Exploring the intersection of security, technology, and society—and what might be coming next…
Standard Web Edition | March 20, 2023
ERRATA: In last week’s show I said SVB made unsafe investments which got crushed by the housing crisis. This was not correct. The problem was their investments were too safe, with most of their money in 10-year investments yielding only 1.5%. So it’s true they made investment mistakes that caused/exacerbated the problem, but not in the way I described. Apologies for the error.
🌸 Welcome to Spring, and Happy Monday!
I think last week was the most exciting week in tech I’ve ever seen. We got GPT-4. We have Midjourney 5. And we saw an unprecedented speed of innovation emerging on Twitter. I am doubling down on my prediction from a few months ago that AI—by itself—is going to pull us out of this recession.
I’m so happy to be on the planet with you in this extraordinary moment.
MY WORK
Response Shaping: How to Move from AI “Prompts” to AI Whispering — How to get consistently high-quality results from the AIs you interact with. MORE
Calling out the Security Community on AI — We can’t curmudgeon ourselves into safer AI. People are going to use it regardless of what we say. MORE
Yes, GPTs Actually Understand — A 60-second argument and example showing that GPTs and LLMs are capable of true understanding. MORE
SECURITY NEWS
Chinese Zero-days
Mandiant says China used the most zero-days of any country, using 7 different attacks during 2022. MORE
Google Samsung Vulns
Google just found 18 severe vulnerabilities in Samsung’s Exynos chips. The chips are in multiple Android smartphones by Samsung, Google, Vivo, as well as a bunch of wearables. MORE
SpaceX Blueprints Stolen?
Lockbit says they’ve compromised Maximum Industries, which makes components for SpaceX. They said they’ll leak the documents if they don’t pay by March 20th. MORE
Sponsor
Get SOC 2 in Weeks Not Months
Let Secureframe unblock opportunities and accelerate your sales cycle without the need to invest in new resources or overburden your team.
From comprehensive compliance policy templates to over 150 integrations with your core technology services, the Secureframe platform significantly increases the speed with which organizations can confidently begin a SOC 2 audit, without increasing overhead or slowing your team down.
Schedule a personalized demo to let us show you how.
secureframe.com/ul
Chinese Plane Jamming?
Quantas says China is jamming satellite navigation and altimeter systems in the western Pacific and South China Sea. MORE
Trump Arrest This Week?
There are multiple indicators that Trump will be arrested this week, possibly on Tuesday. Trump himself has indicated Tuesday as well. One of the charges he’s facing has to do with inciting on January 6th. His response to possibly being arrested was to ask people to, “Protest, take our nation back!”. MORE
Xi Meets Putin
Xi flew to Moscow to meet directly with Putin. My read is that they both know they’re being isolated by the West, and although they frequently hack each other and consider each other long-term enemies, they’re going to try to partner up to slow their decline. MORE
Sponsor
You’ve Got Assets? We’ve Got Answers
JupiterOne collects more asset data than any other provider, and shows you the relationships between those assets in seconds. It’s not just about connectors and data; it’s about the types of questions you can ask to get the relevant answers for your security program.
We go beyond endpoints, IP addresses, users, and devices, and ingest data from CSPs, SaaS apps, code repos, IAM policies, security controls, vulnerability findings, and more. This enables you to ask questions like: “What internet-facing applications are running systems affected by log4j, and who owns those systems?”
jupiterone.com/unsupervisedlearning
TECHNOLOGY NEWS
Twitter Identity Verification
Techcrunch says Twitter looks to be testing government ID verification. I think this whole space of validated users is about to pick up massively. When you have both anonymous humans and AIs creating content, you’re going to want a badge to verify real people. MORE
T-Mobile Starlink
T-Mobile and Starlink are building a satellite-to-cell service. MORE
Zipline Drones
A drone that seems to be able to deliver small packages with “dinner plate” accuracy. Please make this happen, someone. MORE
IKEA Stock Drones
IKEA has stock-counting drones in 16 of its European locations. And of course Amazon is working on similar tech. Think of how many jobs this will remove once they get it right. MORE
HUMAN NEWS
More Amazon Cuts
Amazon is cutting 9,000 more jobs. This is on top of the previous 18,000, bringing the total so far to 27K. MORE
IDEAS & ANALYSIS
Privacy is About To Take a Hit
I think we’re about to see an unparalleled disregard for privacy. Why? Because GPTs like data. In other words, the business value of having well-trained custom GPTs is about to completely trounce the competing concerns of data privacy. Business value trumps everything. And it especially trumps security and privacy.
Hacking SPQA
I am predicting that SPQA will replace existing software, but what I haven’t talked about is how this will affect security within a company. It’s going to be massive. On the one hand it’ll make it a lot easier to secure yourself, so that’s good. But can you imagine what will happen if an attacker gets access to your SPQA interface? It’ll be able to do all the work for you. Forget having to read all of Slack and all the documentation. You’ll be able to have it do it for you. Of course there will be controls eventually, but not initially. It’s going to be an attacker’s dream.
NOTES
My best bud Jason Haddix is giving his live training again this year! It’s remote, and there aren’t many slots left! Go sign up now! MORE
I’ve never been this happy or excited in my entire career. The UL community is popping. Work is going so well (and I haven’t even advertised services yet!), and the creative possibilities from AI have absolutely exploded. I’m like terrified and exhilarated at the same time.
Remember that as worried as we are about all this tech, your non-tech loved ones are even worse. We’ve got to walk into the minefields in front of them.
My buddy Tyler has a newsletter called The Cyber Why. Check it out here! MORE
DISCOVERY
⚒️ gpt-repository-loader — Convert a git repo into text you can send to a GPT. Let’s you do code review, create documentation, etc. TOOL | by MICHAEL POON
⚒️ offfensive-ai-compilation — A curated list of useful resources that cover Offensive AI. TOOL | by JOSÉ IGNACIO ESCRIBANO
📢 [Sponsor] — Does it take you weeks or months to get SOC 2 compliant? Speed up your sales cycle using over 150 integrations and comprehensive policy templates. Make the business happy by getting compliant without slowing down the team. LEARN MORE
🔥This guy gave GPT-4 a budget of $100 and told it to make as much money as possible. Incredible thread! Currently at 20 million views! MORE
This Guy Red-Teamed GPT-4 MORE
⌘ ~ cycles through the open windows of the same app (Mac). MORE
📢 [Sponsor] — Can you answer complex questions about what assets you have, which are facing the internet, and who owns those systems so you can get them fixed if there’s a new vulnerability? If not, you should look at JupiterOne. It’s like a unified question-answering platform powered by your own assets. LEARN MORE
✍🏼 Stack Exchange is to GPT-4 as ________ is to ___________. MORE
Just Write. MORE
RECOMMENDATION OF THE WEEK
Can Your Business Be Replaced by a Custom GPT Model?
This is one of the most important questions businesses can be asking themselves right now. What is your competitive advantage once competitors have similar data and can use it to train a GPT model? Come up with your answer to this question, and help others in your organization start thinking about how to get ready.
APHORISM OF THE WEEK
“Chaos is the score upon which reality is written.”
Henry Miller