2.9B breach fallout, Trump was compromised, Open Source attacked, Fortune 500 AI risk, OpenAI & MIT new tools
GenAI Safety & Security Newsletter (Aug 12 - Aug 18, 2024)
![[FREE e-book] GenAI safety and security](https://substackcdn.com/image/fetch/w_140,h_140,c_fill,f_webp,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8cbc4b00-c7d2-4b5d-8795-3d2715fd20c8_731x731.png)
Highlights:
2.9 Billion Records Exposed in Background Check Company Breach: The massive data breach impacting National Public Data is worse than initially suspected. Significantly increasing the risk of identity theft and phishing attacks.
Trump Campaign Hacked: The FBI is investigating a hack of Donald Trump's presidential campaign, allegedly by Iranian hackers. This incident, coupled with reports of vulnerabilities in voting machines found at the DEF CON Voting Village, raises significant concerns about election security.
Open-Source Software Under Threat: The open-source software community faces mounting security challenges. A recent incident involving maintainer "Jia Tan," suspected to be a nation-state hacker, nearly compromised a widely used software component.
Soaring AI Risks for Fortune 500: Another security vulnerability has been discovered in Windows, potentially leading to blue screens of death. Meanwhile, a staggering 473.5% increase in Fortune 500 companies flagging AI risks in their annual reports reflects growing concerns about AI security, bias, and misuse.
OpenAI and MIT Release New Tools: OpenAI introduced SWE-bench Verified, a tool to better evaluate AI models' software engineering capabilities. MIT researchers have released a repository of AI risks, aiming to provide a comprehensive resource for understanding and mitigating potential dangers.
Dive deep:
1. 2.9 Billion Records Exposed: A Cybersecurity Nightmare
National Public Data has confirmed the data breach, acknowledging that hackers obtained even more sensitive information than initially reported, including email addresses. Yahoo News
The company claims to have "purged" the database and deleted personal information, but it's unclear what data has been leaked on the dark web.
Individuals are advised to freeze their credit, monitor financial accounts for unauthorized activity, and be wary of phishing attacks. Yahoo News, KRON4
2. Election Security Under Fire: Trump Campaign Hack. Voting Machine Concerns
The FBI is investigating the alleged hacking of the Trump campaign by Iranian actors, who reportedly obtained internal communications. Reuters
Hackers at DEF CON's Voting Village event found vulnerabilities in various voting machines, highlighting the need for stronger security measures in election systems. Politico
Election officials are encouraged to work with cybersecurity experts and vendors to address vulnerabilities and ensure the integrity of voting systems. Politico
3. Open-Source Sustainability Crisis: Trust Eroded, Resources Scarce
The "Jia Tan" incident revealed how a malicious actor can gain maintainer access and inject backdoors into open-source projects. Cyberscoop
Similar attempts targeting OpenJS highlight the vulnerabilities of relying on volunteer maintainers and the need for better funding and support for open-source projects. Cyberscoop
Companies using open-source software should contribute back to the community and participate in efforts to improve the security and sustainability of these projects. Cyberscoop
4. Fortune 500 AI Concerns: Growing Risks in a Tech-Driven World
A newly discovered vulnerability in Windows could enable low-privileged users to cause system crashes, raising concerns about denial-of-service attacks. Forbes
The number of Fortune 500 companies flagging AI risks in their annual reports has jumped by 473.5%, indicating growing concerns about data security, bias, and misuse of AI. Fortune
Organizations should implement robust cybersecurity measures, including timely patching, to mitigate risks associated with software vulnerabilities. Forbes Companies should carefully consider and address AI risks, particularly in areas like data privacy, security, and fairness. Fortune
5. Advancing AI Performance and Safety: New Tools from OpenAI and MIT
OpenAI released SWE-bench Verified, a human-validated subset of SWE-bench, to more accurately assess AI models' abilities to solve real-world software engineering problems. OpenAI
MIT researchers launched the AI Risk Repository, a database of over 700 AI risks categorized by causal factors, domains, and subdomains. TechCrunch
These tools provide valuable resources for AI developers and policymakers to improve AI performance, safety, and ethical development. OpenAI, TechCrunch
