helpful, it cannot be trusted implicitly.


This Cyber News was published on securityboulevard.com. Publication date: Fri, 12 Jan 2024 11:43:05 +0000


Cyber News related to Three Tips To Use AI Securely at Work

CVE-2024-26626 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
Cybersecurity in the Age of Remote Work - The shift towards remote work has brought numerous benefits, but it has also exposed organizations to new cybersecurity risks. We will uncover key insights and best practices to ensure the safety of operations in the age of remote work. In ...
9 months ago Securityzap.com
Securing Remote Work: A Guide for Businesses - This article aims to provide businesses with a comprehensive guide to securing remote work, covering the essential components of remote work security policies and exploring best practices for ensuring secure communication. By implementing these ...
10 months ago Securityzap.com
Cybersecurity for Remote Work: Securing Virtual Environments and Endpoints - Remote work surged in popularity out of necessity during the COVID-19 pandemic but seems to be here to stay, thanks to its unique advantages. With the rise in remote work also comes an increase in cybersecurity challenges spurned by the circumstances ...
1 year ago Cybersecurity-insiders.com
What is Security Service Edge? - The contemporary work landscape is swiftly transitioning into a hybrid model, encompassing remote and office-based work for employees. This transformation introduces novel challenges in ensuring security across many work locations with diverse ...
11 months ago Cybersecuritynews.com
How to turn shadow IT into a culture of grassroots innovation - Total, centralized IT control is no longer practical now that hybrid work and BYOD are here to stay. When users look for new ways to get work done, the solutions they find can be the seeds of innovation and the key to unleashing productivity and ...
11 months ago Helpnetsecurity.com
IT and security professionals demand more workplace flexibility - The concept of Everywhere Work is now much broader, encompassing where, when, and how professionals get their work done - and flexibility has become a key workplace priority, according to Ivanti. Ivanti surveyed over 7,700 executive leaders, IT and ...
8 months ago Helpnetsecurity.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
The Top Four Things Tech Manufacturers can do to Bolster the Cybersecurity of Target-Rich, Cyber-Poor Organizations - Schools, municipalities, and non-profit organizations contribute to flourishing communities by supporting civic life and democratic processes. In many cases, they need someone with training and expertise to implement mitigations and securely ...
7 months ago Cisa.gov
7 Months Inside an Online Scam Labor Camp - He had been kidnapped and forced to work for an abusive online scam operation. A man was abducted by a Chinese gang and forced to work in a scam operation. More than anything else, Neo Lu, a 28-year-old Chinese office worker, believed the gig would ...
1 year ago Nytimes.com
8 Tips on Leveraging AI Tools Without Compromising Security - Forecasts like the Nielsen Norman Group estimating that AI tools may improve an employee's productivity by 66% have companies everywhere wanting to leverage these tools immediately. How can companies employ these powerful AI/ML tools without ...
1 year ago Darkreading.com
US offers up to $15 million for tips on ALPHV ransomware gang - The U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders. An additional $5 million bounty is also available for tips on individuals ...
10 months ago Bleepingcomputer.com
CVE-2024-53054 - In the Linux kernel, the following vulnerability has been resolved: cgroup/bpf: use a dedicated workqueue for cgroup bpf destruction A hung_task problem shown below was found: INFO: task kworker/0:0:8 blocked for more than 327 seconds. "echo 0 > ...
1 month ago Tenable.com
One Day in the Life of EFF's Activism Team - EFF's activism team includes experienced issue experts, master communicators, and grassroots organizers who help to coordinate and orchestrate EFF's activist campaigns that include but go well beyond litigation, technical analyses and solutions, and ...
7 months ago Eff.org
CVE-2024-35852 - In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work The rehash delayed work is rescheduled with a delay if the number of credits at end of the work is not negative ...
7 months ago Tenable.com
Cybersecurity for Remote Workers: Best Practices - In the current era of remote work, organizations worldwide face a critical concern: ensuring the cybersecurity of their remote workers. To address this issue, businesses must establish a robust cybersecurity framework that incorporates best practices ...
10 months ago Securityzap.com
CVE-2023-46217 - Multiple vulnerabilities exist in Ivanti Avalanche v6.4.1 WLAvalancheService.exe.CVE-2023-41727 - MuProperty type 100 stack-based buffer overflow (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)A message sent to WLAvalancheService.exe on TCP port 1777 ...
1 year ago Tenable.com
CVE-2023-46216 - Multiple vulnerabilities exist in Ivanti Avalanche v6.4.1 WLAvalancheService.exe.CVE-2023-41727 - MuProperty type 100 stack-based buffer overflow (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)A message sent to WLAvalancheService.exe on TCP port 1777 ...
1 year ago Tenable.com
CVE-2023-41727 - Multiple vulnerabilities exist in Ivanti Avalanche v6.4.1 WLAvalancheService.exe.CVE-2023-41727 - MuProperty type 100 stack-based buffer overflow (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)A message sent to WLAvalancheService.exe on TCP port 1777 ...
1 year ago Tenable.com
Microsoft OneNote Attachments are Now being Used by Hackers to Spread Malware - According to researchers, hackers are now using Microsoft OneNote attachments as a way to spread malicious software. This is the latest tactic in a long line of malicious actors attempting to infiltrate computers and networks with malicious code. ...
1 year ago Bleepingcomputer.com
Safe shopping this sales season - Whether it's to avoid queuing, save time or simply to avoid the frustration from going to the shop and not finding what you were looking for, online shopping is the most popular shopping method in today's society. That's why we want to give you some ...
11 months ago Pandasecurity.com
How to Create a Secure Password: 7 Best Practices for 2024 - You can unsubscribe at any ...
2 months ago Techrepublic.com
CVE-2024-46704 - In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix spruious data race in __flush_work() When flushing a work item for cancellation, __flush_work() knows that it exclusively owns the work item through its PENDING bit. ...
3 months ago Tenable.com
The Definitive Browser Security Guide: Tips and Best Practices for Safer Browsing - As the internet has become a vital part of our lives, browser security has become more important than ever. A secure browser can give you the peace of mind to spend time online without worrying about malware and viruses that could compromise your ...
1 year ago Thehackernews.com
CVE-2023-52587 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)