Hi! 👋 Welcome to The Big Y!
There’s nothing like new technology rushing into everyone’s hands to cultivate a speed first, security second mindset. When it comes to generative AI, do we even understand what security means?
Developers, consumers, enterprises - everyone is using or trying to use GenAI solutions in their everyday life, and in the same way we assume Google or Apple is up-to-date on everything required to keep us secure, we also assume the companies serving GenAI are meeting the gold standards. It turns out that assumption is probably wrong. A report from the DevOps company, JFrog found that a (now deleted) model on Hugging Face, whose loading led to code execution that allowed for a compromised Python Pickle file to be run that opened a backdoor on the victim’s machine. With all the available open-source models, datasets and more, it can be hard to verify and check that they’re safe to be run in our systems.
Likewise, ChatGPT had security issues (now fixed) with third-party plugins that would compromise accounts and data. Hugging Face, the GPT store, and other spots hosting GenAI related assets end up having the same responsibilities as other app stores (ex. Apple’s App Store), where users can trust that the assets are safe to use.
We need to rethink the taxonomy of security when it comes to GenAI since there are so many new facets that need to be considered. You can come across malicious plugins, reverse shell attacks, or malicious hallucinations where the model generates code that you think does one thing but in reality it does something else. When working with these models, we need to think about how to keep our data safe, avoiding violating copyrights or patents, and how to use them effectively.
Google DeepMind is churning out interesting research, this time a new AI system for assisting with soccer (football) tactics: TacticAI. Working with Liverpool FC, they’ve created a system for corner kicks that can now predict with 78% accuracy where the ball will go.
Know someone who might enjoy this newsletter? Share it with them and help spread the word!
Thanks for reading! Have a great week! 😁
🎙 The Big Y Podcast: Listen on Spotify, Apple Podcasts, Stitcher, Substack