Tech Risk Reading Picks

1. Cloud risk at scale: Rob Enderle, a technology analyst who has worked for Fortune 500 companies, cautioned that we are approaching a critical juncture where a catastrophic issue could arise. The potential ramifications are significant: if someone were to successfully breach a single CSP, they could gain access to countless clients, likened to possessing a master key for a hotel. The consequences could escalate rapidly, as any breach would not only affect the CSP but also jeopardize all its clients, potentially leading to business shutdowns, as Enderle pointed out. [more]

2. Chrome’s quantum issue: Google Chrome 124 introduced a new quantum-resistant encryption mechanism, causing connection issues for some users due to servers not properly handling the larger ClientHello messages for post-quantum cryptography. This affects various network devices and security appliances from different vendors. While not a Chrome bug, the problem lies in servers' failure to implement Transport Layer Security (TLS) correctly. [more]

3. AI considerations in finance: In finance, AI's impact is significant but raises concerns about privacy and compliance. CFOs are experimenting, but there's hesitation due to uncertainties. Promising use cases include financial planning, analysis, and more. Here's a breakdown:

   1. Embrace AI with Caution: While AI offers productivity gains, it requires specialized expertise. Engage the workforce to alleviate anxiety and stress.

   2. Prioritize Data Strategy: Invest in AI-ready data strategy and governance to ensure data trust and security. Clean up data structures and prioritize valuable data for competitive advantage.

   3. Identify Risks: AI amplifies risks like data confidentiality and cyber threats. Take inventory of AI use and understand third-party AI usage.

   4. Adjust to Regulation: As AI regulation evolves, enhance existing systems to comply with global regulations. Understand regulatory implications and assess their impact.

   5. Board's Strategic Role: Boards should engage with AI leaders and oversee AI strategy. Understand AI technologies and communicate with the board about regulations and compliance.

   Overall, organizations must balance AI's potential with risks, prioritize data governance, adapt to regulations, and involve the board strategically in AI governance. [more]

4. Use of AI to cause harm: In Baltimore County, the athletic director at Pikesville High allegedly cloned the principal's voice, creating a fake recording with racist and antisemitic remarks. This emerged amid tensions over the principal's concerns about the athletic director's performance and fund misuse. The incident led to the principal going on leave, police guarding his house, and the school receiving backlash via calls and social media. Analyses revealed the recording contained AI-generated content with human editing. While the exact creation process remains unclear, experts emphasize the need for better regulation due to AI's rapid advancements. AI-generated disinformation, especially in audio, is concerning as it's hard to detect and has been used for various malicious purposes, including scam calls and political manipulation. Additionally, there are alarming trends beyond audio, such as the creation of fake nude images without consent, indicating a broader issue of technological abuse. [more]

5. AI security startup: Israeli AI security startup Apex emerged from stealth mode with $7 million in seed funding led by Sequoia Capital and Index Ventures, with participation from angel investors including Sam Altman, CEO of OpenAI. Apex addresses security issues stemming from the rise of generative-AI like ChatGPT, offering a platform for deep visibility into AI activity and enforcement of security policies. It detects AI attacks, ensures compliance with security standards, and supports various AI platforms including ChatGPT Enterprise, Google Gemini, Microsoft Bing, Amazon Q, and custom AI applications. Apex aims to facilitate secure AI adoption in organizations by empowering security and AI teams to leverage AI safely. [more]

6. US DHS forms AI safety board: The US Department of Homeland Security (DHS) has formed a blue-ribbon board consisting of CEOs from tech giants like OpenAI, Microsoft, Google's Alphabet, and Nvidia. This board will advise the government on how artificial intelligence (AI) impacts critical infrastructure, including transportation, power grids, and internet services. The goal is to prevent and prepare for AI-related disruptions that could affect national security, public health, or safety. Homeland Security Secretary Alejandro Mayorkas emphasized the importance of safe AI deployment and addressing threats to vital services. The board comprises 22 members, including CEOs from various sectors and government officials. Their focus is on practical solutions for implementing AI in daily life, with the first meeting scheduled for next month and quarterly meetings planned thereafter. The DHS's 2024 threat assessment highlights the potential for AI-assisted tools to enable large-scale, efficient cyber attacks on critical infrastructure. [more]

7. Web3 Cryptospace Spotlight

   1. Pike Finance’s contract hacked: Pike Finance, a DeFi lending protocol, suffered a smart contract vulnerability leading to more than $1.6 million theft over three days across Ethereum, Arbitrum, and Optimism chains. CertiK reported that the exploit allowed the attacker to change the output address and drain funds. This was the second attack within days, sparking outrage in the crypto community. Pike responded by advising users to revoke approvals and offered refunds for pre-sale deposits. Despite efforts to address the issue, Pike's reputation has taken a hit, with users labeling it as unsafe and untrustworthy. [more][more-securityanalysis]

   2. Google Cloud on Web3: Google Cloud launched a new Web3 portal tailored for blockchain developers, offering datasets, tutorials on nonfungible token (NFT) creation, and testnet tokens for Ethereum-based decentralized applications. The portal includes learning programs covering NFT development, Web3 loyalty programs, and digital asset security via multi-party computation. This initiative follows Google's recent efforts in the Web3 sector, including features enabling users to search wallet balances across various blockchains like Bitcoin, Arbitrum, Avalanche, Optimism, Polygon, and Fantom. [more][more-GoogleWeb3]

   3. Quantum impact on blockchain: Johann Polecsak, co-founder of the QAN blockchain platform, warns that existing public blockchains like Bitcoin, Ethereum, and Solana are not prepared to adopt post-quantum cryptography without causing significant disruption to users. He emphasizes the risks involved in migrating to post-quantum cryptography, particularly due to the pseudonymous nature of blockchain transactions, which could make it difficult to distinguish legitimate users from hackers. Polecsak argues that the potential losses from quantum attacks could render current blockchains worthless, as there is no secondary authentication mechanism in place to prevent such attacks. He highlights Google's quantum computing breakthrough in 2019 as a wake-up call for enterprises and governments to prioritize cybersecurity against quantum threats. Polecsak advises individual users to research and consider transferring their assets to post-quantum blockchain platforms to safeguard their funds. [more]