Notice: FY2024 is coming in Feb 2025.
Highlights
🌎 AI international report: 100 experts.
🚨 DeepSeek's AI raises safety concerns.
📧 Gmail users targeted with AI hacks.
🛡️ New AI cybersecurity code of practice.
💰 US Treasury vendor breach details.
Deep Dive
🌎 1. First International AI Safety Report - AI Action Summit GOV.UK
Report is a global handbook for AI.
100 AI experts from 30 countries.
AI agents can now perform complex task
AI risk depend on policy decisions
Key is to understand AI's internals.
Notice: the 1st official report following several international AI safety summits.
🚨 2. Database Leaking Sensitive Info, Including Chat History Wiz Blog, PCMag
Over 1 million lines of log exposed.
API keys, chat histories leaked.
Full database control was accessible.
Unsecured ClickHouse database found.
Security overlooked due to AI growth.
DeepSeek R1 failed all safety tests.
100% success rate for harmful prompts.
Lacks proper defense compared to others
Low development budget a potential cause.
Strong content restrictions on China topics.
Mitigation: Use tools to test internal AI model. Set guidelines for internal and external model use.
🚨 Privacy EU complaint The Brussels Times, Euroconsumers
DeepSeek hit 2.6 million downloads quickly.
GDPR breaches are serious concern.
Italian data authority blocked DeepSeek app.
Multiple EU countries launched investigations.
Euroconsumers drives legal action for users.
Data transfer to China is concern.
Lacks transparency for user data use.
No minor data safety measure taken.
GDPR violations on data processing found.
Temporary restriction of service asked.
Mitigation: Review data governance and transparency in data handling.
🚨 Database cyberattack Forbes, CSO Online
Misconfigured cloud storage cause of breach.
Leaked data can be used for cyberattacks.
User data, keys, and secrets leaked.
Proprietary AI models were potentially exposed.
Full admin control was accessible.
DeepSeek secured database after notification.
Lack of security is a large issue.
📧 3. Gmail 2.5 Billion Users—AI Hack Confirmed Forbes
AI-powered phishing attacks detected.
Hackers use fake Google tech support.
Attackers sending Gmail reset codes.
Advanced Protection program provides security.
Attack was hard to detect by victims.
Mitigation: Educate users; enable Advanced Protection. Consider passkeys for verification. Review all your device IPs on daily or weekly basis.
🛡️4. Code of Practice for the Cyber Security of AI GOV.UK
Code for AI security by UK government.
Addendum to the Software Code of Practice.
Covers five AI lifecycle phases.
Guidance for developers and operators.
Focus on threat assessment and response.
Mitigation: Review and implement AI security framework. Educate developers on AI-specific risk management.
💰 5. US Treasury vendor breach investigation BeyondTrust
17 Remote Support SaaS users were impacted.
API key was compromised via ZERO-day.
China-nexus threat actors involved.
Remote Support patched after the incident.
Investigation completed Jan 17th.
Mitigation: Stay current on releases and implement patches. Review authentication security measures.
Share this post