4 Day Work Weeks, Threathunter.ai, Microsoft 365 Ban, & Refusing to Be Fun at Work – ESW #299
Announcing Drata’s Series C, Milton Security announces new name, Threathunter.ai, Germany Forces a Microsoft 365 Ban Due to Privacy Concerns – Best of Privacy, New Communication Protocol “Ibex” and Extended Protocol Suite, Gepetto uses OpenAI models to provide meaning to functions decompiled by IDA Pro, Stack Overflow bans ChatGPT, French man wins compensation as judge awards him the right to refuse to be fun at work
Announcements
You can now find us on Instagram! Follow us for highlight reels, giveaway announcements, and more at SecWeekly.
Hosts
- 1. FUNDING: Announcing Drata’s Series C
$200M Series C, co-led by ICONIQ Growth and GGV Capital. $2B valuation
- 2. FUNDING: HYPR, the Leader in Phishing-Resistant MFA, Raises $25M
- 3. FUNDING: CyVers Raises $8M in Funding
- 4. FUNDING: Bain Capital Crypto Co-Leads On-Chain Security Startup Nucleo’s $4M Seed Round – NFTgators
- 5. FUNDING: [Seed] Cybersécurité : Arsen lève 2,5 millions d’euros auprès d’Elaia et de French Founders – FrenchWeb.fr
- 6. REBRANDING: Milton Security announces new name, Threathunter.ai
- 7. REGULATION: Germany Forces a Microsoft 365 Ban Due to Privacy Concerns – Best of Privacy
- 8. VULNERABILITIES: Supply Chain Vulnerabilities Put Server Ecosystem At Risk – Eclypsium
- 9. NEW PRODUCTS: New Communication Protocol “Ibex” and Extended Protocol Suite
- 10. TRENDS: Gepetto uses OpenAI models to provide meaning to functions decompiled by IDA Pro
Gepetto is a Python script which uses OpenAI's davinci-003 model to provide meaning to functions decompiled by IDA Pro
- 11. TRENDS: Stack Overflow bans ChatGPT
AI has been kind of a joke for a while. Where it worked pretty well, it was invisible (e.g. smartphone soft keyboards), and where it didn't, people had a field day (look up videos of Scottish people trying to use voice assistants like the Amazon Echo). Then Dall-e 2 was released to the public. And then Midjourney. Suddenly, there are multiple paid services that auto-generate stories for children using AI to generate both the story and corresponding images based on your prompts. It's all happening more quickly than most people anticipated, I think.
In security, anti-virus had a big win with machine learning. So much so, that it unseated the industry's largest pure play vendors (Symantec, McAfee), who didn't respond quickly enough to the trend to survive the massive customer exodus. Beyond next-gen AV, the impact of AI/ML seems like it should be massive, according to the marketing copy, but in reality seems entirely overblown.
I've tested several products claiming to use AI/ML to better detect attacks, and the failure of these models has been complete, even in the most controlled and prepped circumstances. AI-generated images didn't offer much to security teams, but the moment OpenAI made ChatGPL available to the public, security folks started exploring what it could do.
The quality of results I've seen has been astonishing. Ask it "why should I be a CISO" and it gives a response that, as a blog post, no one would ever guess was written by AI. It can effortlessly give remediation guidance to vulnerabilities and help reverse engineer software alongside IDA Pro. I think it might be a stretch to say that it could help with security's alleged talent shortage, but folks are definitely going to explore the limits of what it can do, and I wouldn't be surprised to see it embedded in commercial products before long.
Perhaps AI/ML will revolutionize security products after all, but we just needed better AI/ML tech, from outside our industry to make it happen.
- 12. TRENDS: Security Firms Aiding Ukraine During War Could Be Considered Participants in Conflict
Russia may consider cybersecurity firms helping Ukraine as legitimate targets for retaliation.
- 13. TRENDS: Discovered new BYOF technique to cryptomining with PRoot – Sysdig
- 14. TRENDS: Ireland sees ‘100% success rating’ with 4-day work week trial
- 15. SQUIRREL: French man wins compensation as judge awards him the right to refuse to be fun at work
