Cal Poly Pomona's annual Cybersecurity Fair focused on AI's role in cybersecurity. Demonstrations showcased AI's potential for creating and defending against cyber threats. Industry experts discussed AI threats and quantum computing. The event included interactive demonstrations, research presentations, and a job fair. It emphasised opportunities for women in cybersecurity and featured a poster contest.
Gray Swan AI, a security startup founded in 2023, focuses on identifying risks in AI systems and developing tools for safe deployment. They've secured partnerships with major AI companies and the UK's AI Safety Institute. Their key products include Cygnet, an AI model resistant to jailbreaking, and Shade, a tool for finding AI system weaknesses. The company hosted a 'jailbreaking arena' competition to test their security measures, has received £5.5 million in seed funding, and is preparing for Series A funding. They aim to build a community of hackers to continually improve AI safety measures.
A phishing campaign is impersonating OpenAI, claiming ChatGPT subscription payments were declined and urging recipients to update payment details via a link. While this attack is unsophisticated, future AI-driven attempts may be more advanced. Experts recommend strengthening cybersecurity measures and providing employee training to combat such threats.
Datadog, a cloud monitoring firm, has increased its annual revenue forecast to £2.66 billion and raised its adjusted profit forecast to £1.75-1.77 per share. This improved outlook is due to growing demand for its AI-backed cybersecurity products. The company also reported quarterly revenue and profit exceeding analyst expectations.
Fortinet has expanded its AI-powered security assistant, FortiAI, to include FortiNDR Cloud and Lacework FortiCNAPP. FortiAI uses generative AI to simplify security analyses, helping with threat detection, alert clarification, and risk assessment. Fortinet continues to incorporate AI across its product portfolio.
Chinese researchers used Meta's Llama AI model for military purposes, sparking debate on open source AI and national security. Critics want restrictions, while proponents highlight innovation benefits. China's investment in open source AI development has global implications, especially for US-China AI competition.
A global phishing campaign called CopyRh(ight)adamantys has been discovered, targeting individuals and organisations. It uses AI-generated emails to impersonate legitimate groups, claiming social media copyright violations. The attackers employ Rhadamanthys malware and older AI models for customisation. Google acknowledges the threat and states their AI protections are effective against it.
Google's top security executive warns that AI is forcing companies to rethink digital security strategies. Traditional measures are becoming ineffective against AI-powered attacks. This is part of a technological arms race in eCommerce, with AI potentially reducing online fraud losses. AI security systems can analyse data in real-time to detect advanced attacks, using machine learning to understand context. Organisations are advised to implement new AI-specific security frameworks, including data sanitization and safeguards against harmful outputs. While costly, these measures are deemed essential for safe AI use and protection against threats.
OWASP released guidance on defending against AI-based attacks, particularly deepfakes. AI-generated text in emails has increased to 12%, up from 7% in late 2022. A survey found 48% of IT professionals very concerned about deepfakes, with 74% seeing them as a future threat. Experts suggest technical solutions will be necessary to combat sophisticated deepfake attacks.
Camelot Secure developed an AI tool called Myrddin to assist with CMMC compliance. Integrated into their dashboard, it provides real-time guidance for IT teams conducting assessments. Using advanced AI, Myrddin aims to simplify and accelerate the CMMC process, reducing time and errors. Camelot received an award for this innovation and plans to expand the tool's capabilities in the future.
The Biden administration is finalising a second cybersecurity executive order, building on the 2021 order. The new order, targeting federal agencies, covers AI in cyber defence, secure software transparency, cloud security updates, identity credentialing modernisation, and post-quantum cryptography implementation. It also addresses software bills of materials, open-source cybersecurity, and federal communication security. The order is nearly complete, with a potential early December signing.
