- Project Overwatch
- Posts
- #041 - Cyber AI Chronicle - AI Programming: What CISOs Should Know
#041 - Cyber AI Chronicle - AI Programming: What CISOs Should Know
PRESENTED BY
Cyber AI Chronicle
By Simon Ganiere · 27th October 2024
Welcome back!
Project Overwatch is a cutting-edge newsletter at the intersection of cybersecurity, AI, technology, and resilience, designed to navigate the complexities of our rapidly evolving digital landscape. It delivers insightful analysis and actionable intelligence, empowering you to stay ahead in a world where staying informed is not just an option, but a necessity.
Table of Contents
What I learned this week
TL;DR
Last week we went through the basic of AI programming assistant and how they have evolved and their objectives to improve the productivity of developers. This week we are focusing on the security aspect! At this stage it seems that there is still a lot of CISO / security team needs to know and do to ensure those AI programming assistants are not bringing vulnerabilities in the code base. » READ MORE
Anthropic released an updated version of Claude 3.5 Sonnet and a new model (Claude 3.5 Haiku). The upgraded version of Sonnet brings across-the-board improvement with particularly significant gains in coding. Now the real big feature is in public beta (via API) and is called computer use. Claude will be able to directly use your computer - looking at a screen, moving a cursor, clicking buttons and typing text….if that sounds familiar, it’s because it looks like an enhance version of robotic process automation (RPA) but with an LLM on top so you just ask a question and watch the LLM doing it. And of course, people are already finding a way to misuse it.
Microsoft also announced a new autonomous agent capabilities with Copilot Studio. Those agents are called autonomous because they can automatically respond to signals across your business and initiate tasks. They can be configured to react to events or trigger without human input that instead originates from various tools, systems and databases, or are even scheduled to run hourly, daily, weekly or monthly.
The SEC fines four companies for “misleading cyber disclosures”. This is related to the SolarWinds incidents and the disclosures of 4 companies…total fined $7 million. Don’t think that amount is going to have a significant impact but it’s a strong signal by the SEC. LinkedIn also got hit by $310 million fine by the EU privacy regulators.
In the good news of cyber:
Apple releases a long documentation on the security of their Private Cloud Compute. This includes a bug bounty program for up to $1 million!
A new security feature, named “memory sealing”, has been released in the Linux kernel’s 6.10 release. Great blog post that provides more information and details (warning technical content)
Volexity released a great research paper about EDR evasion techniques.