US AI action act, Microsoft Zero day, compromised Github, AI control matrix, selfies breach

If you enjoy this newsletter, please become our paid subscriber to help this keep going.

Notice: We have a landing page! Check out at securegenai.github.io

Highlights

• US: AI action act.

• Microsoft Zero day.

• Compromised Github Org.

• AI control matrix.

• Breach: Selfies and images.

Special!

Available: Q2 2025 Report

---

Deep Dive

US: AI Action Plan WhiteHouse

• 28 page documentation.

• Three pillars: Accelerate, build, lead.

• Focus on Open source and Open weight AI.

• Combat Synthetic Media in the legal System.

• Promote Secure by Design for tech and app.

Microsoft Zero day SecurityWeek

• Sharepoint, include Teams and OneDrive.

• 400 organizations.

• Mostly in US.

• Include Nuclear and Health org.

• Started on 7/7; public actack: 7/18.

Compromised a Github Org BleepingComputer

• Publish ten malicious package on NPM.

• Include stealing data to collect authen token.

• July 20: Hijacked the account.

• Immediately made public all 73 repositories.

• Downloaded 5000 times before detected.

AI Control Matrix CSA

• 243 control objectives, 18 security domains.

• Including ISO 42001, ISO 27001.

• NIST AI RMF 1.0, and BSI AIC4.

• Consensus Assessment Initiative Questionnaire.

• A self-assessment or an evaluation of third-party vendors.

Breach: Selfies and images CNN

• Images used for account verification.

• Data Goldmine for AI attack.

• Facial recognition spoofing;

• Bio metric by passing and deepfake.

• Possibly used for fraud and others.

Notice: Y2 GenAI Safety and Security is on GumRoad and Amazon with paperback.

Teaser: Y2 GenAI Safety and Security

Available: Q1 2025 Book Report

David Sachs & what's next

How David Sachs thinks about AI & Crypto

How upcoming Trump senior AI policy advisor thinks

California Takes the Lead on AI Regulation