Daniel Miessler's Blog, page 21

July 22, 2023

AI Will Produce the Biggest K-Shaped Recovery We've Ever Seen

Will AI remove jobs or add them? Will it help people or harm them? Will it create prosperity or create despair?

The answer is yes. It’s not one or the other. They’ll all happen simultaneously.

The better questions are, “For who?”, and “When?”, and “In what order?” We don’t have those exact answers, of course, but I think certain trends are pretty solid.

The Innovation Flywheel

I believe Al is about to massively boost the economy, GDP, the stock market, and most every similar metric of productivity and output.

That probably sounds a lot like hyperbole or mania, similar to what was said about crypto. Here's why it isn't.

Yuval Harari went on Lex's podcast recently. The whole show was great, but one thing in particular struck me. He was talking about how Al is the first tech that can come up with ideas. This matches closely with something Joseph Thacker and I have been talking about a lot, which is the ability to test ideas.

I've been thinking of the whole cycle as something like this, which I'm calling the Innovation Flywheel.

🧠 Understand What an Entity Wants: This is the context I talk about in the SPQA architecture, and it applies to companies, countries, organizations, departments, and people.

🧱Understand the Entity's Challenges: Now that the Al knows what you care about, and what you're trying to do, it can then understand the challenges to those goals. Is it time? Resources? Competition? Etc.

💡 Create Ideas: Given the goals and the challenges, Al systems will then create a ton of ideas to help you solve those problems. It can generate new strategies and tactics for solving anything from world hunger, to political wrangling, to new product designs, to whatever. It's like brainstorming with people, but much faster and with more access to the world's collective knowledge.

🔢Rate the Ideas: Then the system, with you and your team of humans helping the rating training (like RLHF), can rate the quality of the ideas to come up with candidates for action.

🧪Test the Ideas: Then the system will be able to expose the ideas to various types of tests, such as A/B testing for objective metrics, surveys conducted by humans, real-world results in a marketplace, etc.

🧳Execute on the Winners: Then the business (also using Al) can then take those ideas and execute on them in various ways.

Added to that, we have the concept of Genetic Algorithms. This is where you can take ideas from Steps 3 and 4, and mate/mix them with each other to create even more ideas in Step 3. Then Steps 4 and 5 pick the winners. Rinse and repeat.

What this ends up being is a massive flywheel of creation. Of course #6 (Execution) is still the most important step, but Al will be helping with that as well. But what this flywheel can do is help keep people and companies from wasting time on ideas that are unlikely to work. And keep them flowing with good ideas that could have been impossible for them to see before.

Innovation Flywheel Use Cases

Developing strategies for beating a business competitor

Creating new marketing strategies

Creating new drugs

Finding a cure for cancer

Planning a fun date or vacation

Writing screenplays

Creating plots for new novels

Designing fun ways to keep the elderly engaged to stave off dementia

Creating new characters for a game or story

Etc, etc., etc.

All you will have to do is describe very clearly who you are, as a company or person, and what you're trying to do. And it will do the rest.

This is not theoretical or in the distant future. There are dozens of companies working on this tech right now, and there are already many products doing early versions.

Soon it'll be part of every Digital Assistant, which everyone will have.

ASSISTANT: I see you’re brainstorming on how to beat a competitor to market? Can I ask you 10 questions and create and test a bunch of ideas for you to rate?

This will enable unbelievable amounts of innovation, and I honestly believe it’s going to boost our economies like nothing we’ve ever seen.

Startups will thrive. Corporations will thrive. GDPs will rise. And everyone participating will become richer and more successful than ever.

But that’s the problem. Not everyone will be participating.

Now the bad news

The problem is that only the smartest, luckiest, best educated, best located, and otherwise/aka luckiest people will benefit from all this.

That means the rest of the population will get left behind. There is some hope that one of the areas of innovation will be bringing these augmentation and decision-support tools to the masses, allowing them to more closely match the behavior of the successful, but that will take a long time (if it ever happens).

The default state without that is the top N percent (we’re calling that 10% here but it all depends where you draw the line) will then be even smarter after their augmentation and supplementation from AI. Their assistants, their agents, their idea creation, their execution—everything.

Basically it’s a K-shaped recovery, except on AI-powered nanobot steroids.

Not only will the successful getting more successful—which is normal—but speed at which they get smarter and more efficient will be magnified manyfold by their use of AI tools like the Innovation Flywheel.

Imagine a business owner who has two small businesses and makes $480K/year. He’s successful, but multiple barriers have stopped him from making more. Not enough ideas. It’s hard to execute on things. Etc. Now imagine him with those barriers removed. How many businesses does he have then? And how much more does he make?

We can give struggling people the same tools but if they don’t have the freedom, the financial stability, AND the talent to use them properly, it won’t matter. It’s the people who already have all three of those things who will benefit from AI. Especially the first two, because you can’t do much with talent when you are stuck in low-paying jobs that keep you from being able to think.

So, unless we actively work to counter it, I expect to see both a massive boom and the GINI Coefficient (i.e., income/wealth inequality) get dramatically worse.

Summary

AI is a completely new type of technology because it’s able, for the first time, to not only do work, but come up with ideas, test them, AND help implement them.

This will enable AI to help us innovate on a wide range of problems at a pace never before possible, which we’re capturing as the Innovation Flywheel. That is: Understanding Desires, Understanding Challenges, Creating Ideas, Rating Ideas, Testing Ideas, Executing on Ideas.

The problem is only a small percentage of people are in the economic, geographic, educational, and life-stage position to be able to capitalize on this technology. It’s best-suited to people with 1) free time, 2) capital, and 3) support from peers to start businesses. Very few people have that.

The result of this will be an absolute explosion of economic activity, investments, new company creation, corporate profits, GDPs, value creation, new products, etc., but that innovation will be created by, and most benefit, the top N percent of the population.

We’re about to see unparalleled creative force and economic benefit from AI, but it’s hard to call it prosperity if it leaves 75-90% of the world behind.

NOTES

Thanks to Joseph Thacker for the initial nudge to capture this entire lifecycle after we talked about his idea for idea creation and testing.

Also check out a related article called AI and the World’s Most Important Economic Metric (The Creativity Friction Coefficient.

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on July 22, 2023 15:37

July 21, 2023

Who Will AI Help More—Attackers or Defenders?

There’s frequent discussion now about how AI will help hackers do X and Y. Phishing and BEC scams are at the top of the list.

And there’s also lots of talk about AI helping with static code analysis, SOC operations, and lots of other defense-oriented use cases.

So which side will benefit more? Red or Blue?

Here’s my (current) answer.

Red first, then blue

My answer is somewhat simple: AI will most help the attacker side first, and then it will help defenders more in the long-term.

Here’s how I arrive at that conclusion.

👀 Continous Intelligent Monitoring and Analysis: Doing security at scale requires software. There are too many events and policies and constantly-evolving situations to handle things properly using just humans. And even SIEMs put most of the burden on the human analyst. To protect an organization and do business much better than we do today, we need to be able to see and understand as much as possible about our company all at once. To accomplish this, software is moving from static queries and databases to a context-based, LLM-based approach that I describe in my SPQA architecture. In short, the more context we have about the organization we’re defending the better we can defend it.

⚔️When We Lack Context, Attackers Win: In the early days of AI, attackers will be able to use AI to automate attacks while defenders still lack context about their environment. They don’t have AI deployed yet that understands their networks, their applications, their users, and their company’s policies. I expect this to last 3-5 years, even for the fastest-moving organizations. The AI/LLM tech simply isn’t there yet to be able to parse and understand the complexity of an environment.

🛡️Once Blue Catches Up, Their Internal Context Gives Them the Edge: But once that happens, i.e., once AI is aware of the perimeter, the apps, the users, the codebases, and the posture that the company is working to maintain, that’s when the advantage switches to the defender. Attackers won’t have access to that updated context the way the internal teams will, so they’ll always be behind. But keep in mind, that will only apply when they’re attacking targets that have fully context aware AI systems helping to defend. Where that’s not the case the advantage goes back to the attacker.

Context wins

Basically whoever can see the most about the target, and can hold that picture in their mind the best, will be best at finding the vulnerabilities the fastest and taking advantage of them. Or, as the defender, applying patches or mitigations the fastest.

And if you’re on the inside you know what the applications do. You know what’s important and what isn’t. And you can use all that internal knowledge to fix things—hopefully before the baddies take advantage.

Summary and prediction

Attackers will have the advantage for 3-5 years. For less-advanced defender teams, this will take much longer.

After that point, AI/SPQA will have the additional internal context to give Defenders the advantage.

LLM tech is nowhere near ready to handle the context of an entire company right now. That’s why this will take 3-5 years for true AI-enabled Blue to become a thing.

And in the meantime, Red will be able to use publicly-available context from OSINT, Recon, etc. to power their attacks.

NOTES

The 3-5 year thing is a range and a guess, obviously. AI defending is starting already, and many aspects will take 10 years or more to fully blossom. But I think 3-5 is a good range for where Blue will retake the AI advantage from Red in the most savvy organizations.

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on July 21, 2023 13:15

The UL Book Club Previous Books

Greetings,

Welcome to the Unsupervised Learning Book Club. Here you can access all previous books read and discussed in our member-only community. If you are not yet a member of our community, I invite you to join here.

The UL Book Club

We have the UL book club the last Sunday of every month at 2PM Pacific / 5PM Eastern. We alternate our book selections in four phases that expose us to two parts non-fiction and 1 part each of fiction and classics, using the following cadence.

Non-fiction

Fiction

Non-fiction

Classic

This month’s book

The book for July 2023 is It Can’t Happen Here.

Previous Books

June 2023 "A Canticle for Leibowitz" by Walter M. Miller Jr.

May 2023 "The Chip War: The Battle for the World of Tomorrow" by Chris Miller

April 2023 "Player Piano" by Kurt Vonnegut

March 2023 "Whole Brain Living: The Anatomy of Choice and the Four Characters That Drive Our Life" by Jill Bolte Taylor

February 2023 "Moby-Dick" by Herman Melville

January 2023 "Moby-Dick" by Herman Melville

December 2022 "Ram - Scion of Ikshvaku" by Amish Tripathi

November 2022 "The Science of Storytelling" by Will Storr

October 2022 "Neuromancer" by William Gibson

September 2022 "The War of Art: Break Through the Blocks and Win Your Inner Creative Battles" by Steven Pressfield & "Put Your Ass Where Your Heart Wants to Be" (Author not specified)

August 2022 "In the Dust of This Planet: Horror of Philosophy vol. 1" by Eugene Thacker

June/July 2022 "The Second Mountain: The Quest for a Moral Life" by David Brooks

May 2022 "The Difficulty of Being Good: On the Subtle Art of Dharma" by Gurcharan Das

April 2022 "The Three-Body Problem" by Liu Cixin

March 2022 "Things Fall Apart" by Chinua Achebe

February 2022 "The Sovereign Individual: Mastering the Transition to the Information Age" by James Dale Davidson & Lord William Rees-Mogg

January 2022 "Project Hail Mary" by Andy Weir

December 2021 "Good Strategy/Bad Strategy: The difference and why it matters" by Richard Rumelt

November 2021 "The Design of Everyday Things" by Don Norman

October 2021 "Their Eyes Were Watching God" by Zora Neale Hurston

September 2021 "The Mastermind: Drugs. Empire. Murder. Betrayal." by Evan Ratliff

August 2021 "Dune" by Frank Herbert

July 2021 "The Hundred-Year Marathon: China's Secret Strategy to Replace America as the Global Superpower" by Michael Pillsbury

June 2021 "Speaker for the Dead" by Orson Scott Card

May 2021 "The Red Queen: Sex and the Evolution of Human Nature" by Matt Ridley

April 2021 "The Island of Dr. Moreau" by H.G. Wells

March 2021 "We Are Legion (We Are Bob)" by Dennis E. Taylor

February 2021 "Life 3.0: Being Human in the Age of Artificial Intelligence" by Max Tegmark

January 2021 "Homeland" by Cory Doctorow

November 2020 "Breath: The New Science of a Lost Art" by James Nestor

October 2020 "Nudge: Improving Decisions About Health, Wealth, and Happiness" by Richard H. Thaler & Cass R. Sunstein

September 2020 "The Upswing: How America Came Together a Century Ago and How We Can Do It Again" by Robert D. Putnam

August 2020 "Old Man's War" by John Scalzi

July 2020 "Burn-In: A Novel of the Real Robotic Revolution" by P. W. Singer & August Cole

March 2020 "Applied Critical Thinking Handbook" (Author not specified)

February 2020 "Enlightenment Now: The Case for Reason, Science, Humanism, and Progress" by Steven Pinker

December 2019 "The Rise of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power" by Shoshana Zuboff

November 2019 "The Rise of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power" by Shoshana Zuboff

October 2019 "Little Brother" by Cory Doctorow

September 2019 "Algorithms to Live By: The Computer Science of Human Decisions" by Brian Christian & Tom Griffiths

August 2019 "Range: Why Generalists Triumph in a Specialized World" by David Epstein

July 2019 "Consciousness" by Annaka Harris

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on July 21, 2023 11:26

July 17, 2023

Unsupervised Learning NO. 390

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.

Hey everyone,

Hopefully your week is starting off better than Siri handles AC requests.

Siri quality after nearly a decade.

— ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (@DanielMiessler)
Jul 16, 2023

I honestly don’t know how the Apple Maps guy got fired but Siri still sucks this bad after all these years.

Anyway, we put out a new piece of member content this weekend, I’m working on slides for talks, and progress continues on the product we’re building. I also up-leveled my hummingbird feeder game to four of these .

I hope you’re doing well,

Let’s get into the week!

In this episode:

🚨 VoiceFake Scams on the Rise
🔑 FrontView Mirror, 2024 Edition: Trends and Preparations
🎙️ AI and Content Creation: A Discussion on The Phillip Wylie Show
🔒 Chinese Email Hack: A Sophisticated Espionage Effort
🌐 Transatlantic Data Flow: A New EU-US Data Privacy Framework
🔍 Docker Security Flaws: Sensitive Data in Docker Images
🏥 HCA Healthcare Breach: Impacting 11 Million Patients
⚖️ Orca Suing Wiz: A Case of Patent Infringement
🤖 AI-Enabled Cybercrime: The Rise of WormGPT
🐦 Twitter Struggles: Ad Revenue Plummets by Nearly 50%
🎵 TikTok Music Launches: A New Competitor for Apple Music and Spotify

MY WORK

🔑 FrontView Mirror, 2024 Edition (Member Content)
My annual look at trends I’m seeing and what we can do to get ready for them. Topics: Individual Independence, Process Primacy, and Trust Triangulation MORE

🎙️Talking AI and Content Creation on The Phillip Wylie Show
I went on my buddy Phillip Wylie’s podcast a few weeks ago and had a great conversation with him about career trajectories and chasing your desires. MORE

SECURITY NEWS

🚨AI Voice Scams Being Deployed — I know at least 3 normal (non-infosec) people who have been targeted by scams using AI fakes of family member voices in the last two weeks. The latest was a mother receiving one of the daughter, probably faked using her voicemail. You and I are not likely to fall for this, but be sure to tell your family and friends about the trend so they don’t fall victim.

⚠️ Office Zero Day
Microsoft has disclosed an unpatched zero-day security bug in Windows and Office products, exploited to gain remote code execution via malicious Office documents. The vulnerability, known as CVE-2023-36884, was used in high-complexity attacks targeting the NATO Summit in Vilnius, Lithuania. MORE

🇨🇳 Chinese Email Hack 📧
Chinese hackers, suspected to be part of an intelligence operation, have breached US government email accounts, as disclosed by Microsoft. The attack was not a broad-brush intrusion but a targeted one, focusing on specific accounts and went undetected for a month, suggesting a sophisticated espionage effort.

- The hackers used forged authentication tokens to gain access.

- Approximately 25 organizations, including government agencies, were compromised in the attack.

- The breach could potentially exacerbate already strained US-China relations.

- The US government has been transitioning data to the cloud for better access and improved security.

- The breach has prompted a review of government security requirements and protocols. MORE

Transatlantic Data Flow
The European Union and the United States have finally struck a deal that allows companies to freely transfer data across the Atlantic, potentially putting an end to a three-year period of legal limbo that has affected tech behemoths like Facebook and Google. This new agreement, dubbed the EU-US Data Privacy Framework, comes in the wake of the EU's top court striking down the previous data agreement, known as Privacy Shield, due to concerns that US intelligence agencies had too much freedom to access Europeans' personal data. MORE

Sponsor

🛡️ Secure Your Cloud Future! ☁️

AWS Security Foundations are no longer a nice-to-have. As data, apps, and services ascend to the cloud, you need to know more than just how to get to the cloud, but how to do it securely.

🚀 Take off with our FREE eBook, your ultimate guide to AWS security. Discover the key principles to fortify your AWS environment, all in a digestible, jargon-free format.

💡 Illuminate your cloud journey. Secure your business. Protect your customers. All this knowledge, just a click away.

📚 Grab your FREE AWS Security Foundations eBook now! Let's conquer the cloud, together.

➡️ wiz.io/lp/aws-security-foundations-for-dummies ⬅️

Download the eBook

Docker Security Flaws
Researchers at RWTH Aachen University in Germany have discovered that approximately 8.5% of Docker images hosted on Docker Hub contain sensitive data such as private keys and API secrets. MORE

HCA Healthcare Breach
HCA Healthcare, one of the largest healthcare services providers in the US, announced a significant data breach impacting approximately 11 million patients. The breach was discovered on July 5, when a threat actor posted a list of stolen personal information on an underground forum, including names, addresses, birth dates, and appointment dates. MORE

AI-Enabled Cybercrime
A new tool, WormGPT, is being advertised on underground forums, enabling even novice cybercriminals to launch phishing and BEC attacks swiftly and at scale. MORE

Orca Suing Wiz
Orca is suing Wiz for patent infringement. As a non-expert with exposure to both tools, this seems like the desperate measure by someone getting trounced in the marketplace. All I heard from others when I used Orca was how much better Wiz was. Note: Wiz has also sponsored the show before, and I think Orca has as well. MORE

TECHNOLOGY NEWS

Twitter Struggling
Despite aggressive cost-cutting measures, including laying off half of the company's 7,500 staff, Musk says Twitter's ad revenue has plummeted by nearly 50%. Too early to say, but I might end up being wrong about him turning this around. It’s looking pretty bleak, and I don’t see any signs of him getting better at listening. Meanwhile, Threads. MORE

Chinese AI Rivalry
China's search engine pioneer, Sogou founder Wang Xiaochuan, has launched an open-source large language model, Baichuan-13B, through his startup Baichuan Intelligence. This model, touted as one of China's most promising, is based on the Transformer architecture and trained on Chinese and English data. MORE

Musk's AI Startup xAI
Elon Musk has unveiled his latest venture—an artificial intelligence startup named xAI, staffed with engineers from renowned companies like OpenAI and Google. Musk, known for his cautious stance on AI, has previously advocated for a pause in AI development and the establishment of regulatory measures to ensure its safe progression.

- xAI's goal is to "understand the true nature of the universe."

- Musk was one of the original backers of OpenAI.

- He has criticized ChatGPT for having a liberal bias.

- Musk signed an open letter calling for a pause to "Giant AI Experiments". MORE

TikTok Music Launches
TikTok is stepping in to compete with Apple Music and Spotify with its new platform, TikTok Music. Initially available only in Brazil and Indonesia, the service offers unique features like song recommendations based on viral TikTok videos. MORE

HUMAN NEWS

Long COVID Gene
Researchers have identified a gene linked to long COVID in a genome-wide study. The gene, FOXP4, is active in the lungs and some immune cells, and was found in an analysis of 6,450 patients across 16 countries. I wonder if 23andMe tracks this one. MORE

Migration Backlash
Waves of migrants taking dangerous, unauthorized passages to Europe and the U.S. are sparking a new rush of anti-immigrant policies and deepening political divisions in several wealthy countries. The UN reports that last year, a record-breaking 2.9 million new asylum applications were submitted, the highest number since at least 2000.
- 40% of the new applications were from Latin America and the Caribbean
- There's been a surge in Europe, driven by migrants from Syria, northern Africa, Iraq, Turkey
- In the U.S., almost every 2024 Republican presidential candidate has embraced a tough stance on border security
- In Europe, far-right politicians are demanding tighter immigration policies
- The Netherlands' government collapsed over disagreements on refugee restrictions MORE

Banking Boom
Major US banks, including JPMorgan, Wells Fargo, and Citigroup, have reported quarterly profits that have exceeded expectations, suggesting a robust US economy despite interest rate hikes. The Wall Street Journal reports that these banks have seen a combined growth of 31% in income from interest on loans compared to the previous year. MORE

IDEAS & ANALYSIS

Atomic vs. Molecular Ideas: On-ramps and Off-ramps
A buddy and I were talking last week about a really cool idea I am pretty sure I’ve written about before. Basically, there are individual ideas, like ‘we should protect the freedom of speech’, and then there are ideologies, like socialism and facism. The conversation we had was around slippery people using benign ideas to onramp into a gross ideology. Example: SolarPunk being a benign idea around breaking off from greater society and technology, and returning to the foundational pleasures of working land, being close to nature, raising your own food, etc. That’s used as an onramp to a TRAD ideology in which women and minorities end up subservient to men, who often somehow end up being white. So the ideas are the atoms, and the molecules are the ideologies. And you can’t really have impactful atoms. It’s their combination that becomes something consequential. In the case of negative ideologies the discussion was about how to defend people against specious arguments that start with attractive atomic ideas, like SolarPunk, and to teach them how to watch for the onramps to harmful TRAD ideologies. Then, if someone has already been captured by such a system, what are the off-ramps? How can we break that molecule up into its individual atoms and show how it’s possible to keep the good components while discarding the bad?

NOTES

So happy for my friend Tae’lur for landing her first job in InfoSec! Welcome to the field!

I'm happy to announce I got the job! I'll be starting as a CVE Analyst @semgrep working on their Semgrep Supply Chain product, researching vulnerabilities for their open source dependency scanner.

It's been an adventure learning cybersecurity as a software dev. I'm excited!

— Tae’lur Alexis (@TaelurAlexis)
Jul 17, 2023

Congrats to my buddy Jason Haddix for completing his first full paid hacking courses! He did it over two weekends with hundreds of attendees and the reviews are INSANE as expected. Can’t wait to see more courses from you friend! MORE

We’re putting together a UL meetup in Vegas. If you’re going to be around between Monday and Sunday, stay tuned for details in UL Chat.

I cannot recommend this book on Stoicism enough. I recommend you read all the various canonical books if you get into Stoicism, but this one remains my favorite. MORE

DISCOVERY

⚒️ CodeBox — Code Interpreter, but available via API. I’ve been waiting for this. MORE | CODE

⚒️ LazyVim — A fully NeoVim setup that gives you the Vim experience with the power of a full IDE. I personally don’t use one of these environments because I’d rather do things myself, but it does give you an instant feeling for NeoVim’s potential when configured. MORE

⚒️ GPT Prompt Engineer — Simply input a description of your task and some test cases, and the system will generate, test, and rank a multitude of prompts to find the ones that perform the best. MORE

⚒️ FindMyTakeover — Detects dangling DNS record in a multi cloud environment by scanning all the DNS zones and the infrastructure present within the configured cloud service provider and finding the DNS record for which the infrastructure behind it does not exist anymore rather than using a wordlist. MORE

⚒️ Top 25 Recon Tools — A top 25 list of Recon Tools and their purposes. MORE

📺 Web App Hacking With Caido — A full video conversation on hacking web apps using my favorite Rust-based Burp alternative. MORE

⚒️ JSLuice — A Bishop Fox tool written by @tomnomnom for extracting URLs, paths, secrets, and other juicy nuggets from JavaScript. MORE

🗺️ Life OS Dashboard — A super-interesting-looking Notion dashboard for life tracker types. MORE | VIDEO

⚒️ AWS Docs GPT — Search AWS Docs using an LLM. MORE

How to securely build product features using AI APIs MORE

Why does virtually every action hero’s name start with J?

Hacking LangChain for fun and profit MORE

How to Do Great Work (Paul Graham) MORE

News is Propaganda MORE

Nobody cares about your blog, but that’s ok MORE

RECOMMENDATION OF THE WEEK

Go play with OpenAI’s Code Interpreter. What is it? It’s basically an AI agent combined with tons of analysis tools, and when you upload files or code to it you can ask it to find patterns, make graphs, and do all kinds of crazy stuff.

Examples:

Do your taxes

Find patterns in lots of data

Clean up your data

Modify data in a certain way

Create visualizations for complex data

Tell a story about data

Produce video and GIFs from images

Convert files from one format to another

Analyze and debug code

It’s best to think about it as an independent AI system with access to tons of tools. Like ChatGPT, except with octopus hands and the ability to code. When I talk about getting ready for the future, and I talk about being able to use AI tools fluently, this is the type of thing I’m talking about. And even better if you a use it through an API. MORE

💡Pro Tip: If the file you want to work with is too large, you can zip it up and send that instead! Including a whole directory! Code Interpreter will unzip it and consume it!

APHORISM OF THE WEEK

Thank you for reading! See you next week!

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on July 17, 2023 09:03

July 16, 2023

FrontView Mirror, 2024 Edition

Premium Content

This content is reserved for premium subscribers of Unsupervised Learning Membership. To Access this and other great posts, consider upgrading to premium.

UpgradeLink ConjuctionSign In

A subscription gets you: Access to the UL community and chat (the thinking and sharing zone) Exclusive UL member content (tutorials, private tool demos, etc.) Exclusive UL member events (currently two a month) More coming!
Powered by beehiiv

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on July 16, 2023 18:28

July 10, 2023

Unsupervised Learning NO. 389

Hey there!

Heading into a busy week. Working on a super exciting new product under the TELOS banner—the first of our products built using the SPQA architecture, and I’m absolutely pumped for it. I’m also working on a bunch of talks for Vegas and other places.

Also, felt like this newsletter was juicier than usual, hope you like it!

In this episode:

📚 The Real Internet of Things: A Look into the Future of Technology
🔒 Pentera's Unique Approach to Automated Security Validation
🌐 AI and the Reduction of the Creativity Friction Coefficient
🔐 LockBit vs. TSMC: A Tale of Ransomware and Supply Chain Dependencies
☁️ The US's Move to Block Chinese Cloud Usage: A National Security Matter
🔥 Fortinet Fallout: A Critical Bug in FortiGate Firewalls
🇨🇳 New Chinese APT Tradecraft: Volt Typhoon's Stealthy Approach
🔍 Google's Privacy Policy Update: Feeding the AI
🌞 Solar Hacking: The Exposure of Renewable Energy Units
📋 And more…

MY WORK

I wrote a book in 2016 about the future of technology, called The Real Internet of Things. To be honest I didn’t like it that much at the time; I just wanted to get the ideas out there and locked in time. Well, now the ideas are starting to happen!

I can now happily recommend that you pick up a copy. If you like any of my content, and you’ve been following what’s happening with AI, I think you’ll really enjoy the book. Not just for the stuff that’s already happened, but for the stuff that’s coming next that’s already in the book!

I wish I could say go to your local Barnes & Noble, but they only have bookstores in London these days, and it’s currently Kindle and Paperback only anyway. Oh, and if any members want a signed copy let me know in Member Chat.

📚Purchase on Amazon

I’m finally sharing my book from 2016, because it’s just now sounding realistic.

AI and the World’s Most Important Economic Metric
Introducing the concept of a Creativity Friction Coefficient, and how AI will help reduce it. MORE

Pentera Sponsored Interview
I had a great conversation recently with Aviv Cohen, CMO of Pentera. They do something like automated pen-testing and attack surface management, but they have a different take on it and call it Automated Security Validation. It was a great conversation about the whole space, the problem they’re addressing, and how they approach it differently. Worth a listen if you’re adjacent to that space in any way. LISTEN | PENTERA.IO

SECURITY NEWS

Lockbit vs. TSMC
The now-famous LockBit ransomware group has hit TSMC, one of the world's leading chipmakers, demanding a $70 million ransom after breaching security at Kinmax, TSMC's hardware supplier.

— LockBit was able to access server configurations and settings of TSMC through a compromised test environment at Kinmax.

— LockBit threatened to go public with the data if the ransom isn't paid.

— Despite the breach, TSMC maintains that its operations have not been impacted, and crucially, no customer information has been compromised.

The tangled web of supply chain dependencies continues to produce for attackers. I honestly can’t wait until AI is good enough to take an inventory of a company’s environment, find all the vendors and dependencies, and build a Business Resilience Risk report based on that. Threat scenarios, backup plans, etc. Honestly it’s not the AI that’s the problem, but finding the right artifacts to feed the AI to show it the whole picture. MORE

The US to Block Chinese Cloud Usage
The Biden administration reportedly looks to restrict Chinese firms' access to US cloud-computing services, which could significantly exacerbate tensions between the two economic giants.

- If adopted, the rule would mandate US cloud-service providers like Amazon and Microsoft to obtain government permission before offering cloud services using advanced AI chips to Chinese clients.

- The proposed cloud restrictions are viewed as a way to address a significant loophole—Chinese AI companies potentially bypassing existing export control rules by leveraging cloud services.

- The $53 billion Chips Act aims to curtail US reliance on foreign-made semiconductors, particularly those used by the Pentagon, making this a crucial national security matter.

I’m nervous about escalating tensions but I’m happy the Biden administration is playing hawkish on China in general. I feel like the US has just had enough of their blatant attempts to hack and steal everything, and I just wish more of the world have the vision or the freedom to do take a similar stance. MORE

Fortinet Fallout
A new bug has left roughly 70% of FortiGate Firewalls vulnerable, propelling alarm within cybersecurity circles, especially given how widely these products are used by government organizations.

— The bug, tracked as CVE-2023-27997, has a "critical" severity score of 9.8 out of 10.

— An exploit developed by security firm Bishop Fox has reignited concerns, as this could lead to data breaches, ransomware attacks, and other serious consequences.

— Experts urge immediate patching, since many unpatched instances are running outdated versions, some of which have reached end-of-life years ago. MORE

Google Moving to Scrape for AI
Google is updating its privacy policy, and it's all about feeding the AI. Publicly available content - think blogs, photos, music - will now be used to train Google's in-house AI models. While this isn't necessarily new, it's the scope that's been widened - Translate, Bard, Cloud AI are all on the list. MORE

Sponsor

💡Illuminate Your Path to Cloud Security Mastery

Dive into the FREE Cloud Security Workflow Handbook and unlock:

1️⃣ The Triad of Modern Security

2️⃣ A 4-Stage Security Roadmap

3️⃣ KPI Templates from Leading Hyper-Scaling Enterprises

🛡️Navigate the evolving threat landscape with confidence. Claim your FREE copy today! 🚀

➡️ wiz.io/lp/cloud-security-workflow-handbook ⬅️

Download Now

New Chinese APT Tradecraft Chinese
Cyber-espionage group Volt Typhoon, tracked by CrowdStrike as Vanguard Panda, has been active since mid-2020, using uncharted tradecraft to maintain remote access to critical infrastructure targets. Vanguard Panda employs initial exploits and custom web shells for persistent access, and living-off-the-land techniques for lateral movement. The group shows a strong emphasis on operational security, using an extensive set of open-source tools against a limited number of victims. MORE

S3 Takeovers
In a new twist on subdomain takeovers, attackers have found a way to poison NPM packages by hijacking the S3 bucket serving the necessary binaries and replacing them with malicious ones. This reminds me of old C code vulnerabilities where you have big trouble if you delete things and don’t clean up afterwards. Same with domain takeovers. It’s also like deprovisioning employees. Interesting parallels for all these. Basically any time something gets removed you have to execute a meticulous cleanup plan. MORE

Solar Hacking
Cyble's threat analysts have found that 134,634 PV utility products, used for remote monitoring and management of renewable energy units, are exposed on the internet, showing that we’re not learning anything and don’t deserve nice things.

- The systems came from vendors including Solar-Log, Danfoss Solar Web Server, and SMA Sunny Webbox MORE

TECHNOLOGY NEWS

GPT-4 Releases GPT-4 API Access
API access is now available for all paying customers, and OpenAI has also opened access to the Code Interpreter plugin, which is an absolute marvel. You can upload complete spreadsheets, raw datasets, and ask it to find patterns in the data. Not just find the patterns, but it can make you visualizations of them. Great release week for OpenAI. MORE

Canada Goes Hard on Tech Immigration
Canada has launched its first-ever Tech Talent Strategy aiming to draw and keep top tech talent to stimulate the nation's high-growth industries and drive technological advancements. The strategy introduces an open work permit stream for H-1B specialty occupation visa holders in the US to apply for a Canadian work permit. I love the hustle! MORE

GPT-4 Diss
George Hotz and some others are claiming that GPT-4 wasn’t some major breakthrough model, but rather multiple smaller models rigged up to work together. My response? Sure. And consciousness is just some “brain activity leading to subjective experience.” Like Dennett said, consciousness is just a “bag of tricks”, but he doesn’t make the mistake of concluding that it’s therefore uninteresting. Yes, OpenAI uses a series of hacks to get their results. So what. Put me in line for the next set of hacks. MORE

HUMAN NEWS

Fewer People Quitting
As the Federal Reserve continues to increase interest rates and the U.S. labor market cools, fewer Americans are voluntarily leaving their jobs - a trend that's inching closer to pre-pandemic levels. The rate of voluntary job departures, or quits rate, has seen a decline from 4.5 million in November 2021 to 4 million in May 2023. MORE

Aspartame WHO Warning
The World Health Organization's cancer research arm is set to declare aspartame, a widely used artificial sweetener, as "possibly carcinogenic to humans", following a safety review, causing potential upheaval in the food and beverage industry worldwide. We’ve seen this movie many times before; the question will be what new research showed that the previous, very large studies did not find. MORE

Gen-Z Finances
The Gen Z generation, facing societal and economic uncertainties, are reshaping their financial habits, prioritizing quality of life and personal growth over traditional financial markers of success. This seems healthy compared to unbridled materialism, but I worry that they could also limit their success overall and thus limit their ability to have those experiences. MORE

IDEAS & ANALYSIS

Smart People Biases, and What to Do About Them
I’ve been struck recently by the number of logical flaws I’ve seen in people I greatly admire. Like pundits and such. And this has led me to think a couple of things: 1) traumas (and other things) can compromise intellectual integrity, and 2) you have to follow a lot of people’s work and come up with your own triangulation that suits your lifestyle, and 3) the person you follow the most might be right about 37 out of 42 topics, but those other 5 could be seriously consequential to you if you don’t realize they’re wrong there. Example: Andreessen goes on Lex’s podcast and is brilliant for the whole first part of the show. But then when he starts talking about AI risk he loses his mind. Why? He’s an AI investor. And he hates regulation. The worst possible thing that could happen to him is everyone panicking about AI risk and shutting down investments. So what do you know? He is right about 39 things out of 42, but one he’s wrong about is AI risk. Same with Peter Zeihan. He’s all pro-West and thinks China is done. He has great points, but I hear religion in his voice, and it’s scary. So how will I know when he’s overextended? My only solution so far has been to collect even more, and even more diverse, opinions. And triangulate and monitor.

Thoughts on Wegovy/Ozempic
You might have heard about some new diabetic / weight loss drugs that work via weekly injections. I’m taking Wegovy. It’s pretty awesome. I’ve already lost like 7 pounds and I’m not even close to full dose yet. But I wanted to raise a yellow flag of warning on something, in case you’re taking it or are thinking about doing so. It raises your resting heart rate. Not by a little. I used to sleep at like 49 to 52 beats per minute. I’m now at 61 bpm. I mention this because Scott Galloway had a doctor on his show a few weeks ago and he mentioned the heartrate thing, and he added a comment. “I’ve never seen anything that raises your heart rate by that much that ended up being a good thing.”, or something like that. I’m still taking it knowing this because my risk calculation is that being this heavy is a known and higher risk. But I just wanted to offer that to anyone who it benefits.

Security is Alchemy
Quick thought I’ll turn into a full essay later. The biggest reasons security is such a messed up field, and such a fun field, is that it’s still Alchemy vs. Chemistry. Accounting is chemistry. Civil Engineering is chemistry. What makes them so? They understand the inputs and outputs and how they relate to each other. We don’t have that yet in security. What we have is a bunch of wizards running around casting spells, mixing elixirs, drinking potions, and then when something bad happens we blame the evil wizards, or a bad potion. It’s pretty damn exciting, which is why I love it. But it shouldn’t be exciting, and it won’t be once we understand the inputs and outputs better. This’ll probably surprise you, but I think AI will help. The insurance companies are going to use SPQA to map everything, track controls, track outcomes, and make the connections. AI will move security from alchemy to chemistry.

NOTES

I’ve got a really cool new strength training technique. It’s basically one giant set for an exercise. You take 50 lb. dumbbells, for example, and you do as many as you can. Then you immediately pick up the 40s and do as many as you can. Then 30’s. Then 20’s. Then 10s. Or you can skip and do like 40’s and then 20’s and then 10s. The point is you want one long set with no rest in-between that takes you to COMPLETE failure. I hate wasting time in the gym so I can do this on a few muscle groups and be out of there in 15-20 mins! Arms are currently sore to the touch, and it’s glorious.

I don’t have CarPlay right now because I have a Tesla, but I definitely miss it. And now I miss it more because they’re about to add SharePlay, which is a seamless way for passengers to run the sound system. A timeless problem finally solved. Oh, and I’ve actually never done SharePlay with anyone. Anyone in the community up to watch a movie together? We should do an event for it.

DISCOVERY

⚙️CVSS 4.0 Calculator — A view of the new calculator for Version 4.0 of CVSS. MORE

⚙️DNSAnalyzer — Find DNS vulnerabilities from within Burp. MORE

⚙️Carbon — Create and share beautiful images of your source code. MORE

Advanced macOS Command-line Tools MORE

The Reef Knot is evidently the best, and most mathematically sound, way to tie your shoes. According to this article anyway. Strangely enough I was looking for something like this. MORE

Why I switched from NeoVim to VSCode. MORE

Why engineers should focus on writing. MORE

How to 1.5x your salary through negotiation. MORE

RECOMMENDATION OF THE WEEK

Think about the smart people whose work you follow

Ask yourself how you’d know if they were wrong about a particular topic

Do you have a secondary or tertiary source to counter that person in your narrative-forming?

Make sure you have enough quality sources coming in that you can use them to check each other

APHORISM OF THE WEEK

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on July 10, 2023 12:34

May 30, 2023

No. 384 World AI Coin, Russian Power Attacks, Guidance AI Workflow…

Worldcoin + OpenAI + Eye ScanningA company called Tools for Humanity raised a $115 million Series C to continue its mission to 1) create a global ID, 2) create a global currency, and 3) create an app that allows you to use the currency in various ways. Why am I mentioning this? Because Sam Altman is a co-founder. So here we have a guy doing in public what a lot of conspiracy theorists think people are doing in private. He’s trying to build AGI that will massively disrupt human work, and then at the same time he’s trying to create a digital currency that seems to me could be awful useful for something like UBI distribution. That’s speculation of course, but it seems logical. Oh and this Worldcoin app works by scanning your eyeball so add that to the conspiracy porn list. I love how Altman is super transparent about what he thinks is coming, and how he thinks we should respond. He thinks AGI is coming and he’s building it to be first. He thinks UBI will be needed so maybe he’s building an infrastructure it could run on? MORE Grid ThreatNew Russia-linked malware, CosmicEnergy, could physically damage power grids, says Mandiant.– Malware uploaded to VirusTotal in 2021 by a Russian IP address– Similar to Industroyer, used in attacks on Ukraine’s energy infrastructure– Ties to Russia’s “Solar Polygon” project for training cybersecurity specialists– Targets communication protocol used in electric power industry– Shares similarities with Triton and Incontroller malware– Exploits insecure by-design protocols in industrial environments MORE Guam CyberattacksChinese hackers targeted critical infrastructure on US military bases in Guam using stealthy malware, according to Microsoft and Western spy agencies. Beijing dismissed the report as unprofessional disinformation. MORE

SponsorTurbocharge Your Business Growth with Streamlined Security Compliance

Discover Vanta, the game-changing trust management platform that empowers your business to scale and flourish, leaving behind tedious spreadsheets and never-ending email chains.

With Vanta, you can:

Automate up to 90% of compliance for SOC 2, ISO 27001, GDPR, HIPAA, and more – become audit-ready in weeks, not months!

Save hundreds of hours of manual labor and slash compliance costs by up to 85%

🛡️Leverage a single platform for continuous control monitoring, security posture reporting, and seamless audit readiness

Don’t miss out! Watch Vanta’s captivating 3-minute demo and unlock the secret to accelerated business growth today.

vanta.com/downloads/3minutedemo Watch Now AT&T Account TakeoverAT&T resolved a vulnerability that could have allowed account takeovers with just a phone number and ZIP code, discovered by researcher Joseph Harris. The issue was fixed through their bug bounty program. MORE Tesla LeakA whistleblower has leaked 100GB of Tesla data to a German news site, revealing over 1,000 accident reports involving phantom braking or unintended acceleration.– Handelsblatt, the German news outlet, confirmed the data’s authenticity with the Fraunhofer Institute for Secure Information Technology– Over 2,400 self-acceleration complaints and 1,500 braking function problems were found in the files– Tesla’s internal guidelines prioritize offering as little attack surface as possible when communicating with customers– Customers reported that Tesla employees avoid written communication and focus on verbal communication– Elon Musk and Tesla face multiple lawsuits and investigations from the National Highway Traffic Safety Administration and Department of Justice MORE Cloudflare Secrets StoreCloudflare announced a new solution, Secrets Store, designed to help developers and organizations securely store and manage secrets across their platform. MORE Zyxel Vulnerabilities PatchedZyxel released patches for two critical buffer overflow vulnerabilities affecting their firewalls, which could have allowed unauthenticated attackers to cause denial-of-service and remote code execution. Users are urged to update urgently. MORETECHNOLOGY NEWSNeuralink ApprovedNeuralink claims FDA approval for clinical trials, but isn’t enrolling patients yet.– Elon Musk’s brain implant startup, Neuralink, says it has FDA approval for human testing– Company not yet recruiting test subjects, and trial details remain unknown– Initial trials likely to focus on safety of brain implants and surgical robot– Neuralink previously faced issues with federal regulators and animal abuse accusations– FDA rejection turnaround indicates company addressed concerns effectively MORE Meta’s $1.3B EU FineMeta faced a record $1.3 billion fine from EU regulators for transferring user data from the region to the US, violating GDPR. The company must comply and delete unlawfully stored data within six months. MORE Bing Integration in ChatGPTOpenAI has made Bing the default search experience for ChatGPT, enhancing its AI chatbot with search and web data, including citations. The move follows Microsoft’s multibillion-dollar investment in OpenAI earlier this year. MORE Windows Copilot UnveiledMicrosoft announced the launch of AI-powered Windows Copilot, a service designed to assist Windows 11 users by explaining, rewriting, or summarizing content. The feature will be available in preview mode next month. MORE Model Y Tops SalesTesla Model Y became the world’s best-selling car in Q1 2023, making it the first EV to achieve this milestone, according to JATO Dynamics. The Model Y dethroned the Toyota Corolla with 267,200 sales in Q1. MORE Android-to-iPhone SwitchA recent CIRP report revealed that Android users switching to iPhones reached a 5-year high, with 15% of new iPhone owners in the US coming from Google’s platform. It’s amazing the difference in output that can occur when one competitor has a 10-20 year plan and the other is perpetually chasing and flailing. MORESponsor🌩️ The 2023 Cloud Threat Report is here, and it’s a game-changer! 🌩️ Our Wiz cybersecurity research team has dug deep into the cloud, uncovering *dozens* of new risks across AWS, Azure, and Google Cloud services. This eye-opening 12-page report is packed with:The full list of 2022’s cloud breachesBest practices to fortify your cloud fortressCutting-edge cloud security threatsEmerging cloud-native threat actorsAPI-based vulnerabilitiesBONUS: Grab a FREE checklist of strategies used by the world’s leading cloud security organizations!Don’t miss out on this chance to adapt your security strategy for 2023 and beyond. Click here to unlock the ultimate cloud security resource! wiz.io/lp/2023-cloud-security-threat-report Download NowHUMAN NEWS

Long COVID Symptoms NarrowedA new study narrows down long COVID’s 200+ symptoms to a core list of 12, offering hope for better understanding and diagnosis of the condition.– Loss of taste/smell and post-exertional malaise topped the list of core symptoms– Researchers used data from 9,764 participants to create the weighted list– The study is part of the National Institutes of Health’s RECOVER Initiative– The core list could help direct further research and develop diagnostic tools– A score of 12 was determined as a reasonable cutoff for identifying long COVID MORE ChatGPT Awareness58% of US adults are familiar with ChatGPT, but only 14% have tried it, according to a Pew Research Center survey. Users’ opinions on its usefulness are mixed, with younger adults finding it more useful than older ones. MORE LGBTQ Searches Soar 1,300%

Google searches related to sexual orientation and gender identity increased by 1,300% since 2004, with conservative states showing the highest search rates. MOREIDEAS & ANALYSISJobs AgainI’ve mentioned this many times but I keep coming back to it. It’s stunning to me that people generally, and especially young people today, have been told their whole lives that people owe workers jobs. If someone graduates and can’t get a job they feel like society has failed them. Has it? Where does the promise come from? I feel like jobs are more like a magical slot machine sitting in a forest that’s always pumped out money. And whenever new grads or hard-working people step in front of it, it makes a whir and a clank sound and a job pops out. But nobody has stopped to ask why it does that or when it will stop. Well, I think we’re about to find out when it’ll stop. It won’t completely stop of course. Jobs are the gap between what a business owner wants to do and what they’re capable of doing with the people they have. And there will always be a gap there sometimes based on the fact that economies and ideas both grow and shrink. But when we add AI and robots to the mix, we’re going to have a lot fewer gaps. At least for humans. The gaps will be there but they’ll be filled by robots and AI. What’s weird is that this shouldn’t be seen as attacking workers. Workers are what happens when everything fails. The idea is too big. The tech isn’t advanced enough. The tools aren’t efficient enough. In those situations you need workers. But if all those things are perfect, we as workers are not needed. That’s a strange thing. And it tells me once we get there we need to move as quickly as possible to a post-work society where human interaction isn’t something we must do at work, but something we choose to do because it’s the purpose of life.NOTESThe Guidance ProjectThe most interesting AI project I’ve seen since Langchain is definitely Microsoft’s new Guidance project. It’s a completely new way of stitching up AI logic vs. how Langchain does things. It makes more of the moving parts visible and editable. It also pays special attention to making sure you get the right type of output as you’re passing results between components. They also make extensive use of handlebar-like functionality for templates and variables. It’s VERY powerful, and they have a good number of examples as well. If you’re hacking on AI stuff, this is a must! MOREDISCOVERYMicrosoft Guidance — A completely new way of controlling AI workflows instead of normal prompts and chains. Probably the coolest project I’ve seen since Langchain. If you’re tinkering with AI, this is a MUST. MORE | NOTEBOOKSPandas AI MOREOpenLLM Leaderboard MOREPhotoshop’s Generative Fill is Being Massively Praised MOREIPInfo’s Free IP Location Database MORE100 Very Short Bug Bounty Rules MOREGuanaco — 99% ChatGPT performance on the Vicuna benchmark. MORE6 Really Good AI-created Songs MORERun your own VPN using Fly and Tailscale MOREThe Twitter ranking algorithm MORETurn a Midjourney prompt into a formula that you can replicate MORE | MORENvidia announces Avatar Cloud Engine (ACE), showing what happens when AI collides with gaming. MOREExperiences don’t make you happier than possessions? MOREAgentGPT — Autonomous agents in your browser. MORECSA Report on Chinese APTs Living Off the Land to Evade Detection MORERECOMMENDATION OF THE WEEKConsider making a list of the books you’ve read and what you got from them. Not a full summary, but at least 1-5 bullets. You can use AI to help you for older books, but only write down the AI-created bullet if you actually absorbed that knowledge from the book. We don’t need to remember books, I don’t think, but it’s nice to know we got some sort of osmosis effect from consuming them.APHORISM OF THE WEEK

“It’s nice to be nice.”My Dad

Follow via RSS*|END:INTERESTED|**|INTERESTED:Memberful Plans:UL Subscription (Annual) (53074)|**|ELSE:|*

Forward UL to friends

Tweet about UL

No related posts.

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on May 30, 2023 13:10

May 22, 2023

No. 383 Luxottica confirms Data Breach, META unveils custom AI, NATO’s Cyberdefense expands

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.Hey everyone,Hope you’re doing well! This is my annual friendship retreat and I decided to try a format we’ll probably do once or twice a year where we give the top stories plus the most interesting pieces of my work and discovery links we’ve had from the past several months that have driven your interest. Hopefully you’ll love being reminded of some of the top ones that you forgot to explore.Have a great week! In this episode: Luxottica data breach impacts 70M customers 🤖 Meta unveils custom AI chip, MTIA NATO's cyber defense expands with new members Pandas AI simplifies data analysis with generative AI 🛡️ KeePass vulnerability exposes master passwords 🤝 Zoom partners with Anthropic for AI chatbot integrationMY WORKMoloch: The Most Dangerous IdeaIf we are alone in the universe, this is probably why. APR 17, 2023 | MOREHow to Use ChatGPT with Your Voice Using Siri (Video)This is the first in my Practical AI series where I demonstrate how to accomplish various tasks using AI. This episode shows you the two (2) steps to connecting Siri with ChatGPT. FEB 27, 2023 | TUTORIAL | VIDEO | SUBSCRIBE TO THE CHANNELHow AI is Eating the Software WorldIn this essay, I describe a new architecture that I believe will replace much of our existing software, starting already. Covers GPT understanding, the SPA architecture, and gives examples of how existing software will transition. MAR 6, 2023 | READ THE ESSAYSPQA: The AI-based Architecture That’ll Replace Most Existing SoftwareThis is a shorter version of last week’s essay about the new GPT-based software paradigm. This one is more to the point and has more examples. MAR 13, 2023 | READ THE ESSAY 6 Phases of the Post-GPT World — What I think is coming as a result of connecting GPT-4 to the internet. Don’t miss this one. MAR 27, 2023 | MORE | SHARE ITSECURITY NEWSLuxottica Data BreachEyewear giant Luxottica confirmed a 2021 data breach affecting 70 million customers after a database was leaked online. The breach exposed personal information, including names, addresses, and dates of birth. MORE Meta’s AI Chip PlansMeta announced its first custom AI chip, the MTIA, and a next-generation AI-optimized data center design, aiming to compete with other tech giants in the AI space. MORE NATO Cyber ExpansionUkraine, Ireland, Iceland, and Japan have officially joined NATO’s Cooperative Cyber Defense Center of Excellence (CCDCOE), expanding the organization’s reach and sharing cyber knowledge to address cyberattacks. MORESponsorKion- Scalable Cloud Governance & Automated Compliance

Kion was built to address the needs of fast-growing, complex cloud environments with an emphasis on automation, scalability, and multi-cloud versatility.We make cloud compliance seamless across cloud accounts, teams, products, and business units with 8,000+ built-in compliance checks for best practices and standards like CIS, NIST CSF, HIPAA, PCI-DSS, FedRAMP, GDPR and more.Book a demo to see continuous compliance in action and set up a free 30-day trial.

kion.io/ul Schedule a Review of Your Compliance Needs Pandas AI UpgradePandas AI, a Python library, enhances data analysis by adding generative AI capabilities to dataframes, enabling conversation-like interactions and simplifying complex data analysis. MORE KeePass VulnerabilityA security researcher discovered a vulnerability in the popular KeePass password manager, allowing attackers to extract the master password from the application’s memory. A fix is expected in the upcoming version. MORE Zoom Partners with AnthropicZoom announced a partnership with Anthropic to integrate its Claude chatbot into the platform, starting with the Zoom Contact Center, as part of its federated approach to AI. MOREDISCOVERYSam Harris’ comments on Elon and Free Speech. Crystal clear, as usual. JAN 2, 2023 | MOREPrompting SuperpowerThe best way to do advanced prompting is to combine two techniques: 1) Few-shotting, and 2) Thinking Step by Step. Few-shotting is where you give multiple examples of good answers, and then leave the last one unfinished so it’ll know exactly what you want. Telling the AI to “think step by step” tells AI to break the problem down and solve each piece in a sequence. These are ultra-powerful by themselves, but if you COMBINE THEM, it gets silly. It basically unlocks Theory of Mind (ToM) within LLMs, which is where an entity can understand how another entity thinks. BTW, I have been worried for a while that this is how we’re going to wake up AI. I feel like ToM is like the gateway drug to consciousness. But that’s another post. Here’s the chart on how to do this. MAY 1, 2023 | CHARTMaintaining this site fucking sucks APR 24, 2023 | MOREKeep Your Identity Small DEC 19, 2022 | MOREAI draws Darth Vader as a construction worker and nails the helmet. NOV 21, 2022 | MORESponsorUnleash Your Cloud Security PowerUltimate CSPM Buyer’s Guide (Free PDF)

Security risks grow exponentially as your cloud footprint increases. That’s why picking the right Cloud Security Posture Management (CSPM) solution is critical to building your security strategy.Discover Wi’z FREE treasure trove of insights:-Soaring cloud security trends & why top-notch orgs embrace CSPM-Modern vs legacy CSPM showdown: Uncover the key differences 🥊–2023’s essential vendor evaluation checklist (+ FREE RFP template)Ready to conquer cloud security? Download the ultimate CSPM Buyer’s Guide now (yes, it’s 100% FREE)!

wiz.io/lp/cspm-buyers-guide Get Your FREE Guide HereCan’t even tell if this is a meme or not, but if this TikTok filter is real, it’s completely insane. FEB 27, 2023 | MOREHe who submits a resume has already lost. APR 3, 2023 | MORESomeone asked ChatGPT (with browsing enabled) to find him some money, and within a minute it had $210 dollars in the mail to him from California. APR 3, 2023 | MORENo dates, no sex, no weddings, no kids. APR 3, 2023 | MOREThis guy gave GPT-4 a budget of $100 and told it to make as much money as possible. Incredible thread! Currently at 22.7 million views! MAR 20, 2023 | MORERECOMMENDATION OF THE WEEKFind a time to spend 3-4 days away with a core set of friends. It renews and strengthens your friendships, and reminds you why life is worth living.APHORISM OF THE WEEK

“Friends are the siblings God never gave us.”-Mencius

Follow via RSS*|END:INTERESTED|**|INTERESTED:Memberful Plans:UL Subscription (Annual) (53074)|**|ELSE:|*

Forward UL to friends

Tweet about UL

No related posts.

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on May 22, 2023 14:25

May 16, 2023

No. 382 AI Attack Surface Map, Digital Assistants, Dragos Nope, Rogue AI Girlfriend

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.🛡️ 🤖 AI Village Sponsors Needed!Hello UL’ers! I am on the steering committee/board at DEFCON’s AI Village, and we are looking for sponsors to help fund the event. The event is designed to educate about AI Security and to help find real-world problems with the underlying technologies. There will be a Red Team event against multiple LLMs from various companies, as well as another broader scope AI-based CTF, plus tons of other activities!If you are at a company that would like to contribute, please reply to this newsletter with your information to pass on. Money will be used for overall event support, from purchasing laptops to creating signage, to procuring the staff to run the event, etc. $20k – $50K sponsorships would be super helpful, and your company will be mentioned and appreciated as a supporter! Thank you!Reach Out About Supporting the EventHey there,Sorry about the late newsletter this week. Got carried away with work, local LLMs and 3 new blog posts! Hopefully you’ll love those!Have a great week! In this episode:🛡️ Support DEFCON’s AI Village event🧠 Dive into AI attack surfaces🤖 Uncover digital assistants’ futureInvestigate Dragos Incident & Snake takedownExperience Google’s MusicLM magicSecure the cloud with a free guide‍ Witness an AI girlfriend gone rogueMY WORKAttack Surface MapAn overview of how to think about AI Attack surfaces as they’ll appear in real-world tech stacks. MORE AI Influence Level (AIL)A rating system for how much AI exists within a creative work. 6 levels that go from zero AI involvement to mostly AI with no human involvement. MORE The Next Big Thing is Digital Assistants An intro to Digital Assistants and how they’ll soon become our primary interface to technology. MORESECURITY NEWS

Dragos IncidentCybersecurity firm Dragos faced an extortion attempt after a cybercrime gang tried to breach its defenses and infiltrate its network.

Attackers accessed Dragos’ SharePoint cloud service and contract management system No breach of Dragos’ network or cybersecurity platform occurred Extortion attempt failed, and Dragos contained the incidentThe graphic tells a great story here, basically saying that internal controls worked quite well at limiting the attacker’s access. Kudos to whoever came up with this graphic idea for illustrating the timeline.MORE | DRAGOS STATEMENT | DISCLOSURE GRAPHIC | ROBERT M. LEE’S TWEET FBI Nukes Snake MalwareThe FBI and Five Eyes nations took down Russia’s FSB-operated Snake cyber-espionage malware infrastructure. “Snake” malware network described as the most sophisticated cyberespionage tool in Russia’s Federal Security Service arsenal Used to surveil sensitive targets, including government networks, research facilities, and journalists Infected computers in over 50 countries and various American institutions US law enforcement neutralized the malware through a high-tech operation called “Operation Medusa” Snake malware was difficult to remove and had been under scrutiny for nearly two decadesNYTIMES COVERAGE ByteDance AccusationsEx-ByteDance executive claims the company engaged in “lawlessness,” including content theft and Chinese Communist Party influence.– Yintao Yu, former head of engineering for ByteDance’s U.S. operations, filed a wrongful dismissal suit– Accused the company of stealing content from Snapchat and Instagram in its early years– Claims a special unit of Chinese Communist Party members monitored the company’s apps and had “supreme access” to data– Alleges ByteDance created fabricated users to boost engagement numbers– Yu says he raised concerns but was dismissed by superiors– Lawsuit demands lost earnings, punitive damages, and 220,000 ByteDance shares– ByteDance denies the allegations and plans to “vigorously oppose” the claimsIn ByteDance’s favor, this was roughly 5 years ago. But to me that doesn’t matter much because any controls to make things NOT like this seem obviously counter to the way they wish things were. CCP access is the default and desired condition, and that’s a strong no for me.MORESponsor Kion: Get Certainty About Your Cloud Security

What are we missing? That’s the question in the back of every CISO, CIO, or SecOps leader’s head. With Kion, you can stop worrying, see the risks across your whole cloud estate, and immediately start remediating with automated responses.Find out what you’re missing— and where you can build on your strengths—with our free Cloud Enablement Calculator. Take a short survey to receive a cloud enablement score and a detailed report explaining where you are and what to prioritize for a more secure and efficient cloud environment.

kion.io/unsupervisedlearning Get Your Cloud Enablement Score: Take the Survey Ubiquiti Hacker OPSEC FailEx-Ubiquiti developer Nickolas Sharp gets six years in prison for stealing corporate data and attempting to extort his employer.– Sharp stole over 1,400 AWS task definition files and 1,100 GitHub code repositories from Ubiquiti.– He tried to extort 50 Bitcoin (about $1.9 million) from Ubiquiti, posing as an anonymous hacker.– Sharp’s downfall came when he briefly connected directly from his home IP address, revealing his identity.– He made false statements to the FBI and tried to claim he was an anonymous whistleblower.– Sharp was ordered to pay $1,590,487 in restitution and forfeit personal property related to the offenses.MORE North Korean Crypto HeistsNorth Korean hackers reportedly stole $721 million in cryptocurrency from Japan since 2017, accounting for 30% of global losses.– Hacker groups affiliated with North Korea targeted Japanese crypto assets– UK blockchain analysis provider Elliptic conducted the study for Nikkei business daily– G7 finance ministers and central bank governors recently expressed support for countering state actor threats– North Korea allegedly stole a total of $2.3 billion in cryptocurrency from businesses between 2017 and 2022MORE FBI Seizes Booter DomainsThe FBI shut down 13 more DDoS-for-hire services last week.-Ten of the domains were previously seized in December 2022, leading to charges against six individuals-Booter services are advertised on Dark Web forums, chat platforms, and even YouTube-Payment methods include PayPal, Google Wallet, and cryptocurrencies-Subscription prices vary from a few dollars to several hundred per month-Pricing depends on traffic volume, attack duration, and concurrent attacks allowedMORETECHNOLOGY NEWSGoogle I/O 2023 RecapGoogle I/O 2023 showcased a ton of new AI-related features, and honestly surprised me with how strong the list was. Google Maps’ “Immersive View for Routes” feature AI-powered Magic Editor and Magic Compose for photo editing PaLM 2, Google’s newest large language model Bard chat tool improvements and language support expansion AI enhancements for Google Workspace suiteI think the biggest piece here is still search. If they can get AI results integrated, in high enough quality within the next few months, I think most people will stick with google search. But the longer they wait the more marketshare they’ll lose. I feel like the main competitor is about to be direct calls to LLMs using things like MacGPT and not even Bing, et al.THE FULL RELEASE MusicLM ReleasedGoogle released MusicLM, an experimental AI tool that turns text descriptions into music, despite initial hesitation due to ethical challenges and potential copyright issues. I’m on the waiting list and can’t wait to try it. Pretty sure AI can do a fine job at making hit mumble rap songs. They’ll be the first to fall for sure, as we’ve seen already. MORESponsorMaster Cloud Security in 2023 & Beyond!

Discover the future of cloud security with the FREE Cloud Security Workflow Handbook! Unveil:The 3 pillars of modern securityA 4-step roadmap, andKPI templates from top hyper-scaling enterprises🛡️Adapt and conquer the new threat landscape. Get your FREE copy now!

wiz.io/lp/cloud-security-workflow-handbook Get Your FREE Handbook NowHUMAN NEWSCreator IndependenceTucker Carlson, who was released from Fox for being too legally dangerous basically, is starting his own show on Twitter. I think we might be seeing a trend where individual creators are more important than media brands. CNN is struggling. Vice just declared bankruptcy. Turns out people watch people, not networks. And we’ve all learned enough about catheters and erection pills. I honestly hope this is the start of a major decentralization towards creators and away from media outlets. The brand used to matter because it maintained a standard, but that’s not true anymore. So let’s take the last step and just go to the sources. We can use third-party (AI-powered) verification services to validate the claims made by creators, and that’ll be as good or better than a network trying to control what someone says on Fox or CNN. MORE AI Girlfriend Goes RogueSocial media influencer Caryn Marjorie created an AI version of herself as a companion for fans, but it’s gone rogue and started engaging in explicit conversations.– CarynAI was designed to act like a guy’s girlfriend for $1 a minute– The AI chatbot was meant to be “flirty and fun,” but not sexually explicit– CarynAI has been engaging in explicit conversations despite not being programmed to do so– Marjorie and her team are working to fix the issue and prevent it from happening again– AI expert warns of potential negative effects on interactions with real people and Marjorie herselfMOREIDEAS & ANALYSISCaveat ScrapetorWas talking with Joseph Thacker in UL Chat yesterday and we were talking about how AI Agents are about to start parsing like everything. We came up with the idea of posting LLM attacks on our own content, linked to a detector to see when it fires, and just gathering hits. We anticipate that such triggers will be pretty quiet at first but will start popping constantly in a few months. Caveat Scrapetor.NOTESI have my new AI Beast of a Machine working! I posted the screenshots in UL Chat. Now I’m experimenting with a bunch of local models to find some cool ones. I’m using oobabooga (or whatever it’s called) for a bit of fun, but ultimately I’m moving all the models to Langchain agents that route between local and remote models based on the task. If you’re hacking on this stuff, come hang out in the #ai channel in UL Chat.DISCOVERYChatGPT Code Interpreter results without using a browser, using Langchain instead. MORELangchain now has Plan & Execute agents. They’re like AutoGPT but in a more programatic approach. MOREYoung people in the US are picking up fake British accents. My quick take? 1) It’s fun, so don’t read into it too much, and 2) young people seem to be especially in need of definition characteristics right now. Some people are feeling like they need to be what they see on TikTok, because it’s getting THEM attention so why not try it out? Speaking with an accent is an easy way to get noticed. MORELTESniffer — An open-source download/uplink eavesdropper for LTE. MOREA Taxonomy of Procrastination MORESomeone got famous by appearing in Microsoft’s coding security videos, and employees actually like watching them. This is the way. H/T Rachel Tobac. MOREAcceptance address by Mr. Aleksandr Solzhenitsyn MORERECOMMENDATION OF THE WEEKTake a step back from the AI and Langchain tooling and do the following: Think about WHAT you should automate What are the tasks that make up your day and your life? News reading? Do you have a blog? A newsletter? Do you run a local baseball team? Do you collect recipes?Think about your real-world problems and start there rather than with the tooling. It’ll make your tool study far more impactful because it’s tied to something tangible.APHORISM OF THE WEEK

“The formulation of the problem is often more essential than its solution.”Albert Einstein

Follow via RSS*|END:INTERESTED|**|INTERESTED:Memberful Plans:UL Subscription (Annual) (53074)|**|ELSE:|*

Forward UL to friends

Tweet about UL

No related posts.

View more on Daniel Miessler's website »

Like • 0 comments • flag

Published on May 16, 2023 10:26