Marcus Hutchins’ Post

AI makes traditionally hard-to-attack surfaces incredibly easy to exploit. If you are a tech leader not assigning 20% of your AI budget to security, you just don't get it. One of the most frustrating parts of #CSO / #CISO life is just how much product development tries to make sure that Security finds out last. Recall is just the latest tech invention that, in order to be first-to-market, takes a great idea and completely avoids any meaningful consideration of #privacy and #security risks. My concern, however, is that we're all missing the real problem. Microsoft didn't really have to create any big new APIs for this. Microsoft Security has been tracking these kinds of apps likely for decades. There is nothing that would have prevented me from writing a similar constant-screen-capture app in 1996 Win32. I know, because that's the first time I wrote one. It also monitored every keypress and mouse position. I really hope it isn't in use these days, but at least we used user-based PGP encryption. The difference is that #ai can make sense of all the user interactions and store it together in one nice, neat hackable package that is only protected by a single user identity. What happens next year when all the apps #genAI is writing this year get released into the wild? How many security holes do you expect the average generative AI has generated in its code? Will a genAI help you find these holes, or does it have biased blinders because it made them? Do you know what your threat model looked like _BEFORE_ AI? Did you have one? Do you suppose even the largest and most complex general AI can win a competition with an attacker's model that's focused on cybersecurity? Doubtful. Be prepared.

Most companies and leaders underestimate the importance of the security team. They often are in a legacy mindset that security is a blocker, when in fact it's an enabler. 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐢𝐬 𝐭𝐡𝐞 𝐠𝐥𝐮𝐞 between product, engineering, & business.

Very very very accurate.

Security Pros will always be in demand even if AI assisted tools replace many current workflows. Cyber Sec folks are friends not foe. Businesses should take note when concerns about security are raised. You are valuable ❤️, your opinions are valuable. Keep up the good fight. #cybersecurity #learningeveryday

I love being a business enabler! What does that mean? It means I’m there for you, your ideas, and the objectives or outcomes you are targeting. Every day, I strive to enable the business to do more, do better, increase efficiency, multiply our efforts, and work smarter not harder. But sometimes being the security guardian is an unenviable task. Helping to digest and understand the potential risks with some of the newly available technology is a process we must wade through every day. It isn’t fast, and it isn’t absolute. Take ChatGPT or one of the many AI spinoffs following its release - I think it’s great, I use it on occasion, and it definitely helps with brainstorming or sourcing information easily. But it also doesn’t belong plugged into many of the company data sources until we have a better vision of how secure it is. No one can profess to be an expert of how OpenAI protects and safeguards your data. Those results will only come with time. Microsoft Recall is another great example. It sounds like a cool feature, except it is in its infancy, and Microsoft despite being a tech company, almost enabled it by default until the tech community voiced their opinions loudly. What could go wrong with an app that records your screen all of the time? I’m sure we will find out. Data is the treasure being guarded by the dragon here. Trust your dragon to protect you and help us all succeed together without losing our treasure. #infosec #cybersecurity #data #ai #themoreyouknow #totalrecall

Microsoft in damage-control mode, says it will prioritize security over AI https://buff.ly/3xlAuyV Microsoft is currently in a phase of damage control, indicating that the company is shifting its focus towards prioritizing security measures over artificial intelligence development. This strategic shift emphasizes the critical importance of safeguarding data and systems against potential threats. By placing security at the forefront, Microsoft aims to enhance customer trust and protect sensitive information from cyber attacks. This proactive approach reflects the evolving landscape of technology, where the integrity and protection of data are paramount. The company's decision underscores a commitment to ensuring robust security protocols in an increasingly digital world. #Microsoft #SecurityPriority

In the past year Microsoft has faced damaging hacks by groups linked to China and Russia and has deployed 1,000s of engineers to deal with the latter. It's in the middle of its biggest security overhaul in 2 decades. Microsoft security chief Charlie Bell and the head of the new overhaul plan, Bret Arsenault, spoke to me and Andrew Martin about the details of the program, called Secure Future Initiative and what it's accomplished so far around things like shutting down identities and apps that are aged, unused or lack modern security. But is it enough? There are also key differences between this security overhaul and the one Bill Gates imposed in 2002. For starters, Microsoft is not halting product development this time. In fact, it's moving really fast right now to capitalize on what it sees as its opportunity in AI. That's not what some in the US gov't want to hear -- the US Cyber Safety Review Board's scathing report recommended a pause or at least a slowdown to ensure new products are safe before release. Oregon Senator Ron Wyden criticized what he and the review board see as a lack of Microsoft focus on safety, saying "for a company that is entrusted with as much sensitive government information, particularly one generating tens of billions of dollars in cybersecurity revenue alone, that is unacceptable." https://lnkd.in/g4PDM_gu

Bredec Group Microsoft expands availability of its AI-powered cybersecurity assistant - The Economic Times: Microsoft expands availability of its AI-powered cybersecurity assistant  The Economic Times Inquiry@bredec.com

Discover how Microsoft's new AI feature Recall spurred security debates, leading to essential privacy updates and an opt-in policy. #Microsoft #AI #Cybersecurity #TechNews #PrivacyUpdates #cybersecurity #security #news https://lnkd.in/edWFmRap