Google Outlines Common Red Team Attacks Targeting AI Systems

0
[ad_1]
Red Team Attacks Targeting AI Systems

There are rising concerns about the security risks associated with artificial intelligence (AI), which is becoming more and more popular and pervasive.

Google, a major participant in the creation of next-generation artificial intelligence (AI), has emphasized the need for caution while using AI.

In a recent blog post, Google announced its team of ethical hackers who are dedicated to ensuring the safety of AI. This marks the first time the company has publicly disclosed this information.

The company said that the Red Team was established approximately ten years ago. The team has already identified several risks to the rapidly developing field, mostly based on how adversaries could compromise the large language models (LLMs) that power generative AI systems like ChatGPT, Google Bard, and others.

Google researchers identified six specific attacks that can be built against real-world AI systems. They discovered that these common attack vectors exhibit a unique complexity.

In most cases, the attacks cause technology to produce unintended or even malicious impacts. The outcomes can range from harmless ones to more dangerous ones.

Types Of Red Team Attacks On AI Systems

  • Prompt attacks
  • Training data extraction
  • Backdooring the model
  • Adversarial examples
  • Data poisoning
  • Exfiltration
Types of Red Team Attacks on AI Systems \\ Source : Google

The first kind of frequent assaults that Google was able to identify is prompt attacks, which utilize “prompt engineering.” It relates to creating effective prompts that provide LLMs with the instructions required to carry out specific tasks.

According to the researchers, when this effect on the model is malicious, it can in turn deliberately influence the output of an LLM-based app in ways that are not intended.

Researchers also discovered an attack known as training-data extraction, which seeks to recreate exact training instances used by an LLM, such as the Internet’s content.

“Attackers are incentivized to target personalized models or models that were trained on data containing PII, to gather sensitive information,” researchers said.

Attackers can harvest passwords or other personally identifying information (PII) from the data in this way.

Backdooring the model, often known as a backdoor, is a third possible AI attack where an attacker may try to secretly modify the behavior of a model to give inaccurate outputs with a specified ‘trigger’ phrase or feature.

In this kind of attack, a threat actor can conceal code to carry out harmful actions either in the model or in its output.

Adversarial examples, a fourth attack type, are inputs that an attacker gives to a model to produce a “deterministic, but highly unexpected output”. The picture may, for instance, appear to the human eye to depict a dog while the model sees a cat.

“The impact of an attacker successfully generating adversarial examples can range from negligible to critical and depends entirely on the use case of the AI classifier,” researchers said.

If software developers are using AI to assist them in developing software, an attacker could also use a data-poisoning attack to manipulate the model’s training data to influence the model’s output in the attacker’s preferred direction.

This could endanger the security of the software supply chain. The researchers emphasized that the effects of this assault may be comparable to those of backdooring the model.

Finally, Exfiltration attacks, in which attackers can transfer the file representation of a model to steal critical intellectual property housed in it, are the last form of attack recognized by Google’s specialized AI red team.

They can utilize that data to create their models, which they can exploit to offer attackers special powers in custom-crafted assaults.

Recommendation

Traditional security measures like making sure the models and systems are securely locked down may greatly reduce danger.

The researchers advise businesses to use red teaming in their work processes to support product creation and research efforts.


[ad_2]
Source link

Samsung 65-inch S90C 4K TV Now $2,097 at Amazon

0
[ad_1]

Amazon has a great price on the Samsung 65-inch S90C OLED 4K TV right now. Where you can pick it up for $2,097. That’s going to save you $500 off of its regular price, and does bring it back down to an all-time low.

Samsung S90C OLED 4K TV – Amazon

Why you should buy the Samsung S90C OLED

The Samsung 65-inch S90C 4K TV is a top-of-the-line OLED TV that offers stunning picture quality, immersive sound, and a wide range of features. It is currently on sale for $2,097, which is a great deal for a TV of this caliber.

One of the best things about the S90C is its OLED panel. OLED panels offer perfect blacks and infinite contrast, which results in images that are simply breathtaking. The S90C also features Samsung’s Quantum HDR technology, which delivers a wider range of colors and contrast for even more realistic images.

In addition to its stunning picture quality, the S90C also offers excellent sound. It is equipped with a 4.2.2-channel speaker system that delivers rich, immersive sound. The S90C also supports Dolby Atmos, which creates a truly three-dimensional sound experience.

The S90C is also packed with features. It is a smart TV, so you can access your favorite streaming apps, such as Netflix, Amazon Prime Video, and Disney+. It also has built-in voice control, so you can control the TV with your voice.

Overall, the Samsung 65-inch S90C 4K TV is an excellent choice for anyone who wants the best possible home entertainment experience. It offers stunning picture quality, immersive sound, and a wide range of features. If you are looking for a new TV, the S90C is definitely worth considering.

Here are some additional benefits of OLED TVs:

  • Wide viewing angles: OLED TVs offer excellent viewing angles, so you can enjoy the same great picture quality no matter where you are sitting in the room.
  • Fast response time: OLED TVs have a very fast response time, which means that they can display fast-moving images without any blur or ghosting. This makes them ideal for gaming and watching sports.
  • Durability: OLED TVs are very durable and can withstand a lot of wear and tear. They are also less likely to burn in than other types of TVs.

If you are looking for a TV that offers the best possible picture quality, then an OLED TV is the way to go. The Samsung 65-inch S90C 4K TV is a great option, and it is currently on sale for a great price.

Samsung S90C OLED 4K TV – Amazon


[ad_2]
Source link

Top AI brands promise White House to develop AI responsibly

0
[ad_1]

Right now, we’re at the beginning of a new age of technology with artificial intelligence. This new age brings with it visions of hope and prophecies of doom. Thus, The US White House asked top AI brands to promise to develop AI responsibly.

Right now, all of the dangers of AI are still hypothetical. The thought of millions of writers, musicians, artists, executives, and developers being jobless because of AI automation is still just a thought. However, the government is trying to stave off that reality. The government is looking into OpenAI over how it uses and obtains data for ChatGPT. Also, Senator Casey introduced new bills to stop “Robot bosses” from happening.

Top AI brands promise to develop AI responsibly

According to The Verge, The White House will bring in Google, Meta, OpenAI, Amazon, Inflection, Anthropic, and Microsoft on Friday. During the meeting, the White House will issue a series of requests for these companies to follow. They include but aren’t limited to, developing a watermarking system, investing in cybersecurity, and discrimination research.

These address some of the issues with AI at this point. People generate all sorts of content and pass it off as though someone with actual talent made them. It’d be nice to have a watermarking system to know when something has been AI-generated.

Also, AI isn’t exactly clean from generating discriminatory content. That could lead to massive trouble on the corporate level. When it comes to cybersecurity, it’s obvious why that’s important. We don’t know how these companies are handling the data that they collect.

These are promises, not policies

While the companies agreed to meet with the White House, these are voluntary promises that the companies are making. This means that they’re not technically obligated to stick to them. There won’t be any punishment if they fail to live up to the promises.

Not to be cynical, but some of these companies struggle to obey certain guidelines even when they’re legally obligated to. It’s hard to believe that these companies will avoid breaking promises that seem to have no more weight than a pinky swear.

In any case, let’s just hope that these companies do stand by these promises. We’re just now realizing some of the dangers of AI.


[ad_2]
Source link

Looking for a new job? Twitter might help you with that

0
[ad_1]

Twitter updates have become a regular occurrence since Elon Musk acquired the social media platform last year. While most new features and upgrades are exclusive to paid subscribers, some may still benefit all users.

One such feature appears to be in the works. This new feature will allow verified organizations to post job listings on the platform. TechCrunch reports that certain verified organizations have already taken advantage of this opportunity by posting job listings under their Twitter bios on their profiles.

Nima Owji, an app researcher, tweeted a screenshot providing more details about the upcoming feature and its usage. It looks like the feature will be free for verified organizations and Twitter has already reserved the name “Twitter Hiring”, although no official posts have been made yet. Nevertheless, it seems that the new feature is well on its way.
With the Twitter Hiring feature, verified organizations can post up to 5 job listings on their profiles. Interested users can simply click on the job posting to be directed to the company’s website for more information.Moreover, the Twitter Hiring feature also allows verified organizations to upload job listings more efficiently by connecting a Supported Applicant Tracker System or XML feed. An XML feed is a structured data format that facilitates the standardized sharing and distribution of information between different systems, applications, and websites.

As per Adam Rayn, CEO of Workweek, who already has access to the feature, it is indeed provided free of charge and comes with the $1,000 verified organization package. This package offers 2x more engagement for your organization and affiliates, premium support with a 30-minute response time, affiliate badges for official representatives, and impersonation defense. Considering this price, Twitter could make a wise decision by keeping this feature free of any additional charge.

Recent research indicates that 73% of job seekers aged 18-34 found their last job through social media. Thus, features like Twitter Hiring could be a valuable addition to making job searches more official on the platform. While platforms like LinkedIn focus entirely on professional networking and job opportunities, having more options to search for new career opportunities could be beneficial for all users.

[ad_2]
Source link

Cybercriminals AI Tool Gained Over 5,000 Subscribers

0
[ad_1]

The revolutionary innovations by AI (Artificial Intelligence) include generative AI that has various creative potential, but along with that it also raises serious concerns with malicious tools like WormGPT.

Since it’s a powerful generative AI-based tool, WormGPT enables attackers to create their own custom hacking tools that pose major cybersecurity challenges.

Just after its launch, WormGPT’s Telegram channel gained more than 5,000 active subscribers in just a week, showing the rapid adoption of the tool by threat actors to perform illicit activities and attacks.

WormGPT

WormGPT is a malicious AI tool that’s presented as a blackhat alternative to GPT models, using GPT-J LLM with the following key features:-

  • Unlimited character support
  • Chat memory retention
  • Code formatting
WormGPT advertisement on Telegram (Source – SOCRadar)

The developers of this AI tool assert its potential for malware, BEC phishing, and hacking tools, ensuring no user activity logs, and they accept cryptocurrency payments only.

With the continuous addition of new upgrades, WormGPT now permits users to import its code directly into their editor, showcasing its versatility.

WormGPT new feature showcase (Source – SOCRadar)

While a website exists, WormGPT’s Telegram channel, created on July 16, 2023, has gained over 5,000 subscribers, becoming more popular for feature and pricing promotions, reads SOCRadar report.

WormGPT reaches 5K users (Source – SOCRadar)

WormGPT for BEC Attacks

AI advancements like OpenAI’s ChatGPT enable hackers to conduct convincing business email compromise (BEC) attacks with personalized and realistic fake emails, increasing their chances of success.

Generative AI in BEC attacks has dual benefits, and here below we have mentioned them:-

  • Flawless grammar for genuine appearance and simplicity.
  • Enabling less skilled threat actors to conduct sophisticated cybercrime.

Recommendations

Defending against AI-driven BEC attacks demands a multi-layered strategy, blending tech solutions and user awareness.

Here below we have mentioned the recommendations offered by the cybersecurity analysts:-

  • AI Detection Tools
  • Email Authentication Protocols
  • User Training and Awareness
  • Email Filtering and Whitelisting

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNewsLinkedinTwitterand Facebook.


[ad_2]
Source link

Get the Samsung Galaxy Watch 5 Pro for $379: Lowest Price Ever

0
[ad_1]

Amazon has put the Galaxy Watch 5 Pro on sale after Prime Day for some reason. But don’t complain, because it is at an all-time low. It’s now just $379, versus its regular price of $449. Typically, we’ve only seen it drop down to $399. So this is a really good deal.

This is for the WiFi model. However, the LTE model is also on sale for $399. Which is also $100 off.

Samsung Galaxy Watch 5 Pro – Amazon

Why you should buy the Galaxy Watch 5 Pro

The Galaxy Watch 5 Pro is the latest smartwatch from Samsung, and it’s packed with features that make it a great choice for anyone looking for a fitness tracker, a smartwatch, or a combination of both.

Here are some of the reasons why you should buy the Galaxy Watch 5 Pro:

  • Advanced fitness tracking: The Galaxy Watch 5 Pro has a number of advanced fitness tracking features, including a heart rate monitor, an ECG sensor, and a blood oxygen sensor. These sensors can help you track your progress and make sure you’re staying healthy.
  • Smartwatch features: The Galaxy Watch 5 Pro also has a number of smartwatch features, including a built-in speaker and microphone, so you can make and receive calls, send and receive text messages, and control your music.
  • Long battery life: The Galaxy Watch 5 Pro has a long battery life, so you can wear it all day without having to worry about it running out of power.
  • Sleek design: The Galaxy Watch 5 Pro has a sleek design that looks great on any wrist.

If you’re looking for a fitness tracker, a smartwatch, or a combination of both, the Galaxy Watch 5 Pro is a great option. It’s packed with features that make it a great choice for anyone who wants to stay healthy and connected.

Overall, the Galaxy Watch 5 Pro is a great choice for anyone looking for a fitness tracker, a smartwatch, or a combination of both. It’s packed with features that make it a great choice for anyone who wants to stay healthy and connected.

Samsung Galaxy Watch 5 Pro – Amazon


[ad_2]
Source link

A Google Cloud Build Vulnerability Would Aid Supply-Chain Attacks

0
[ad_1]

Researchers found a critical vulnerability in the Google Cloud Build that allowed elevated privileges to unauthorized users. An adversary could exploit the design flaw for various malicious activities, including supply-chain attacks.

Google Cloud Build Vulnerability

Different security firms analyzed and discovered a severe design flaw in the Google Cloud Build service. Specifically, they discovered a privilege escalation vulnerability in the Google Cloud Build that allowed explicit access to an unauthorized adversary.

Google Cloud Build is Google’s CI/CD service helping users to automate building, testing, and software deployment across all languages. It also supports integration with other Google Cloud services, such as App Engine and Kubernetes Engine.

RhinoSecurity Labs separately described the vulnerability affecting the Google Cloud Platform (GCP) in a report. (Published in two parts, the report also highlights a similar Identity & Access Management (IAM) privilege escalation in the Amazon Web Services (AWS).)

Their researchers observed that an adversary might exploit the issue in a specific Cloud Build to gain elevated privileges and explicit access to the build server. The attacker may use compromised GCP credentials to achieve the desired permissions.

Then, upon achieving remote code execution on the target build server, the attacker can find and abuse the Cloud Build Service Account access token locally cached on the server. Later, using this access token enables the attacker to achieve higher privileges.

Upon discovering the vulnerability, Rhino Security Labs responsibly disclosed the matter to Google. However, the tech giant didn’t consider this a security flaw.

Meanwhile, another security firm, Orca Security, also discovered the same issue and could exploit the vulnerability more quickly. Their researchers have explained the details about this vulnerability, which they call “Bad.Build”, in a separate post.

They found the flaw trivially exploitable as an adversary could maliciously manipulate application images, inducing a supply-chain attack similar to SolarWinds and 3CX security incidents.

Google Assured The Vulnerability Fix

Following this discovery, Orca Security also contacted Google, which acknowledged the matter and deployed a partial fix. However, since the flaw remained exploitable, the researchers urged all organizations to monitor the Google Cloud Build Service Account for malicious behavior, deploy the Principle of Least Privilege, and implement cloud detection and response capabilities.

Nonetheless, according to a recent statement from Google (as provided to the Bleeping Computer), the tech giant has patched the vulnerability.

Let us know your thoughts in the comments.


[ad_2]
Source link

Google is testing new AI Tool that could write this article about this new AI Tool

0
[ad_1]

Google is testing a new AI Tool, which it is pitching as a helpmate for journalists. And it has apparently been demonstrated to executives at The New York Times, The Washington Post and News Corp (the parent-company of The Wall Street Journal).

The tool is known internally as “Genesis”. And it can take information, including details of current events, and generate news content, according to those familiar with the matter. One of those familiar with the matter, stated that Google believes it could serve as a sort of personal assistant for journalists. With the ability to automate some tasks to free up time for others and that the company saw it as being responsible technology.

Understandably, some executives who saw the pitch from Google, described it as unsettling. Two of those familiar with the matter, stated that it seemed to take for granted the effort that went into producing accurate and artful news stories.

This is part of Google’s “Good AI” initiative

Google was late to the chatbot phase of AI, which was rather surprising. Considering how much AI it already uses in all of its products. But it was late to the punch, and had to rush Bard out the door. But now it is working on some rather interesting AI chatbots and features. Bringing Bard into all sorts of Google products like Google Docs, Gmail, and even Search.

Now with Genesis, Google thinks it help journalists by automating some tasks for them. Now it’s unclear right now what those tasks might be. Is it sourcing? Is it finding accurate information for the news article in question? It’s hard to say right now, since those executives that saw the pitch aren’t saying a whole lot right now.

But then again, it was only a matter of time before AI started taking over writing news articles and even more.


[ad_2]
Source link

You Can Save 42% On The Instant Vortex Plus Air Fryer Today

0
[ad_1]

Today, Amazon has the Instant Vortex Plus Air Fryer on sale today, and it’s the big 6-quart model. It’s now on sale for $89.95. Which is going to save you $30 off of its regular price here. Definitely a good time to pick one up.

Instant Vortex Plus – Amazon

Why you should buy the Instant Vortex Plus

The Instant Vortex Plus 6-in-1 Air Fryer is a versatile kitchen appliance that can help you cook, roast, bake, dehydrate, and reheat food quickly and easily. It’s a great choice for busy families or anyone who wants to eat healthier without sacrificing taste.

The Instant Vortex Plus is a healthier way to cook because it uses hot air to cook food, which means that there’s less oil involved than traditional frying methods. This can help you reduce your calorie intake and improve your overall health.

The Instant Vortex Plus is also fast and easy to use. It has a simple control panel with presets for a variety of foods, so you can cook a delicious meal in minutes without having to fuss with complicated recipes or settings.

The Instant Vortex Plus is also versatile. You can use it to cook a wide variety of foods, from frozen french fries to chicken breasts to roasted vegetables. This makes it a great choice for people who want to eat a variety of healthy meals.

In addition, the Instant Vortex Plus is compact and easy to store. It’s compact enough to fit on most countertops, and it’s easy to store when it’s not in use. This makes it a great choice for people who have limited kitchen space.

Overall, the Instant Vortex Plus is a great choice for people who are looking for a healthy, convenient, and versatile way to cook their meals. It’s a kitchen appliance that you’ll use over and over again.

Instant Vortex Plus – Amazon


[ad_2]
Source link

Everyone will see Telegram Stories, but only Premium users get to post them

0
[ad_1]

Remember how in June we talked about Telegram getting Stories? According to CEO Pavel Durov, users have been ‘asking for years’ for such a feature, and they got what they asked for. But it’s for Premium users only.

Free users will not be completely excluded from Stories, but they won’t be able to share such kinds of postings. If users do not wish to pay for a feature they already have on, say, Facebook and Instagram, they still get to see story posts, but that’s about it. Anyone who wants to share a story post has to go Premium (via 9to5Mac).

Telegram deals with higher expenses


In a candid post from July 18, CEO Pavel Durov goes into detail about Telegram’s financial challenges. He announces that the company issued ‘around $270 million worth of Telegram bonds’, of which Durov personally bought about ‘about of quarter’ of them, ‘investing tens of millions’:

If I pay, what do I get?


Back in June, Telegram’s Stories were promoted along 6 key points: Privacy, Compact UI, Flexibility, Captions, Dual Camera Support, Optional Ephemerality.On the ‘Privacy’ topic, Telegram gives users flexibility by letting them choose who can see your stories: the options are ‘everyone’, ‘only your contacts (with exceptions)’, ‘a few selected contacts’, or ‘a list of Close Friends’. ‘Compact UI’ is about compactness and visual aesthetics, the feature was promised to be designed in such a way, as not to ‘take away valuable space’.

‘Flexibility’: Hide stories from the contacts you have no interest in. ‘Captions’ is pretty self explanatory, users can add more context (or links, or tags) by providing captions in the stories. ‘Dual Camera Support’ is an interesting feature: ‘We’re adding the option to post photos and videos taken by the front and the rear cameras simultaneously’, Durov explained.

And finally, ‘Optional Ephemerality’: Users choose the lifespan of a story post: there are options for 6, 12, 24, or 48 hours – or ‘permanently display stories on your profile page, with individual privacy settings for each’, says Durov.


[ad_2]
Source link