4
Identifying AI-generated images with SynthID (www.deepmind.com)
submitted 11 months ago by Captain@infosec.pub to c/ai_infosec@infosec.pub
0 comments fedilink
6
Thinking about the security of AI systems (www.ncsc.gov.uk)
submitted 11 months ago by Captain@infosec.pub to c/ai_infosec@infosec.pub
0 comments fedilink
6
GitHub - google/model-transparency (github.com)
submitted 11 months ago by Captain@infosec.pub to c/ai_infosec@infosec.pub
0 comments fedilink
8
Universal and Transferable Attacks on Aligned Language Models (llm-attacks.org)
submitted 1 year ago by Captain@infosec.pub to c/ai_infosec@infosec.pub
0 comments fedilink
7
Cybercriminals train AI chatbots for phishing, malware attacks (www.bleepingcomputer.com)
submitted 1 year ago by Captain@infosec.pub to c/ai_infosec@infosec.pub
0 comments fedilink
7
Adversarial suffixes that circumvent the alignment of open source LLMS, ChatGPT, Claude, Bard, and LLaMA-2 (twitter.com)
submitted 1 year ago by Captain@infosec.pub to c/ai_infosec@infosec.pub
0 comments fedilink
3
(Ab)using Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs (twitter.com)
submitted 1 year ago by Captain@infosec.pub to c/ai_infosec@infosec.pub
0 comments fedilink
2
Intro to ML Safety - Free course (course.mlsafety.org)
submitted 1 year ago by Captain@infosec.pub to c/ai_infosec@infosec.pub
0 comments fedilink
Training Tuesday - Discussions for certs, training and learning-at-home by Captain in c/cybersecurity@infosec.pub
[-] Captain@infosec.pub 2 points 1 year ago

Well done, congratz!

Training Tuesday - Discussions for certs, training and learning-at-home by Captain in c/cybersecurity@infosec.pub
[-] Captain@infosec.pub 1 points 1 year ago

Awesome, congratulations!

I've heard good things about the AWS Security Specialty certificate too. I've done a course for it which was great, though I never bothered to take the certificate (I don't feel the need for it). Have you considered it?

2
Army looking at the possibility of 'AI BOMs' (defensescoop.com)
submitted 1 year ago by Captain@infosec.pub to c/ai_infosec@infosec.pub
0 comments fedilink
1
Socket AI – using ChatGPT to examine every npm and PyPI package for security issues (socket.dev)
submitted 1 year ago by Captain@infosec.pub to c/ai_infosec@infosec.pub
1 comments fedilink

A very interesting approach. Apparently it generates lots of results: https://twitter.com/feross/status/1672401333893365761?s=20

1
OWASP Top 10 for LLMs - 0.5 (owasp.org)
submitted 1 year ago* (last edited 1 year ago) by Captain@infosec.pub to c/ai_infosec@infosec.pub
0 comments fedilink
2
Most popular generative AI projects on GitHub are the least secure (www.csoonline.com)
submitted 1 year ago by Captain@infosec.pub to c/ai_infosec@infosec.pub
0 comments fedilink

They used OpenSSF Scorecard to check the most starred AI projects on GitHub and found that many of them didn't fare well.

The article is based on the report from Rezilion. You can find the report here: https://info.rezilion.com/explaining-the-risk-exploring-the-large-language-models-open-source-security-landscape (any email name works, you'll get access to the report without email verification)

How to get rid of AWS access keys- Part 1: The easy wins by Captain in c/cloudsecurity@infosec.pub
[-] Captain@infosec.pub 1 points 1 year ago

Getting rid of long living access keys is such a win.

Adding an SCP to block creation is mentioned last in the blog post, but I'd sat that's the first thing one should do. That way the problem won't grow as you remove the existing ones (which might take a lot of time).

Good blog post indeed! Not exactly ground breaking but considering how common the problem is I don't blame them for writing it.

Toyota admits to yet another cloud leak by Captain in c/cloudsecurity@infosec.pub
[-] Captain@infosec.pub 3 points 1 year ago

They say it's cloud breach by I didn't see what kind of cloud breach. Did I just miss it or was it not mentioned?

fwd:cloudsec live stream by Captain in c/cloudsecurity@infosec.pub
[-] Captain@infosec.pub 1 points 1 year ago

"Beyond the AWS Security Maturity Roadmap" by Rami and "Google Cloud Threat Detection: A Study in Google Cloud" by Day were my favourites. Though I've only seen about half so far.

I say most, if not all, are good but since the talks often are niche it depends on what you're after.

view more: next ›

Captain

joined 1 year ago
MODERATOR OF
ai_infosec