16 Oct, 2024

OpenAI confirms threat actors use ChatGPT to write malware

OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. The report, which focuses on operations since the beginning of the year, constitutes the first official confirmation that generative mainstream AI tools are used to enhance offensive cyber operations. […]

6 mins read

Critical flaw in NVIDIA Container Toolkit allows full host takeover

A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources. The security issue is tracked as CVE-2024-0132 and allows an adversary to perform container escape attacks and gain full access to the host system, where they could execute commands or exfiltrate sensitive information. […]

2 mins read

X faces GDPR complaints for unauthorized use of data for AI training

European privacy advocate NOYB (None of Your Business) has filed nine GDPR complaints about X using the personal data from over 60 million users in Europe to train “Grok,” the social media company’s large language model. According to NOYB, X did not inform its users that their data was being used to train AI and did […]

3 mins read

Fake AI editor ads on Facebook push password-stealing malware

​A Facebook malvertising campaign targets users searching for AI image editing tools and steals their credentials by tricking them into installing fake apps that mimic legitimate software. The attackers exploit the popularity of AI-driven image-generation tools by creating malicious websites that closely resemble legitimate services and trick potential victims into infecting themselves with information stealer […]

2 mins read

How AI can make security more proactive and less reactive

In November 2022, the wider world suddenly became aware of the power and potential of artificial intelligence as ChatGPT was made available to the general public. Yet information-security practitioners were already familiar with automation and machine learning, which they had been using for many years in the forms of security orchestration, automation and response (SOAR) […]

6 mins read