Dark mode: ON

Infosec Decoded Season 3 #44: Top Ten LLM Vulnerabilities

With @kaitlynguru@infosec.exchange and @sambowne@infosec.exchange

June 2, 2023

Kaitlyn Handelman

Japan Goes All In: Copyright Doesn’t Apply To AI Training

Eating Disorder Helpline Disables Chatbot for 'Harmful' Responses After Firing Human Staff

New macOS vulnerability, Migraine, could bypass System Integrity Protection

Sam Bowne

OWASP Top 10 List for Large Language Models
Very valuable for this fast-developing field :)

Turncoat drone story shows why we should fear people, not AIs
A story about a simulated drone turning on its operator in order to kill more efficiently is making the rounds. In a simulation, an AI-enabled drone tasked to identify and destroy SAM sites, with the final go/no go given by a human. However, having been “reinforced” in training that destruction of the SAM was the preferred option, the AI then decided that “no-go” decisions from the human were interfering with its higher mission — killing SAMs — and then attacked the operator in the simulation.

A ride with Boot Girls, 2 women challenging Atlanta's parking enforcement industry
The Boot Girls offer up the legally dubious practice of boot removals for $50, a price that undercuts parking enforcement companies (which often charge $75 per day for removal). They bought keys that open boots from Christian Verrette, owner of ATL Boot Key.

“file archiver in the browser” is a new phishing technique that can be exploited by phishers when victims visit a .ZIP domain.
The attacker needs to emulate a file archive software through HTML/CSS. The researchers shared two samples, the first one emulates the WinRAR file archive utility, the second one the Windows 11 File Explorer window.