#056 - Cyber AI Chronicle - DASF 2.0: What's New and Why it Matters?

PRESENTED BY

Cyber AI Chronicle

By Simon Ganiere · 16^th February 2025

Welcome back!

Project Overwatch is a cutting-edge newsletter at the intersection of cybersecurity, AI, technology, and resilience, designed to navigate the complexities of our rapidly evolving digital landscape. It delivers insightful analysis and actionable intelligence, empowering you to stay ahead in a world where staying informed is not just an option, but a necessity.

Table of Contents

• What I learned this week

  • TL;DR

• Databricks DASF 2.0: The New Standard for AI Secur …

  • The Problem: AI Security is a Moving Target

  • What’s New in DASF 2.0?

  • A New Way to Think About AI Security

  • How Security Teams Can Apply DASF 2.0

    • Stop Thinking About AI Models in Isolation

    • Align AI Security with Regulatory Compliance

    • Treat AI Red Teaming as a Continuous Process

  • The Big Picture: Where AI Security Goes Next

• Worth a full read

  • Artificial General Intelligence's Five Hard Nation …

    • Key Takeaways

  • A Brief Guide for Dealing with ‘Humanless SOC’ Idi …

    • Key Takeaways

• Research Paper

  • Gandalf the Red: Adaptive Security for LLMs

• Wisdom of the week

• Contact

What I learned this week

TL;DR

• Databricks DASF 2.0 expands AI security beyond models, addressing seven new risks like LLM jailbreaks, chaining vulnerabilities, and inference manipulation. It aligns with MITRE ATLAS, OWASP, and NIST AI RMF, helping security teams integrate AI risk into governance and compliance » READ MORE

• I posted on LinkedIn this week on how the prompt for reasoning model is different compared to non-chain-of-thought model (GPT models). You can also refer to the updated page from OpenAI. This is particularly important as Sam Altman just shared their roadmap and the objective is to simplify the number of models by converting to chain-of-through model…so better learn quickly how to use those model efficiently.

• Still looking at that priority matrix, making some progress on how to automate some it using a mix of Google search, Firecrawl API and LLM. Will continue to update on progress. So far this gives me a few things:

  • Apple released an emergency security update to patch a zero-day vulnerability (CVE-2025-24200) exploited in the wild in “extremely sophisticated attacks” » READ MORE

  • PostgreSQL vulnerability exploited alongside BeyondTrust zero-day (CVE-2025-1094) » READ MORE

  • OpenAI finds no evidence of a breach after hacker offers to sell 20 million credentials » READ MORE

  • Italy blocks Chinese AI tool Deepseek over privacy concerns » READ MORE

  • Coverage of the Munich Security and Cyber Security Conference 2025 » READ MORE