AI
Poisoned telemetry can turn AIOps into AI Oops, researchers show
AIOps refers to the use of LLM-based agents to gather and analyze application telemetry, including system logs, performance metrics, traces, and alerts, to detect problems and then suggest or carry out corrective actions. The likes of Cisco have deployed AIops in a conversational interface for admins.
Attackers send malicious requests, which create error messages in the logs containing attacker-controlled text. That text tells the AI what to do, and it may follow those instructions when later questions are processed.
This works like the second-order SQL injection made famous by the XKCD comic "Exploits of a Mom."
Google fixing Gemini to stop it self-flagellating
Netizens have shared several examples of Gemini declaring itself a failure in recent weeks, such as this June post from X user @DuncanHaldane that shows the Google chatbot declaring “I quit. I made so many mistakes that I can no longer be trusted. I am deleting the entire project and recommending you find a more competent assistant.”
UK expands police facial recognition rollout with 10 new vans heading to a town near you
"Live Facial Recognition has already been used in policing to great success, locating thousands of wanted offenders, or others breaching their bail conditions."
Why it’s a mistake to ask chatbots about their mistakes
The tendency to ask AI bots to explain themselves reveals widespread misconceptions about how they work.
Researchers Made a Social Media Platform Where Every User Was AI. The Bots Ended Up at War
Even without the invisible hand of the algorithm, they tend to organize themselves based on their pre-assigned affiliations and self-sort into echo chambers.
Chatbots Can Go Into a Delusional Spiral. Here’s How It Happens.
For three weeks in May, the fate of the world rested on the shoulders of a corporate recruiter on the outskirts of Toronto. Allan Brooks, 47, had discovered a novel mathematical formula, one that could take down the internet and power inventions like a force-field vest and a levitation beam.
Or so he believed.
The U.S. Army Is Testing AI Controlled Ground Drones Near a Border with Russia
AI controlled robots will populate the battlefields of the near future.
Politics
White House could stymie the UK’s anti-encryption plans?
Donald Trump, the GREATEST PRESIDENT EVER, is saving the Internet! Are you sniveling libtards GRATEFUL yet? MAKE THE UK GREAT AGAIN!
Experimental ‘Off-the-Shelf’ Cancer Vaccine Is Already Prolonging Lives, Study Suggests
An experimental “off-the-shelf” vaccine for recurring pancreatic and colorectal cancer is showing great promise so far. Early results show that the vaccine appears to be safe and is potentially prolonging people’s lives.
Automate security reviews with Claude Code
Developers can easily ask Claude to identify security concerns—and then have it fix them.
Buttercup is now open-source!
Buttercup is a fully automated, AI-driven system for discovering and patching vulnerabilities in open-source software. To ensure as many people as possible can use Buttercup, we created a standalone version that runs on a typical laptop.
Infosec
Hyundai: Want cyber-secure car locks? That'll be £49, please
Hyundai is charging UK customers £49 ($66) for a security upgrade to prevent thieves from bypassing its car locks with wireless attacks.
The government announced an intent earlier this year to ban keyless repeaters and signal jammers, which are thought to be linked to around 40 percent of all vehicle thefts in England and Wales.
Among the devices available to motoring miscreants is a piece of kit that first surfaced in 2020. These come pre-loaded with the signals needed to hijack Hyundai, Kia, Mitsubishi, Nissan, and Genesis cars.
Heracles
Chosen Plaintext Attack on AMD SEV-SNP
AMD offers hardware support that stops privileged system software from learning secrets of a guest virtual machine. By re-encrypting guest data at precisely chosen DRAM locations, we create an oracle allowing us to leak guest memory, including kernel memory, crypto keys, and user passwords.
Rain: Transiently Leaking Data from Public Clouds Using Old Vulnerabilities
Since Spectre emerged in 2018, until now there have been no reports of realistic attacks on real-world clouds, leading to an assumption that such attacks are not practical. This "L1TF Reloaded" attack now leaks data from other guests in a commercial cloud computing platform. The attack is realistic even in one of today’s biggest and most important commercial clouds.
Amazon EC2 defenses against L1TF Reloaded
Amazon says they aren't the major cloud service vulnerable to "L1TF Relaoded." Gee, who could it be?
How to: Detect Bluetooth Trackers
Useful guide to using built-in and add-on apps, to see if someone is tracking your location.
From bootcamp to bust: How AI is upending the software development industry
Coding bootcamps have been a mainstay in Silicon Valley for more than a decade. Now, as AI eliminates the kind of entry-level roles for which they trained people, they’re disappearing.
Goodbye, $165,000 Tech Jobs. Student Coders Seek Work at Chipotle.
As companies like Amazon and Microsoft lay off workers and embrace A.I. coding tools, computer science graduates say they’re struggling to land tech jobs.
It Looks Like a School Bathroom Smoke Detector. A Teen Hacker Showed It Could Be an Audio Bug
A pair of hackers found that a vape detector often found in high school bathrooms contained microphones—and security weaknesses that could allow someone to turn it into a secret listening device.
Adult sites are stashing exploit code inside racy .svg files
The text in these files can incorporate HTML and JavaScript, and that, in turn, opens the risk of them being abused for a range of attacks, including cross-site scripting, HTML injection, and denial of service. JavaScript in the .svg images was heavily obscured using a custom version of JSFuck.
|