C3 AI’s Post

Security Checklist for Sharing Sensitive Data with AI Tools

AI for Zero Trust. There are a group of unmet requirements within Zero Trust that I think could be easily met with available AI tools. NIST 800-127 identifies requirements for an AI based tool (Sect 5.4 par 2) that collects various types of threat intelligence feeds (Sect 3 par 3 bul 3), logs (Sect 3 par 3 bul 4), Security Information and Event Management (SIEM) (Sect 3 par 3 bul 9), and Network Analysis data (Sects 5.4 and 3.4.1) and generates rules that would lead to effective and autonomous management of IT security. In my opinion, this could easily be done by a combination of an LLM running in a self-contained mode, using langchain as a connector to the data sources. I already have a LLM running on a laptop, so this looks like something that can be accomplished near-term. I think this would constitute a PA (Policy Administrator) in Zero Trust parlance. Am I right?

Blazing fast #opensource #LLMs deployed to secure, private environments and surrounded by safeguards, that's Prediction Guard A new chat interface ist out: check how Prediction Guard is safeguarding private AI models. PG provides safeguards and hosted LLMs. Jump ahead of your competition with scalable model endpoints seamlessly integrated with: Security Checks For new kinds of vulnerabilities like prompt injections. Privacy Filters To mask or replace PII in model inputs. Output Validations For preventing hallucinations (or "wrongness") and toxic outputs. Compliant Data Protections To maintain #HIPAA and make sure you can get a BAA in place. https://lnkd.in/dyV37qKp #intelliftoff

#AI a #threat? Politicians talk about the (at least so far) completely secure AI - and the biggest Threat today and for many years to come will be definitely the really 'bad' software with many bugs, #AttackPoints, #vulnerabilities and #backdoors in 'normal' software. This causes costs in the billions (US $) for companies and citizens. https://lnkd.in/eShZ38AX softScheck GmbH softScheck APAC Yonca Schaette, M.A. Dirk Heuß Thorsten Breuer

How secure are your passwords? Probably not very :) + A 12-digit password with upper and lowercase including symbols and numbers is the shortest your password should be to be essentially unhackable under current methods/software. (Before AI can do this better.) 💡 Pro tip: Take a meaningful phrase and type it all with upper and lower Case letters, replacing a letter or two with a symbol like @ for A or 8 for B etc. For example, IforgotMyP@ssw0rd310! would take 26 Trillion years to crack. —————- 👉 PS: Please Share this with others and hopefull save someone some grief :)

This doesn't really come as a surprise, but is a good reminder not to trust too easily, but to verify. It also means that code review by a human is important and should not be relegated to automated tools (alone). Sure, some things can be checked by a tool and should if you want to go through an entire code base, but the results need to be carefully reviewed as there can be false positives or issues aren't picked up. I wonder what #InfoSec companies will find in the future, if there's a noticeable uptick of insecure code, Simon Howard. From a recent study: "Overall, we find that participants who had access to an AI assistant wrote significantly less secure code than those without access to an assistant. Participants with access to an AI assistant were also more likely to believe they wrote secure code, suggesting that such tools may lead users to be overconfident about security flaws in their code." https://lnkd.in/gSsYQ5is

How does an open license help security and safety? Find out in the latest blog. #AI #GenAI #InstructLab #OpenSource #RedHat #IBM

Checkmarx: Unlock the secrets of securing your code while harnessing #AI's potential. Listen to our in-depth analysis of #GenAI's security landscape: https://hubs.ly/Q02m1pdc0 #CheckmarxSecurity #ApplicationSecurity #DevSecOps #ArtificialIntelligence

There are advanced generative AI Chatbots known as FraudGPT or WormGPT, claiming to be "bots without limitations, rules, and boundaries," to carry out their malevolent activities. I am think is the Open Source Hardware Architecture could be right solution

In today’s digital financial landscape, combating fraud is crucial. However, current systems suffer from a staggering 90% false positive rate in fraud alerts. Not only does this frustrate customers, but it also imposes significant costs on financial institutions—often exceeding the expense of fraud itself.   To address these limitations, forward-thinking institutions are integrating machine learning models. H2O's award-winning autoML and anomaly detection techniques continuously learn from new data and adapt to evolving fraud tactics. This adaptability ensures that the system remains effective over time. Join H2O.ai and AWS for a webinar on Wednesday, July 31, and learn how to empower your organization to stay at the forefront of fraud detection technology! For more information and to register: https://lnkd.in/gwqiwkX8 #financialfraud #autoML #genAI #h2o #aws #bettertogether #ai