NO. 378 — AI Resilience Scale, Moloch the Demon, Ukraine Data Leak, and more…

*|INTERESTED:Memberful Plans:UL Subscription (Annual) (53074)|*

*|END:INTERESTED|*

*|INTERESTED:Memberful Plans:UL Subscription (Annual) (53074)|**|ELSE:|*

*|END:INTERESTED|*

Happy Monday—I hope you’re doing well!

Ok, here’s the idea of the week: Maloch. It’s a race to the bottom that we can’t avoid running. We don’t want to run it. We know it’s bad for us. But we feel compelled to. And plus, everyone else is doing it so we don’t want to be the only left out!

And with that happy thought, let’s get into the week!

In this episode:

🤖 AI vulnerability scale
🌌 Moloch’s danger
🌐 Post-GPT world
🕵️‍♂️ Discord leak
🛡️ OpenAI bounty
🇰🇵 North Korea vs. 3CX
📱 Israeli spyware
🤖 NYC robots
🚕 Robotaxi success
😢 Teen mental health crisis
🚫 AI bans, and more!

MY WORK

The Hierarchy of Content
A rating scale for how vulnerable your content is to being replaced by AI. MORE

Moloch: The Most Dangerous Idea
If we are alone in the universe, this is probably why. MORE

6 Phases of the Post-GPT World
The implications of connecting GPT-4 to the internet, and the tech that will result. MORE

SECURITY NEWS

Discord Intelligence Leak
A US National Guardsman named Jack Teixeira leaked a number of Top Secret military documents in his Discord Server group over a number of months. The documents were further shared elsewhere, causing them to leak all over the internet. The leak detailed Ukraine’s plans for a counter-offensive, as well as details about various European countries that were giving aid to Ukraine. Teixeira has been arrested under the Espionage Act. MORE | NYTIMES | BELLINGCAT

OpenAI Bug Bounty Program
OpenAI launched its Bug Bounty Program with BugCrowd, inviting hackers to help identify and address vulnerabilities in their AI systems. Rewards range from $200 to $20,000 based on severity and impact. Great job to both teams! I can only imagine the firehose of vulns people have been sitting on. MORE | PROGRAM

North Korea vs. 3CX
Mandiant has been investigating the 3CX supply chain attack and has concluded that it’s the work of a North Korean threat actor called UNC4736. The attackers targeted with malware called Taxhaul, which deploys a downloader called Coldcat. 3CX has shared YARA rules and IOCs to detect the malware. MORE

More Israeli Spyware
A little-known Israeli spyware company has been using its software against journalists and political figures across three continents. Citizen Lab and Microsoft Threat Intelligence published reports calling out QuaDream for its Rein software, which is “a suite of exploits, malware, and infrastructure designed to exfiltrate data from mobile devices.” MORE

Sponsor

Hyperproof: Next Level Compliance and Risk Management

Hyperproof is the industry-leading compliance operations and risk management platform. Cut the time spent preparing for audits in half, automate evidence collection, and increase team productivity by 70%.

With 75+ out-of-the-box framework templates, including SOC 2, NIST, FedRAMP, and ISO 27001, our built-in requirements and customizable controls will satisfy the needs of your products and industry. Connect your controls to risks to better protect your business and see where you stand in real time with our risk register.

Book a demo today to see why Hyperproof is G2’s #1 trending software for IT Risk Management and GRC.

learn.hyperproof.io/built-to-scale-unsupervised

Book a Demo

Amazon S3 Security Update
Amazon S3 has started deploying two new default security settings for all new buckets, including enabling S3 Block Public Access and disabling S3 access control lists (ACLs) for all new buckets. Rejoice! MORE

NCR Aloha POS Outage
NCR’s Aloha point-of-sale platform suffered an outage due to a ransomware attack by the BlackCat/ALPHV gang, impacting hospitality customers and business operations. MORE

FBI Warns Against Public Chargers
The FBI says people should avoid using public USB charging stations for their mobile phones. They said the stations in places like malls and airports may be compromised and could install malware on connected devices. MORE

Cyber Investment Down 58%
Venture-backed cybersecurity startups saw 58% less investment than a year ago, which represented a 45% drop (149 total) in deal flow. MORE

NYC Robots
New York City abandoned its robot dog plans after a massive outcry two years ago, but now it’s bringing them back. They’ve ordered two of the Boston Dynamics Spot Bots. The city says the $75K bots will mostly be used like bomb robots for now and they won’t be run autonomously. They’re also deploying a Knitescope K5 robot, which is designed to counter vandalism and break-ins. Really wish that one looked less like a Dalek. MORE | THE KNITESCOPE K5

Fake Chinese Officials
The FBI is warning Chinese people in America to not fall for scammers claiming to be part of the PRC. They say scammers are posing as officials and stealing money from Chinese citizens. This works well because newly arrived Chinese people anywhere in the world are still strongly tied to China, and feel beholden to Chinese authorities. The FBI says to call them if you believe you have a legitimate request from China, as they are required to register with the FBI for such activities. MORE | MORE

Vulnerabilities

Microsoft issues fixes for 97 flaws, including an actively used ransomware exploit MORE

TECHNOLOGY NEWS

The SIMS + AI
Google and Stanford collaborated to create human-like AI characters that operate in a SIMS like environment called Smallville. There are 25 separate personas that wak up, have breakfast, and go on about their days. They interact with each other and do many other human-like activities. The whole thing is seeded with just one paragraph of prompt text for each character, and they take it from there. Researchers interviewed the characters after they had been running for a while and found that some had careers. One had decided to run for mayor and described his plans after he took office. MORE | MORE

AI Wage Discrimination
Companies like Uber and Amazon use AI to pay workers different wages for the same work, raising concerns about “algorithmic wage discrimination” spreading to other industries. MORE

Robotaxi Success
Robotaxis in San Francisco seem to be running quite smoothly. The city required them to keep detailed logs on how much disruption was being caused by Cruise and Waymo robotaxis, and the numbers are remarkably small. There were evidently only 12 driverless-caused reports from September 2022 to March of 2023. MORE

33% SF Vacancy
Office vacancies in San Francisco have hit 33%, and 23% in Silicon Valley. Both are records. MORE

HUMAN NEWS

Teen Girls’ Mental Health Crisis
A new CDC report reveals that nearly 1/3 of teen girls have considered attempting suicide. 30%! And nearly 3 in 5 (57%) felt persistently sad or hopeless in 2021. That’s double the number of boys, and up nearly 60% from the past decade. CDC

Whole Foods Closes Flagship SF Store
Whole Foods is closing its main store in San Francisco due to safety concerns for its workers. MORE

IDEAS & ANALYSIS

Expect AI Bans?
I am of two minds about what’s going to happen with AI. If things go slow enough I think it’ll pull us out of our recession and start a new productivity boom. But if things go too quickly I think we’ll have acute job losses and world governments will start banning AI replacement of jobs. I’m currently siding a bit more towards the latter. When I predicted the recession piece it was before GPT-4, plugins, and Langchain Agents. I’m now thinking governments are more likely to get spooked and pull out the ban hammer. MORE

NOTES

I’ve got Agents working in Langchain! And not just working, but calling my own APIs. In my most recent run I ask my Agent to analyze the Solarwinds incident so it makes two requests—one to Google to learn about the incident, and one to my API to analyze the incident. Completely insane! I’ll share the screenshot and maybe some code as well in chat.

The stuff I wrote about in my book in 2016 is starting to happen. I’m going to be talking a bit more about that in the next few weeks. I actually re-read the book and it’s not nearly as bad as I thought it was. So crazy that it’s all happening this fast. I had high confidence the things I wrote about would happen, but I honestly thought it would be another 10-15 years.

I’ll be around the RSA area, so if you’re in town let me know. We’ll be doing another UL Dinner as well so look out for the invite in chat!

DISCOVERY

⚒️ chatbot-ui — Run your own local ChatGPT interface using your API key instead of OpenAI’s web interface. It’s faster and doesn’t have the query limits of the official interface. MORE | BY MCKAY WRIGLEY | MY SCREENSHOT

⚒️ Auto-GPT — an experimental open-source application showcasing the capabilities of the GPT-4 language model. This program, driven by GPT-4, chains together LLM “thoughts”, to autonomously achieve whatever goal you set. MORE | BY SIGNIFICANT GRAVITAS

⚒️ Ben’s Bites — Hacker News, but for AI MORE

It happened to me today ($80/hr writer replaced by ChatGPT) MORE

How much would someone have to pay you to switch from iPhone to Android forever? MORE

Laid off by big tech and then recruited for contract work—at the same place. MORE

Hyperproof (Sponsor) — Cut your time preparing for audits in half, automate evidence collection, and increase audit team productivity by 70%. MORE

Cole Comfort from our UL Community has a new podcast. Check out the first episode with Toby Amodio! MORE

JupiterOne’s 2023 State of Cyber Assets Report MORE

Nick St. Pierre is the best natural photography prompter in the world. MORE

Sam Altman says they’re not training GPT-5 and ‘won’t for some time’. MORE

Huberman Labs’ Sleep Toolkit MORE

ProjectDiscovery is having a meetup for users on Tuesday, April 25th at RSA. There will be demos and swag! MORE

Altman also says the parameter count is a lot like the gigahertz race from the 1990s, and that ultimately it won’t matter as much as other factors. MORE

MacOS Cursors MORE

RECOMMENDATION OF THE WEEK

Programming 0 -> 1
It’s hard to know what skills we will need to thrive post-AI, but I’m pretty certain that programming just became even more important. Not super deep programming in any particular language, but programming concepts. The fundamentals. The ability to stitch code together and make things. I asked Twitter for the best way to get those fundamentals and the CS50 course from Harvard was a favorite. If you don’t consider yourself a programmer, go take that course (it’s free), and start getting dirty with GPT-4 and Lanchain. It’s the new literacy. CS50

APHORISM OF THE WEEK

“The unknown is the greatest enemy, but curiosity is the greatest weapon.”

Matshona Dhliwayo