Securing the AI Software Supply Chain.

AI supply chain risks + controls for AI supply chain security.

storage.googleapis.com/gweb-research2…

I've been working in cybersecurity for two Microsoft CEO 'security is our highest priority' memos now...

For those out there who are new to the industry or the niche of cybersecurity and feel like they have no idea what’s going on. Just know I’ve been in this for 22 years and I still have no idea. That’s what makes it so interesting.

Embrace it, bask in it and try to enjoy the…

I'll believe that MS has really entered a second era of security renewal when:

1. It gets rid of upcharging for the most key security features & logging.
2. It hires or transfers a bunch of new folks to work on the security of its (highly profitable) perpetual server software.

Gary Marcus Peter H. Diamandis, MD The issue is that most people don’t understand the limitations and try to use LLMs for use-cases they are not addressing. Not entirely user’s fault though, LLMs have been grossly oversold by many. LLMs are great, just not great at everything.

They literally didn't ship product to fix security. Now 2k8 (the RTM edition) was far from perfect, but _holy crap_ was it a mammoth improvement from 2k3. Things got very much more interesting in 2k8 r2.

So... yeah, things need fixed. But MSFT has done this already.
3

I’m amazed at how humanity can adapt to technology. In just 2 years, ChatGPT went from blowing everyone’s mind to everyone waiting for the next update.

JUST OUT: Why we have reached a tipping point where the public conversation about foreign influence operations is doing more harm than good foreignaffairs.com/russian-federa…

When people temporarily quit Twitter because it was allegedly going into the sun, it got way better around here. Twitter is better today than it ever has been in my memory.

Dr. Anton Chuvakin hogfly 🌻 Not my phrase, but one I’m sure to use MANY times this week:
You can’t spell pain without AI

So, do we think that at this #RSAC we will see vendors marketing 'a special security #AI that will protect your poor helpless business #AI from malicious #AI bastards?' :-) #random

This! Organizations need to understand opportunity cost of how they structure their cybersecurity programs. (h/t cje )

Discovered a new use case for Gemini (well, any LLM bot): please read this paper and tell me if it is BS :-)

Finally a clear argument against recursive self improvement(!!)

'Everyone sitting on the ledge worried that these LLMs can self improve their way to AGI can safely climb down'

Excellent work by Vishal

Just like last year, here is my 'rage-tweet' about all those 'Are you at #RSAC , let's meet!?' messages without an agenda, topic or desired outcome. Go to hell, will ya? And consider adding a bit of 'WHY'...

Is there a 'meta-bot', a tool that sends your prompt to Gemini/ChatGPT/Meta.AI, and then collates the answers? Am I the only one looking for an occasional 'LLM consensus' view?

spencer Not cracked, but I was doing a hunt one day and figured out that customers PAM is changing user passwords using the 'net' command. Super secure passwords but all recorded in EDR and security events.

I have friends and family that are all over the spectrum of politics, and so a challenge I have is getting them to recognize they can retain their world view while also accepting factual information dispassionately.

Explaining to some that 'yes, the opposing party is…

Oh my God. Patrick Gray is already the name of what is by a longshot the most established cyber podcast. There are a million possible names out there and Mr Decision Making over here went with one that's been in use for more than 15 years.

This starts to look like 2 distinct camps: detection engineers and detection consumers? twitter.com/anton_chuvakin…