AI agents, Amazon AI-generated alert, OWASP testing guide, US Retail Data Breach

If you enjoy this newsletter, please become our paid subscriber to help this keep going.

Highlights

• Rethink IAM as AI agents.

• Amazon: AI-generated alert.

• OWASP AI testing guide.

• US Retail Data Breach.

• Anthropic’s AI weird experiment.

Special!

Review: Google's Agent Security

---

Deep Dive

1. Rethink IAM as AI agents Venture Beat

• 80% breach: Stolen credentials

• Difficult to manage AI agents.

• Now use Bluetooth Low Energy

• Cisco’s Duo, Microsoft Entra ID, Ping Identity.

• Embrace “Never trust, always verify”.

2. Amazon: AI-generated Alert Amazon

• For rind doorbell division.

• Alert unsual activities around homes.

• 25/6: Beta version for premium users.

• Plans to push deeper into AI.

• Concern about flaws with the technologies.

3. OWASP AI Testing guide OWASP

• Comprehensive methodologies, best practices.

• Principles and objectives to test AI.

• Threat modelling for AI systems..

• Application, model, infrastructure, data.

• Open source project.

4. US Retail Data Breach HowToGeek

• 2.2 millions of records,

• Sensitive personal, finance and health info.

• Current and former employees.

• Global Food Retail Company.

• First accesss: November 6, 2024.

5. Anthropic’s AI Weird Experiment. TechCrunch

• I vending machine went haywire.

• Hallucinated, lied, & contacted security.

• Obsessed over selling tungsten cubes.

• Long-running instance caused odd behavior.

• AI middle-managers still seem possible.

Our upcoming book

Notice: Y2 GenAI Safety and Security is on GumRoad and Amazon with paperback.

Teaser: Y2 GenAI Safety and Security

Available: Q1 2025 Book Report

David Sachs & what's next

How David Sachs thinks about AI & Crypto

How upcoming Trump senior AI policy advisor thinks

California Takes the Lead on AI Regulation