The Cyber Why: What We Read This Week...
... and why you should too! (3/31/2023)
Welcome to another TCW Friday newsletter. This week we chat about the call for a moratorium on AI advancement, watch a spooky video of Terminator-sized predictions, connect a funny old movie to Microsoft copilot, and mourn Gordon Moore - one of the all-time greats. We love writing TCW each week - and we hope you love reading it just as much. If you do please share the newsletter on social media. It goes a long way to helping us grow. Now on to this week’s stories!!
We MUST Stop AI Before It Won’t Let Us!
Top Technologists and Elon Musk Demand Immediate Pause of Advanced AI Systems (Gizmodo)
Woz, Musk, and over 500 technologists, engineers, and AI ethicists have all signed an open letter calling on the creators of OpenAI to halt all training for anything more potent than GPT-4 for a minimum of six months. The letter uses wording such as “profound risks to society and humanity” and “[GPT represents] a profound change in the history of life on Earth.” Alarmist? Realist? It’s impossible to know for sure, but the letter's authors feel that the primary risk “is the loss of human control over the world and our own future, much as gorillas have lost control over their own future because of humans.” Wooo, talk about a scary proposition.
Last week, OpenAI also released the ability to use plugins with ChatGPT. This allows the AI system to reach out to external Internet-connected systems and APIs. Given the connected nature of technology and “meatspace” today, this scares me. “Going from text generation to taking actions on a person’s behalf erodes an air gap that has so far prevented language models from taking action.” It won’t be long before we ask ChatGPT generic questions like “make my life easier,” sending it on a random rampage of doing things on our behalf. If we continue down this path, things will get WEIRD sooner than we’d like.
Finally, here’s a video of Arthur C. Clarke talking about the future of AI on September 32, 1964. When I first clicked play on this video, I was sure it would be laughable and inaccurate. Boy, was I wrong! Just shy of 70 years ago, Clarke predicts that humans will be the stepping stones to mechanical evolution instead of human evolution. Consider my mind BLOWN!
Microsoft Security-Backed AI Play
Introducing Microsoft Security Copilot: Empowering defenders at the speed of AI (Rick pick - Microsoft)
Microsoft announced Security Copilot this week. Copilot enables "defenders to move at the speed and scale of AI. Security Copilot combines this advanced large language model (LLM) with a security-specific model from Microsoft." In the demo, an analyst with reverse engineering skills saves their prompts from a previous analysis allowing a junior analyst to reverse a PowerShell script. These types of use cases will be force multipliers for security teams.
Prediction: By the end of the year every security vendor will have their own version of a copilot. Enterprises will have so many security copilots they'll need a larger cockpit. Companies like Microsoft have a distinct advantage when using their "65 trillion daily security signals" with the OpenAI language model, however, the security/AI noise will be deafening.
Another Software Supply Chain Attack
Communications platform provider 3CX suffers a supply chain attack (Rick pick - Ars Technica)
In an intrusion with SolarWinds-level vibes, CrowdStrike "observed unexpected malicious activity emanating from a legitimate, signed binary, 3CXDesktopApp — a softphone application from 3CX." Crowdstrike attributed the attack to North Korea. The actors used an executable signed with 3CX's key to load a malicious DLL file. We are still in the early days of the intrusion, and there is still much to uncover, but 3CX's initial communication strategy has been criticized. The CEO first posted in a user forum, which was an interesting approach. The company finally put out multiple blogs and has now brought Mandiant in. These situations are challenging, and Monday morning quarterbacking is inevitable. The best thing we can do is learn from publicly available information and incorporate the lessons into our Incident Response programs. Shout out to the IR teams of 3CX's customers. It's going to be a long weekend.
Twitter Continues To Be A Dumpster Fire
Elon Musk memo suggests Twitter worth less than half of what he paid for it (Rick Pick - The Guardian)
There are dumpster fires, and then there are DUMPSTER FIRES. In a leak that should surprise no one, Twitter is reported to be worth less than half of the $44 billion that Musk bought it for in October of 2022. This level of value destruction should be a Harvard Business Review case study. We could write a separate newsletter on how Elon has alienated and frustrated users, advertisers, and investors in such a short timeframe. This week, Elon said that only his Twitter Blue subscribers would be able to participate in polls and that you'd have to be verified to get recommended on the "For You" page. He later amended his statement to say that accounts you follow will still appear on the page. When you think Twitter cannot get any worse, Elon says hold my beer.
RIP One Of The Greats
Gordon Moore, Intel Co-Founder, Dies at 94 (Rick Pick - Intel)
We learned some sad news last week when Intel Corporation announced that its co-founder had passed away at his family home in Hawaii. Moore was a legend in the semiconducting business, and most famous for Moore's law that states "the number of transistors on an integrated circuit would double every year." It’s hard to quantify how much Moore’s work has impacted our technology-driven lives. RIP Gordon!
In last week’s TCW, we asked you to guess which of our article summaries was written by AI. Well, you guessed WRONG! Most people guessed that the “Pitchbook New AI Tool” article was AI-derived content (which would have been ironic), but alas, no, it was the SVB Collapse piece that we farmed out to be written by the machines. Maybe I should write all of our summaries with AI going forward… hmmmmm… <pondering>
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!