@jerry him, that dude over there. No, over there. The one with the trilby, flippers and the copy of the avian carrier protocol. Dodgy as fuq if you ask me.
@jerry The use of LLM user inputs to build a "how do they think"/"how do their minds work" profile database of everyone who throws things into it, all conveniently tagged with their email and phone number, then combining that with deepfakes to create spectacularly realistic mimics of targeted people. Are you SURE that was your contractor on the zoom for the classified project? They weren't on the usual VPN at first and had to be reminded... What if the Dragos attacker hadn't acted like a bull in a china shop, but worked at keeping the illusion...and had video interactions to back it up? How certain ARE you of that "contract to hire" engineer who will vanish a month after getting access to the project they were hired for, and when you eventually find them on social media/IRL the person has no idea what you're talking about because it wasn't actually them? (Note: the solution is NOT "get people physically back in the office".)
If you combine it with movement sensor data from phones or fitbits to, say, imitate somoene's gait/movement style I'd be wondering if there'd be any way to prove you WEREN'T somewhere saying/doing something when even your phone's movement/GPS sensors say you were. Talk about framing someone for basically anything!
Dystopian science fiction nightmare? Yes. Possible with capabilities we have now? Yep. Likely? Well, I can think of several scenarios off the top of my head where it'd be useful STARTING with corporate espionage. How badly does someone want something? (Specifically, how badly does anything military-connected want something? That and porn are the classic starting points for tech advances.)
What am I doing about it? Having nightmares and being ignored and blown off. (And wishing I could find a job helping PREVENT this before people get bit by it, but that requires the part after "having nightmares" to stop happening.)
@jerry more risk then threat but how to spread monitoring to lower budget business such as clinics, family practices, small business, non profit. All they have is EDR (if that) and it’s not enough.
@jerry what worries me: Third-party suppliers of ours adopting AI without any of the appropriate controls in place and without telling us.
what am I doing: lots of vendor due diligence questionnaires and chasing up Legal for what is in our contracts
@jerry might be old news but this .zip TLD that has been announced is interesting. When I learned of what it was and how it can be abused I was interested in the domains that can be most dangerous... such as statement.zip.
Imagine receiving an email spoofed to be from a bank like https://yourbankd.com@statement.zip letting you know you have a bank statement waiting for you and you click on that link... bad news...
I checked already too... statement.zip is taken and probably already being abused...
Add comment