Clint Gibler’s Post

Google open sources file-identifying Magika AI for malware hunters and others Cool, but it's 2024 – needs more hype, hand wringing, and flashy staged demos to be proper ML

❗Last month cybersecurity researchers at JFrog discovered a high-severity flaw in the Vanna.AI library (CVE-2024-5565) that allowed hackers to exploit the "ask" function via prompt injection, enabling remote execution of harmful commands. This flaw lets attackers manipulate inputs to run arbitrary code instead of generating safe SQL queries. One of OWASP’s top 10 security vulnerabilities for LLMs is prompt injection, where users can maliciously or inadvertently cause LLMs to return sensitive data or access. Some recommended solutions for organizations looking to secure their AI usage and prevent prompt injection: 1). Enforce privilege control on LLM access. 2). Provide the LLM with its own API tokens for functionality like plugins and data access. 3). Develop guardrails around the usage of AI applications and LLMs.  #GenAI #LLM #AIInnovation #EnterpriseAI #DeveloperProductivity #CustomerExperience #Security

Creating images with #Opensource #AI is super cool, but it can be dangerous if not done right. 🖼️🤖 A recent #article (https://lnkd.in/dDRTPpYc ) on @vpnMentor highlights the risks associated with using Opensource AI tools like #ComfyUI. A malicious custom node was introduced into the system, potentially compromising user data and security. This incident serves as a crucial reminder to always use trusted sources and keep our security protocols up to date. Stay safe and enjoy the creative power of AI responsibly! #AI #CyberSecurity #ImageCreation #TechSafety #ArtificialIntelligence #DataProtection #AIArt #DigitalSecurity

Today with codees we are talking about: Google Bug Bounty Program. Google has expanded its vulnerability rewards program (VRP) to include attack scenarios specific to generative AI. In an announcement shared with TechCrunch ahead of publication, Google said: “We believe expanding the VRP will incentivize research around AI safety and security and bring potential issues to light that will ultimately make AI safer for everyone,” Google’s vulnerability rewards program (or bug bounty) pays ethical hackers for finding and responsibly disclosing security flaws. #Codees #IT #technology #news #google #NewsUpdate #bugbounty

OWASP Top 10 LLM security concerns! They’ve added to their application Top 10 list with Gen AI concerns. How well placed are you to cover these? https://lnkd.in/gMnGVGSM

Detecting file types helps identify malicious files disguised with false extensions, such as a .jpg that is actually malware. Magika, Google’s AI-powered file type detection tool, uses deep learning for precise detection. In the following code, files have misleading extensions, but Magika still accurately detects their correct types.  🚀 Link to Magika: https://bit.ly/45tdw5O

CTF Tools CTF Field Guide - Everything you need to win your next CTF competition. 🔗https://lnkd.in/drn3pFdS Ciphey - Automated decryption tool using artificial intelligence and natural language processing. 🔗https://lnkd.in/dh7AuwSx RsaCtfTool - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks. 🔗https://lnkd.in/dNtg-tv2 ctf-tools - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines. 🔗https://lnkd.in/d5a6gVXM - Easily generate sophisticated reverse or bind shell commands to help you save time during penetration tests. 🔗https://lnkd.in/d4AZUgF5 #infosec #cybersecurity #hacking #pentesting #security

There’s no reason to panic over WormGPT: As tools for building AI systems, particularly large language models  (LLMs), get easier and cheaper, some are using them for unsavory purposes, like generating malicious code or phishing campaigns. But the threat of AI-accelerated hackers isn’t quite as dire as some headlines would suggest. The dark web creators of LLMs like “WormGPT” and “FraudGPT” advertise […] http://dev.dlvr.it/2dX0KY

Google open sources file-identifying Magika AI for malware hunters and others #google #ai

🌟 New Development: I am happy to introduce my AI malicious mail detection software! 😊 👨💻 About the Software: This software effectively detects malicious emails using artificial intelligence technologies. It analyzes email texts in depth, quickly identifies potential threats and sends instant alerts to users. #CyberSecurity #AI #EmailSecurity #ArtificialIntelligence #DigitalSafety #InfoSec #Phising #Email #Malicious #ThreatDetection #SecureEmail #CyberAttack #DataProtection #CyberDefense