Security Archives - Jet Developers Blog

Google Workspace Unveils New AI-Powered Features and Security Enhancements

Google Workspace, the comprehensive suite of productivity tools, is rolling out a series of exciting updates aimed at enhancing user experience and security. Aparna Pappu, Google’s VP and GM of Workspace, highlighted the focus on AI and security in the latest offerings during a recent press briefing.

AI-Powered Meetings and Messaging

Google Workspace introduces two commercial plans leveraging Gemini to streamline meeting management and enhance communication:

AI-Powered Meeting Assistance: With features like “Take notes for me” and “Translate for me,” users can focus on the conversation while Gemini handles tasks like note-taking and real-time translation in Google Meet.
Automatic Message Translation: Google Chat will automatically translate messages and provide on-demand conversation summaries, improving communication across language barriers.

A screenshot of Google's Take notes for me feature during a Meet event. Image credit: Google

AI-Powered Security Enhancements

Google Workspace enhances data security with Gemini’s AI capabilities:

AI Security Add-On: Leveraging large language models, Google Workspace blocks more spam in Gmail, responds faster to phishing attacks, and offers enhanced protection for sensitive files in Google Drive.
Data Loss Prevention (DLP) Controls: Admins can enforce contextual DLP controls to prevent data leaks in Gmail, Drive, and Chat, ensuring sensitive information remains protected.

Google Vids: Streamlining Storytelling

Google introduces Google Vids, an AI-powered video creation app, enabling organizations to write, edit, and produce videos seamlessly for various purposes, from employee onboarding to client presentations.

Additional Workspace Updates

Google Workspace introduces several AI features and enhancements across its suite of applications:

Voice Prompting and Instant Polish in Gmail: Users can send emails using voice commands and refine them with instant editing features.
Sleeker Data Formatting in Google Sheets: A new table feature improves data organization and presentation in Google Sheets.
Enhanced Document Organization in Google Docs: Tabs and full-bleed cover images enhance organization and visual appeal in Google Docs.
Expanded Messaging Capabilities: Google Chat now supports up to 500,000 users in a space and offers messaging interoperability with Slack and Microsoft Teams.

These updates reflect Google’s commitment to empowering organizations with innovative tools that enhance collaboration, security, and productivity. As users continue to leverage Workspace and Gemini, Google remains dedicated to delivering products that facilitate seamless and secure work environments.

Microsoft Unveils New Azure AI Tools to Ensure Safe and Reliable Deployment of Generative AI

As the demand for generative AI rises, Microsoft takes proactive steps to address concerns regarding its safe and reliable deployment. Learn about the new Azure AI tools designed to mitigate security vulnerabilities and ensure the quality of AI-generated outputs.

Addressing Security Concerns with Prompt Shields

Prompt injection attacks pose significant threats to the security and privacy of generative AI applications. Microsoft introduces Prompt Shields, leveraging advanced ML algorithms to analyze prompts and block malicious intent, safeguarding against personal or harmful content injection. Integrated with Azure OpenAI Service, Azure AI Content Safety, and Azure AI Studio, Prompt Shields offer comprehensive protection against direct and indirect prompt injection attacks.

Enhancing Reliability with Groundedness Detection

To improve the reliability of generative AI applications, Microsoft introduces Groundedness Detection. This feature detects hallucinations or inaccurate content in text outputs, ensuring outputs remain data-grounded and reliable. Alongside prebuilt templates for safety-centric system messages, Groundedness Detection provides developers with tools to guide model behavior towards safe and responsible outputs. Both features are accessible through Azure AI Studio and Azure OpenAI Service.

Real-Time Monitoring for Enhanced Safety

In production environments, real-time monitoring enables developers to track inputs and outputs triggering safety features like Prompt Shields. Detailed visualizations highlight blocked inputs/outputs, allowing developers to identify harmful request trends and adjust content filter configurations accordingly. Real-time monitoring, available in Azure OpenAI Service and AI Studio, offers invaluable insights for enhancing application safety and reliability.

Strengthening AI Offerings for Trusted Applications

Microsoft’s commitment to building trusted AI is evident through its continuous efforts to enhance safety and reliability. By integrating new safety and reliability tools into Azure AI, Microsoft empowers developers to build secure generative AI applications with confidence. These tools complement existing AI offerings, reinforcing Microsoft’s dedication to providing trusted solutions for enterprises.

Conclusion

With the introduction of innovative Azure AI tools, Microsoft reinforces its position as a leader in AI technology. By prioritizing safety, reliability, and transparency, Microsoft paves the way for the responsible deployment of generative AI applications. As enterprises navigate the evolving landscape of AI, Microsoft’s comprehensive suite of tools offers the assurance needed to embrace AI-driven innovation with confidence.

IBM Framework for Securing Generative AI: Navigating the Future of Secure AI Workflows

In today’s rapidly evolving technological landscape, IBM is stepping up to the challenge of addressing the unique risks associated with generative AI. The introduction of the IBM Framework for Securing Generative AI marks a significant stride in safeguarding gen AI workflows throughout their lifecycle – from data collection to production deployment. This comprehensive framework offers guidance on potential security threats and recommends top defensive approaches, solidifying IBM’s commitment to advancing security in the era of generative AI.

Why Gen AI Security Matters:

IBM, a technology giant with a rich history in the security space, recognizes the multifaceted nature of risks that gen AI workloads present. While some risks align with those faced by other types of workloads, others are entirely novel. The three core tenets of IBM’s approach focus on securing the data, the model, and the usage, all underpinned by the essential elements of secure infrastructure and AI governance.

Securing Core Aspects:

Sridhar Muppidi, IBM Fellow and CTO at IBM Security, highlights the ongoing importance of core data security practices, such as access control and infrastructure security, in the realm of gen AI. However, he emphasizes that certain risks are unique to generative AI, such as data poisoning, bias, data diversity, data drift, and data privacy. An emerging area of concern is prompt injection, where malicious users attempt to modify a model’s output through manipulated prompts, requiring new controls for mitigation.

Navigating the Gen AI Security Landscape:

The IBM Framework for Securing Generative AI is not a standalone tool but a comprehensive set of guidelines and suggestions for securing gen AI workflows. The evolving nature of generative AI risks has given rise to new security categories, including Machine Learning Detection and Response (MLDR), AI Security Posture Management (AISPM), and Machine Learning Security Operation (MLSecOps).

MLDR involves scanning models to identify potential risks, while AISPM shares similarities with Cloud Security Posture Management, focusing on secure deployment through proper configurations and best practices. According to Muppidi, MLSecOps encompasses the entire lifecycle – from design to usage – ensuring the infusion of security into every stage.

Microsoft Faces Cybersecurity Breach Cozy Bear Sparks Urgent Security Overhaul

Microsoft revealed on Friday that the hacking group known as Midnight Blizzard, APT29, or Cozy Bear, believed to be linked to the Russian government, successfully breached corporate email accounts. The targets included members of Microsoft’s senior leadership team and employees in cybersecurity, legal, and other departments.

Interestingly, the hackers deviated from the typical motive of seeking customer data or standard corporate information. Instead, their focus was on discovering what Microsoft knew about them. According to Microsoft, the investigation suggests that the hackers initially targeted email accounts to gather information related to Midnight Blizzard itself.

The attack employed a “password spray attack,” essentially a brute force tactic, on a legacy account. Subsequently, the compromised account’s permissions were exploited to access a limited number of Microsoft corporate email accounts. Microsoft did not disclose the exact number of breached email accounts or specify the information accessed or stolen by the hackers.

Microsoft took the opportunity to discuss its commitment to enhancing security measures in light of the incident. The company emphasized the need to accelerate security efforts and announced plans to apply current security standards to its legacy systems and internal business processes. This proactive approach, despite potential disruptions, signifies Microsoft’s dedication to adapting to a new security reality.

APT29, also known as Cozy Bear, is widely recognized as a Russian hacking group responsible for notable cyberattacks, including those against SolarWinds in 2019, the Democratic National Committee in 2015, and various others.

Critical Security Vulnerability Exposes in Apple

Critical Security Vulnerability Exposes AI Data Peril in Apple, AMD, and Qualcomm GPUs

A recent discovery by security firm Trail of Bits has unveiled a significant vulnerability in Graphic Processing Units (GPUs), raising concerns about their security and potential data leakage. The flaw allows unauthorized access to a computer’s graphics card memory, even if generated by a different program, posing a serious threat to user privacy.

The vulnerability, named ‘LeftoverLocals,’ exposes GPUs from major manufacturers such as Apple, Qualcomm, AMD, and Imagination. This flaw enables attackers to intercept and retrieve data ranging from 5 to 180 megabytes, a notable scale in contrast to the CPU domain where the exposure of even a single bit is considered substantial.

The security risk becomes evident in scenarios where an attacker could eavesdrop on a user’s activities on their computer, exploiting the vulnerability to monitor interactive sessions across different programs or containers. Trail of Bits demonstrated the issue with an example where an attacker quickly retrieves extensive information from a program, showcasing the potential impact of the vulnerability.

The vulnerability necessitates a pre-existing level of control over the target computer by malicious actors. By leveraging LeftoverLocals, attackers can circumvent established protections that typically prevent users from accessing each other’s data on shared resources.

Upon notifying the affected companies, Apple took steps to patch some devices, although certain products, such as the MacBook Air, still remain susceptible. AMD acknowledged the issue and is actively seeking solutions, while Qualcomm has provided patches for some devices, leaving uncertainty regarding others. Google confirmed vulnerabilities in some Imagination GPUs and reported that fixes were implemented in Imagination’s DDK release 23.3 in December 2023.

Despite the responsive actions from some manufacturers, the incident underscores the unknown security risks within the Machine Learning development stack, emphasizing the importance of rigorous security reviews by experts. The blog post also emphasizes the urgency of strengthening the entire GPU system, outlining clear and robust rules governing GPU program behavior and their interaction with the broader computer system. As GPUs are increasingly utilized in diverse applications, including those involving sensitive information, enhancing their security is crucial to safeguard user privacy.

Empowering Cybersecurity: Cisco’s AI Assistant Revolutionizes Firewall Management and Threat Detection

In the realm of network and firewall configuration, the complexity of settings and adherence to rules present inadvertent yet potent risks for organizations. According to Gartner’s forecast, 99% of firewall breaches in the current year are anticipated to result from misconfigurations. This scenario underscores the opportune application of AI to demonstrate its value to Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs). Failure to achieve the correct configuration in a hybrid cloud setup or encountering a misconfigured firewall could lead to a security breach that remains undetected until it is too late.

Cisco, a stalwart in combating such risks on behalf of its clientele, has embraced AI wholeheartedly to address these challenges. The recently unveiled Cisco AI Assistant for Security and the AI-powered Encrypted Visibility Engine showcase the company’s commitment. The AI Assistant undergoes training on one of the most extensive security-focused datasets globally, analyzing over 550 billion security events daily.

The Encrypted Visibility Engine, a product of Cisco’s profound network expertise, is designed to inspect encrypted traffic without the usual operational, privacy, and compliance issues associated with decrypting traffic for examination.

Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco, emphasized in a recent interview, “We wanted to ensure that AI becomes integral to the core fabric of Cisco security cloud and every aspect of our security efforts.”

Firewall Complexity: A Lethal Challenge

Cisco strategically targets the significant threat surface with its comprehensive AI cybersecurity release for the close of 2023. Configuring firewalls, maintaining current patches and policies, and addressing potential Common Vulnerabilities and Exposures (CVE) are acknowledged by CISOs as time-consuming tasks that often go overlooked.

The adage “complexity kills” holds true, especially in the realm of firewalls. Increased complexity correlates with a higher likelihood of a breach. A survey by Cybersecurity Insiders reveals that 58% of organizations have over 1,000 firewall rules, with some extending into the millions.

Gartner’s projection for 2026 suggests that over 60% of organizations will deploy more than one type of firewall, leading to the adoption of hybrid mesh firewalls. Additionally, over 30% of new distributed branch-office firewall deployments are expected to be firewall-as-a-service offerings, a significant increase from less than 10% in 2022.

Bringing Order to Policy Chaos with AI

Cisco aims to reshape organizations’ cybersecurity outcomes by leveraging AI to tip the scales in favor of defenders. Combining AI with extensive telemetry across networks, private and public cloud infrastructure, applications, internet, email, and endpoints, Cisco introduces the AI Assistant for Security and the AI-powered Encrypted Visibility Engine.

The AI Assistant for Security, housed within the cloud-delivered Firewall Management Center (cdFMC), utilizes advanced natural language processing (NLP) and machine learning (ML). Raj Chopra, SVP and Chief Product Officer of the security business group at Cisco, states, “We created a generative tool designed to simplify firewall management for both seasoned admins and novice users.”

Furthermore, the architecture of the AI Assistant for Security reveals Cisco’s intent to integrate more assistants across various roles within its Security Cloud. The goal is to build a cross-domain security platform with AI assistants automating security analysis and reporting tasks.

AI and the Human Touch

A common thread unites the rush to address complex firewall policy issues and streamline SOC team workflows with AI Assistants: the need for continual learning and course correction with human input. Merritt Baer, Field CISO at Lacework, emphasizes the importance of users understanding permissions and interacting effectively with security insights.

In most briefings on AI Assistants, the integration of human-in-the-middle workflows is deemed essential. Cisco’s AI Assistant for Security aligns with this paradigm, supporting standard configuration roles at launch. Like other AI assistants in the market, it seamlessly transitions between different roles in security operations centers (SOC) without requiring re-configuration.

The effectiveness of cybersecurity providers in anticipating and addressing the human-in-the-middle dynamics of their AI Assistants will directly impact their adoption and long-term contribution to securing organizations.

Samsung Admits U.K. Data Breach: Customer Information Compromised in Year-Long Hack

Samsung has acknowledged a security breach that exposed the personal data of its U.K.-based customers over a year-long period. A spokesperson for the company, Chelsea Simpson, disclosed the incident in a statement to TechCrunch, revealing that Samsung had been “recently alerted to a security incident” resulting in the unauthorized acquisition of specific contact information belonging to some Samsung U.K. e-store customers.

Despite the acknowledgment, Samsung refrained from providing additional details about the breach, declining to answer queries about the number of affected customers or the method used by hackers to infiltrate its internal systems.

In an apology letter sent to impacted customers, Samsung confessed that attackers had exploited a vulnerability in an unspecified third-party business application. This breach exposed the personal details of customers who had made purchases at Samsung U.K.’s store between July 1, 2019, and June 30, 2020. The revelation came more than three years after the compromise, with Samsung only discovering the breach on November 13, 2023.

The compromised information included customers’ names, phone numbers, postal addresses, and email addresses. However, Samsung assured customers that sensitive financial data, such as bank or credit card details and passwords, remained unaffected. The company promptly reported the incident to the U.K.’s Information Commissioner’s Office (ICO), as confirmed by Samsung’s spokesperson. ICO spokesperson Adele Burns acknowledged the regulator’s awareness of the incident and stated that they would be initiating inquiries.

This marks the third data breach disclosed by Samsung in the past two years. In September 2022, the company acknowledged a breach of its U.S. systems without specifying the number of affected customers. In March 2022, Samsung confirmed another breach after the Lapsus$ hacking group claimed to have accessed and leaked nearly 200 gigabytes of confidential data, including source code for various technologies and algorithms related to biometric unlock operations.

Vulnerability of AI Language Models: Manipulation Risks and Security Threats

Researchers from the University of Sheffield recently conducted a study that shed light on the vulnerability of popular artificial intelligence(AI) applications, such as ChatGPT and others, to potential exploitation for crafting harmful Structured Query Language (SQL) commands. Their findings indicate the possibility of launching cyber attacks and compromising computer systems using these AI applications.

The study, co-led by Xutan Peng, a PhD student, and his team, targeted Text-to-SQL systems utilized for creating natural language interfaces to databases. Their investigation included applications like BAIDU-UNIT, ChatGPT, AI2SQL, AIHELPERBOT, Text2SQL, and ToolSKE.

Peng emphasized, “Many companies are unaware of these threats, and due to the complexity of chatbots, even within the community, there are aspects not fully understood.” Despite ChatGPT being a standalone system with minimal risks to its own service, the research revealed its susceptibility to producing malicious SQL code that could cause substantial harm to other services.

The vulnerabilities found within these AI applications opened doors for potential cyber threats, allowing the exploitation of systems, theft of sensitive information, manipulation of databases, and execution of Denial-of-Service attacks, rendering machines or networks inaccessible to users.

Peng highlighted an example where individuals, including professionals like nurses, employ AI models like ChatGPT for productivity purposes, inadvertently generating harmful SQL commands that could cause severe data mismanagement in scenarios like interacting with databases storing clinical records.

Additionally, the researchers identified a concerning issue during the training of Text-to-SQL models, where they could surreptitiously embed harmful code, resembling a Trojan Horse, within the models. This “invisible” code could potentially harm users who utilize these compromised systems.

Dr. Mark Stevenson, a senior lecturer at the University of Sheffield, stressed the complexity of large language models used in Text-to-SQL systems, acknowledging their potency but also their unpredictability. The research team shared their findings with companies like Baidu and OpenAI, leading to the resolution of these vulnerabilities in their AI applications.

The study, published in arXiv, emphasizes the need to recognize and address potential software security risks associated with Natural Language Processing (NLP) algorithms. Their findings underscore the importance of exploring methods to safeguard against such exploitations in the future.

Study Abstract:

The study conducted by the University of Sheffield revealed vulnerabilities in Text-to-SQL systems within several commercial applications, showcasing the potential exploitation of Natural Language Processing models to produce malicious code. This signifies a significant security threat that could result in data breaches and Denial of Service attacks, posing a serious risk to software security. The research aims to draw attention to these vulnerabilities within NLP algorithms and encourages further exploration into safeguarding strategies to mitigate these risks.

Google Expands Bug Bounty Program to Enhance AI Security and Safety

Google has broadened its Vulnerability Rewards Program (VRP) to encompass specific attack scenarios related to generative AI. Google articulated its belief that the expansion of the VRP would act as an incentive for research focusing on AI safety and security. The overarching goal is to bring potential issues to the forefront, ultimately enhancing the safety of AI for all users.

Google’s Vulnerability Rewards Program, often referred to as a bug bounty, compensates ethical hackers for identifying and responsibly disclosing security vulnerabilities. The advent of generative AI has exposed new security concerns, such as the potential for unjust biases or manipulations of models. To address these challenges, Google has reevaluated how it classifies and reports received bug reports.

New Challenges in Generative AI

To facilitate this process, Google has harnessed the insights from its newly established AI Red Team. This group of hackers emulates a diverse array of adversaries, ranging from nation-states and government-backed entities to hacktivists and malicious insiders. Their objective is to identify and rectify security vulnerabilities in technology. Recently, the team conducted an exercise to pinpoint the most significant threats associated with generative AI technologies like ChatGPT and Google Bard.

The findings of the AI Red Team revealed that large language models (LLMs) are susceptible to prompt injection attacks. In such attacks, hackers craft adversarial prompts designed to manipulate the behavior of the AI model. This type of attack could be exploited to generate harmful or offensive content or disclose sensitive information. Furthermore, the team warned of another form of attack known as training-data extraction. This method enables hackers to reassemble exact training examples, potentially extracting personally identifiable information or passwords from the data.

Google’s expanded VRP now encompasses both of these attack types, in addition to model manipulation and model theft. However, it’s worth noting that the program will not offer rewards for researchers who uncover bugs related to copyright issues or data extraction that reconstructs non-sensitive or public information.

The rewards granted under the VRP will fluctuate based on the severity of the discovered vulnerabilities. Currently, researchers have the potential to earn $31,337 for identifying command injection attacks and deserialization bugs within highly sensitive applications like Google Search or Google Play. For vulnerabilities affecting lower-priority applications, the maximum reward is set at $5,000.

WhatsApp Enhances Android User Security with Device-Based Authentication

In its ongoing commitment to bolster user privacy and security, WhatsApp has introduced a new security feature tailored for Android users. This update empowers them to unlock and access their accounts through a variety of device-based authentication methods. The move comes following an extensive testing phase in WhatsApp’s beta channel and is now being made available to a wider Android audience. This innovative feature is designed to offer enhanced flexibility and security, allowing users to opt for their preferred method of account protection.

With this latest update, Android users can now select between two distinct authentication methods: two-factor authentication (2FA) and device-based authentication. The latter option brings a range of convenience and security features, including facial recognition, fingerprint scanning, or a personal PIN. This addition caters to users who value swifter access to their accounts without compromising the robust security of their conversations and data.

It is important to note that, as of the current release, there has been no confirmation regarding the availability of this feature for iOS users. This means that iPhone users may need to wait a bit longer to experience the advantages of this enhanced security feature. Nonetheless, WhatsApp’s commitment to user privacy and security is evident in their efforts to continually refine their platform, aligning with the evolving landscape of digital privacy and data protection.

This latest development underscores WhatsApp’s dedication to meeting the growing concerns surrounding digital privacy and safeguarding against an ever-increasing tide of cyber threats. With the introduction of device-based authentication for Android users, WhatsApp provides a customizable security solution, assuring its users that their conversations and data are in safe hands. Android users now have the flexibility to select the authentication method that best suits their preferences and security needs, making WhatsApp a more secure platform for their communication needs.