Daniel Miessler, Alex Babin – ESW #320
This is the first interview in a two-part AI special!
First up, we talk with Daniel Miessler, who has been following the generative AI trend very closely and is one of the most prolific writers and thought leaders on the topic. It's a massively divisive topic with the most successful product ever launched (ChatGPT). Some folks think it's overhyped, some think it's going to replace all the worst parts of the worst jobs, and others think it could be the beginning of the end for humanity.
While other interviews on GenAI get deep into conversations on the future of humanity, we're going to stay closer to home on this one. It seems clear that GenAI will transform the enterprise more quickly than any other technology trend we've seen. We'll discuss what security needs to do to prepare for this shift, and why security teams should begin exploring GenAI themselves as soon as possible.
Generative AI is taking the world by storm. Naturally, enterprises are looking for ways to integrate the innovative technology into their techstack, boost productivity of the knowledge workers and overall increase their ROI. The question is, how to do it without compromising data privacy and security standards of the enterprises.
Segment Resources: https://zerosystems.com/
In this episode we briefly cover funding, and discuss Snyk's acquisition of Enso Security and Cisco's Armorblox buy. We discuss some new open source AI tools: privateGPT, llm, ttok, and strip-tags. We discuss the death of Meta's massive Metaverse movement and go DEEP down the rabbithole on the new Stop Silly Security Awards website. Artifact's AI rewrites clickbaity headlines and we wrap up by exploring a very entertaining Map of GitHub communities: https://anvaka.github.io/map-of-github/
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Full Audio
Segments
1. This is How Generative AI will Reshape the Enterprise – Daniel Miessler – ESW #320
This is the first interview in a two-part AI special!
First up, we talk with Daniel Miessler, who has been following the generative AI trend very closely and is one of the most prolific writers and thought leaders on the topic. It's a massively divisive topic with the most successful product ever launched (ChatGPT). Some folks think it's overhyped, some think it's going to replace all the worst parts of the worst jobs, and others think it could be the beginning of the end for humanity.
While other interviews on GenAI get deep into conversations on the future of humanity, we're going to stay closer to home on this one. It seems clear that GenAI will transform the enterprise more quickly than any other technology trend we've seen. We'll discuss what security needs to do to prepare for this shift, and why security teams should begin exploring GenAI themselves as soon as possible.
Announcements
Follow us on LinkedIn for updates across our organization, show highlights, and more! You can find us by searching for Security Weekly Productions.
Guest
Daniel is a 23 year veteran in information security now working at the intersection of AI and security. As the founder of Unsupervised Learning he’s building products and services that help companies and individuals find and pursue their true paths. Daniel also advises and consults for companies on how to advance their security programs and incorporate AI into their products and services.
Hosts
2. How to Enable Generative AI in Enterprise While Mitigating the Most Common Risks – Alex Babin – ESW #320
Generative AI is taking the world by storm. Naturally, enterprises are looking for ways to integrate the innovative technology into their techstack, boost productivity of the knowledge workers and overall increase their ROI. The question is, how to do it without compromising data privacy and security standards of the enterprises.
Segment Resources: https://zerosystems.com/
Announcements
Join our Discord channel to chat with our hosts, ask questions, customize livestream alerts, and more! Visit securityweekly.com/discord to receive an invite.
Guest
Alex Babin is the Co-founder & CEO of Zero Systems, a VC-backed AI startup headquartered in Silicon Valley, California. The company offers an operating and orchestration system for building, deploying, and maintaining AI applications to augment knowledge workers at large enterprises. Alex is a serial entrepreneur and seasoned CEO with over 20 years of experience in the automotive, SaaS, and AI industries. His first technology startup, which he founded at the age of 24, was a hybrid vehicle company funded by DFJ. Alex is an expert in generative AI and large language models (LLM) with a focus on enterprise use cases.
Hosts
3. Cisco buys Armorblox for… GenAI? Silly Awards, RIP Metaverse, and new AI FOSS – ESW #320
In this episode we briefly cover funding, and discuss Snyk's acquisition of Enso Security and Cisco's Armorblox buy. We discuss some new open source AI tools: privateGPT, llm, ttok, and strip-tags. We discuss the death of Meta's massive Metaverse movement and go DEEP down the rabbithole on the new Stop Silly Security Awards website. Artifact's AI rewrites clickbaity headlines and we wrap up by exploring a very entertaining Map of GitHub communities: https://anvaka.github.io/map-of-github/
Announcements
Join us at an upcoming Official Cyber Security Summit in a city near you! This series of one-day, invitation-only, executive level conferences are designed to educate senior cyber professionals on the latest threat landscape. We are pleased to offer our listeners $100 off admission when you use code SecWeek23 to register. Visit securityweekly.com/cybersecuritysummit to learn more and register today!
Hosts
- 1. FUNDING: Sekoia.io has Raised €35M in a New Round of Financing, a Record Amount for a European Cybersecurity Company in series A
French XDR startup
- 2. FUNDING: Backed by $15 million Series B Funding, Blumira Launches Easy XDR Platform for Small & Medium Business
- 3. FUNDING: Galvanick Raises $10M in Seed Funding
OT Security Startup
- 4. FUNDING: Data management startup Alcion launches with $8M in funding – SiliconANGLE
- 5. FUNDING: Compliance automation startup Strike Graph lands $7M to expand certification offerings
- 6. FUNDING: Keep Aware Raises $2.4 Million to Eliminate the Browser Blind Spot with Human-Centric Security
- 7. DEFUNDING: SentinelOne stock plummets more than 35% as annual guidance slashed, layoffs planned
- 8. ACQUISITIONS: Snyk To Acquire Enso Security For Improved AppSec Visibility
- 9. ACQUISITIONS: Cisco Buys Armorblox to Bring Generative AI to Its Portfolio
- 10. NEW TOOLS: privateGPT
Exactly what it sounds like.
- 11. NEW TOOLS: llm, ttok and strip-tags—CLI tools for working with ChatGPT and other LLMs
- 12. NEW PODCAST: MLSecOps Podcast
A new podcast, focusing heavily on the intersection of GenAI and security!
- 13. ANALYSIS: Microsoft Sentinel Cost, Plus Defender: More Expensive Than You Think
I LOVE analysis like this. Pricing in the tech and security world is so often a mystery, or straight up secretive. Even when it is shared, it can often be so complex and based on unknowns that it isn't until you get hit with a bill that you realize what you're in for.
We need more transparency in pricing.
- 14. ESSAYS: Angry customers are a gift
A lot of truth to this.
It's painfully difficult to get honest, detailed feedback on a product. When you do, it tends to be at extremes: someone is either delighted or disgusted with what you've built. For this reason, all rating systems need to be viewed with a curve. The 5s oversell how great the product is, and the 1 stars oversell how bad it is.
But it does tend to be the negative reviews that have the important feedback. You don't get much from folks that love your product the way it is, yet companies want to spend more time with these folks - they want to do case studies and promote how much they love it. Meanwhile, folks that have a problem with it are often promised fixes that never come and feel unheard.
- 15. ESSAYS: Withholding Single Sign-On from SaaS Customers is Bad for Business and Security
SSO Tax bad.
- 16. ESSAYS: Leveraging Large Language Models (LLMs) in Business: Risk Assessment and the Imperative of Data Security
An excellent essay from Mike Privette
- 17. ESSAYS: Cybersecurity in Space
- 18. ESSAYS: Cybersecurity Budgets Aren’t Untouchable
HOW DARE YOU
- 19. ESSAYS: RIP Metaverse, we hardly knew ye
Oooh, oooh, now do crypto and blockchain!
Seriously though, this is an interestingly timed article. The Quest 3 was just released starting at $500 (hundreds more than the Quest 1 or 2), and the Apple Vision Pro was just announced with a starting price of $3500.
This obit clearly isn't for VR and AR - the article doesn't even mention the forthcoming Apple product, and everyone knew it was being released at the WWDC at the time this article was published. This is for the idea of the Metaverse, which Meta created in the form of an application called Horizon Worlds. When it became available, no one flocked to it. A year after its release, it had 200 thousand MAUs.
By comparison, 5 months after release, ChatGPT has 173 million MAUs. Nearly three orders of magnitude more.
- 20. ESSAYS: Kelly’s Kommentary on the 2023 Verzion DBIRRRRRRR
DBIRRRRRRR kommentary
- 21. TRENDS: Stop Silly Security Awards
I'm a bit torn here. There a lot of shady, seedy awards 'companies' out there. However, shaming someone is never a great way to solve a problem, especially when you don't suggest alternatives.
- 22. AI TRENDS: Artifact’s AI Will Rewrite Clickbaity Headlines, Though Don’t You Dare Rework Mine
Artifact is a clever newsreader that allows you to rewrite headlines. If enough folks tag a headline as clickbaity, they'll rewrite it for everyone!
- 23. AI TRENDS: Clickbait Rewriting on Artifact: Behind the Scenes
A very useful and instructional explanation of how they built this feature.
- 24. AI TRENDS: How Hackers Can Up Their Game by Using ChatGPT
- 25. AI ATTACKS: Indirect Prompt Injection via YouTube Transcripts · Embrace The Red
This is particularly devious... and tough to protect against. This attack vector is similar to how the Log4Shell exploit works. You can distribute indirect prompt injection all over the place and then just wait for shells, as LLMs inevitably read and respond to your prompt injection payloads.
- 26. POST MORTEMS: Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking
- 27. PAPERS: DarkBERT: A Language Model for the Dark Side of the Internet
- 28. BREACHES: Welcome to Breaches.Cloud
At first, I thought this was going to be another website cataloguing cloud service provider vulnerabilities, but it's not that at all. Rather, this is a project going after one of my personal passions - doing breach post mortems, but specifically on cloud-related incidents.
- 29. HACKATHON: First in space: SpaceX and NASA launch satellite that hackers will attempt to infiltrate during DEF CON
You know the cost of sending cargo into space is coming down when a satellite is launched into orbit just for people to try to hack!
- 30. SURVEYS: Are Company Boards Prepared to Deal With Cybersecurity? Our Survey Says…
Some very interesting and frankly, unbelievable results here. The SEC doesn't define "expertise" and it seems boards are taking advantage of that.
- 31. SQUIRREL: Map of GitHub
Someone had a lot of fun naming the different communities in GitHub and I love it.
