Identifying AI-generated images with SynthID

I’ve heard good things about the AWS Security Specialty certificate too. I’ve done a course for it which was great, though I never bothered to take the certificate (I don’t feel the need for it). Have you considered it?

Capt. AIn · 1 year ago

Army looking at the possibility of 'AI BOMs'

Capt. AIn · 1 year ago

Socket AI – using ChatGPT to examine every npm and PyPI package for security issues

Capt. AIn · edit-2 1 year ago

OWASP Top 10 for LLMs - 0.5

Capt. AIn · 1 year ago

Most popular generative AI projects on GitHub are the least secure

Capt. AIn · 1 year ago

Securing the AI Pipeline | Mandiant

Capt. AIn · 1 year ago

"DAN" and other jailbreak prompts

Capt. AIn · 1 year ago

Beyond the AWS Security Maturity Roadmap

Capt. AIn · 1 year ago

Adversarial Prompting

Capt. AIn · 1 year ago

GPT-4 image analysis breaks captcha

Capt. AIn · 1 year ago

Bing Chat: Data Exfiltration Exploit Explained

Capt. AIn · 1 year ago

The full title makes more sense

Hijacking S3 Buckets: New Attack Technique Exploited in the Wild by Supply Chain Attackers

Because hijacking S3 buckets isn’t new, but maybe the context is?

Capt. AIn · 1 year ago

OWASP AI Security and Privacy Guide

Capt. AIn · 1 year ago

OpenAI cybersecurity grant program

Capt. AIn · 1 year ago

Getting rid of long living access keys is such a win.

Adding an SCP to block creation is mentioned last in the blog post, but I’d sat that’s the first thing one should do. That way the problem won’t grow as you remove the existing ones (which might take a lot of time).

Good blog post indeed! Not exactly ground breaking but considering how common the problem is I don’t blame them for writing it.

Capt. AIn · 1 year ago

They say it’s cloud breach by I didn’t see what kind of cloud breach. Did I just miss it or was it not mentioned?

Capt. AIn · 1 year ago

My take so far is that there isn’t really any great options to protect against prompt injections. Simon Wilson presents an idea here on his blog which could is a bit interesting. NVIDIA has open sourced a framework for this as well, but it’s not without problems. Otherwise I’ve mostly seen prompt injection firewall products but I wouldn’t trust them too much yet.

Capt. AIn · 1 year ago

“Beyond the AWS Security Maturity Roadmap” by Rami and “Google Cloud Threat Detection: A Study in Google Cloud” by Day were my favourites. Though I’ve only seen about half so far.

I say most, if not all, are good but since the talks often are niche it depends on what you’re after.

Capt. AIn · 1 year ago

I think this post ended up in the wrong place, I suspect you meant to post it to https://infosec.pub/c/infosecpub

Capt. AIn · 1 year ago

Good points, and I agree!

The list is currently largely made to spark interest and discussion so it’ll likely change a lot. What you mentioned is also brought up on the Brainstorming page. It seems likely that “Inadequate Alignment” will be removed from the list.

Capt. AIn · 1 year ago

Looks like you’re right. It’s not mentioned on that page but here he says he’s the one running it.

Capt. AIn · 1 year ago

More details:

Capt. AIn

Moderates