UL NO. 405: My AI Bill Deep-Dive, AI Poisoning, an IR Prep Checklist, and Discovery++
A deep-dive on Biden's AI Order, SEC vs. SolarWinds, AI Poisoning, Experts' Role After AI, GSK buying genetic data, and much more…
Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news—but why it matters, and how to respond.
Sorry for the delay this week; I was traveling to SoCal to give a talk, and have caught something like a cold. But I’m back to 90% I think.
Lots of big news this week. Let’s jump in.
Upon the threat of near violence from readers, I’ve released the web version of my tutorial for setting up ChatGPT as a voice assistant using Scarlett Johansson or TARS’s voice from the movies. READ THE TUTORIAL
An ExtWis summary of a brilliant conversation between David Perell and Riva Tez about free-thinking, reading habits, and going against conventional wisdom. MORE
Couple of big stories this week…
Biden released his executive order on AI, and here are the main points and my first impressions:
The primary vibe is twofold: ensuring safety (which they purposely mention first), and then maintaining US dominance in AI. It’s very clear that they wanted to put safety first
They break it down further as focusing on safety and security, privacy, equity and civil rights, consumers and workers, innovation and competition, and advances American leadership
Here are my manual extractions of what all it covered:
Require companies to share safety info with the government
Require companies to develop safety systems internally
Keep AI from developing bioweapons (interesting that they called this out specifically)
Protect against deepfakes, basically, and provide standards for detecting them
Using AI to find and fix infrastructure vulnerabilities (love it)
Protect Americans’ privacy
Prevent landlords from using AI to discriminate
Address algorithmic discrimination
Use AI to create life-saving drugs
Use AI to advance education for all
Look into addressing job displacement concerns
Produce a report on AI’s impact on the labor market
Accelerate AI research through shared data resources
Help the little companies compete with the big companies in AI
Allow AI-specialized immigrants to stay in the country and work on AI
Expand international collaboration on AI (they mention the UK)
Help develop international standards
Help address global challenges using AI (climate change I’m sure)
Issue guidance on how the government will use AI internally
Help government agencies acquire AI tech
Accelerate the hiring of AI professionals in government
Basically, the thing is massive and wide-scoped. I’m pretty happy with it, honestly, but much of it is basically a plan for making plans, so all the quality rests in the details of the line items. I am encouraged, however, because Biden seems pretty locked onto the topic.
🔥👀 The SEC has charged SolarWinds and its CISO, Timothy Brown, with fraud and internal control failures. They're accused of lying about about the company's cybersecurity before a cyberattack by Russian hackers in 2019. MORE | SEC DOCUMENT
Basically, if this is true, then I agree with the SEC taking action.
In a surprise to absolutely nobody, US Immigration and Customs Enforcement (ICE) has been using an AI tool to sift through social media posts of visa applicants. The tool, Giant Oak Search Technology (GOST), assigns a score from 1-100 to determine the person’s risk level. Stop being surprised by this kind of thing; the only question is how safe and fair this tech is, not whether or not it’ll be used. MORE
Google has added a new bug bounty program and a $10 million fund. The bounty program is designed to reward researchers who find vulnerabilities in generative AI, addressing concerns like potential bias, hallucinations, and model manipulation. MORE
Artists are fighting back against AI with Nightshade, a new tool that 'poisons' AI models with corrupted training data. Developed by researchers at the University of Chicago, Nightshade alters pixels in images in a way that's invisible to the human eye but confuses AI models. This means that an AI model trained on these 'poisoned' images will learn incorrect information, for instance, seeing a dog as a cat. MORE | MORE | MORE
1Password announced their own incident related to the Okta security issue that affected a bunch of customers. The suspicious activity was detected on September 29 and was immediately terminated, with no compromise of user data or other sensitive systems. MORE | MORE | MORE | MORE | MORE
Ex-NSA employee, Jareh Sebastian Dalke, has admitted to trying to share classified defense information with Russia. Dalke, who worked as an Information Systems Security Designer for the NSA, had top-secret clearance and used an encrypted email account to transmit excerpts of three classified documents to someone he believed was a Russian agent. In reality, the person was an undercover FBI employee. MORE
Atlassian, the Australian software company, is urging admins to patch their Confluence instances immediately due to a critical security flaw that could lead to significant data loss. But rather than loss as in letting people see the data, it’s loss as in the data can be deleted. MORE
Apple has recently pushed out a critical security patch for all iPhones and iPads used before September last year. These are becoming far too frequent for my taste. MORE
Three unpatched bugs in the NGINX ingress controller are posing a serious threat to Kubernetes clusters. These vulnerabilities, known as CVE-2023-5043, CVE-2023-5044, and CVE-2022-4886, can be exploited to steal credentials and other secrets. MORE
Cisco's found another zero-day in its IOS XE, just as the number of hacked devices seems to be dropping. The vulnerability, tagged as CVE-2023-20198, lets remote attackers create high-privilege accounts on targeted Cisco devices. MORE
Critical security flaws were found in the OAuth implementation of popular online platforms like Grammarly, Vidio, and Bukalapak. These flaws could have let bad guys get access tokens and potentially take over user accounts. MORE
CISA has updated its guidance on two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s IOS XE Software Web UI. MORE
Citrix is strongly urging admins to immediately patch a critical information disclosure bug, CVE-2023-4966, affecting NetScaler ADC and NetScaler Gateway. MORE
VMware has patched a critical vulnerability in its vCenter Server that could have allowed remote code execution on vulnerable servers. MORE
F5 has patched a critical vulnerability in their BIG-IP configuration utility, which was allowing unauthenticated remote code execution. MORE
ServiceNow has quietly fixed a flaw that was exposing sensitive data, after a security researcher published a method that allowed unauthenticated attackers to steal an organization's files. MORE
CrowdStrike has released an Incident Response Executive Preparation Checklist, a template designed to help organizations prepare their executives for cyber incidents. MORE
A Chinese ship is being blamed for the damage to a subsea gas pipeline running between Finland and Estonia. The pipeline was damaged earlier this month, and Finnish authorities are still unsure if the damage was intentional or accidental. MORE
Microsoft has profiled a native English-speaking threat actor known as Octo Tempest, a group that specializes in data extortion and ransomware attacks. Octo Tempest has been on the rise since early 2022, targeting organizations in various sectors and partnering with the ALPHV/BlackCat ransomware group. MORE
A T-Mobile employee in South Carolina is facing a lawsuit for allegedly stealing and sharing nude photos from customers' phones on the dark web. MORE
Gmail is introducing new requirements for bulk senders, i.e., those who send over 5,000 messages to Gmail addresses in a day. The changes, set to be enforced by February 2024, will require these senders to authenticate their emails, enable easy unsubscription, and ensure they're not flooding inboxes with unwanted messages. MORE
ChatGPT majorly upleveled last week with basically a Voltron upgrade. The latest update allows users to analyze documents, browse the web, and generate images using text prompts all in one session. Previously, users had to toggle each feature on independently and could only use one at a time. The fact that you can now uplodad PDFs and interact with them on ChatGPT is going to take out hundreds of companies that were based on that feature alone. MORE
This is insane AI for replacing cold callers and customer service people. It can hold a 10-40 minute phone call and sounds just like a human. It's got infinite memory, perfect recall, and can autonomously perform tasks across more than 5,000 applications. The best (and worst) part? It doesn't need training, management, or motivation. It doesn’t get sick. Doesn’t require benefits. It's always on, working 24/7. Like it or not, this is what’s coming for us as average workers. DEMO
OpenAI is setting up a new team to protect against AI risks. They're calling it "Preparedness", and its main job is to track, evaluate, and forecast any catastrophic risks that might come from AI. MORE
Senate Majority Leader, Chuck Schumer, warns that while the US is still ahead of China in AI, the gap is rapidly closing. He urges for more action, saying "If we don't do anything, China’s going to get ahead of us". I’m so glad there are at least some people in the government thinking this way. MORE
Google reportedly $18 billion a year to remain the default search engine on Apple devices. This not only secures Google's prime spot on Macs, iPads, and iPhones, but also (practically) prevents Apple from building its own search engine. I’m not sure who’s getting screwed here, or screwing themselves. MORE
Elon Musk is pushing ahead with his plan to transform X into a bank, predicting that X's payment system will launch by the end of 2024. Along with FSD, I hear. Musk envisions this system encompassing someone's entire financial life, stating, "If it involves money, it'll be on our platform. Money or securities or whatever. So it's not just like 'send $20 to my friend.' I'm talking about, like, you won't need a bank account." MORE | MORE | MORE
A quarter of all U.S. healthcare visits are now handled by non-physicians like nurse practitioners or physician assistants. Think that’s bad? Wait until the AI Agents roll out. It’ll be one of those people managing dozens or hundreds of bots, basically certifying their advice. And then a lonely doctor certifying a practice of multiple of those. MORE
GlaxoSmithKline has a deal with 23andMe to access their (see your) genetic data to develop new drugs and treatments. Inevitable. Also good for science, but you know all the people who opted out are saying ITYS. MORE
The Pentagon has announced that around 900 US troops are being sent to the Middle East to boost force protection capabilities in the region. This comes in response to a rise in attacks on American and coalition forces, with at least 12 attacks in Iraq and four in Syria since October 17. MORE
A Chinese fighter jet buzzed a U.S. B-52 bomber, coming within just 10 feet in a nighttime maneuver over the South China Sea. The U.S. military released a video of the encounter, highlighting the close call. MORE
The little-known Nukhba Special Forces, which is an elite unit of Hamas, launched an attack on Israel on October 7, 2023, marking the start of the 2023 Israel-Hamas war. The unit is made up of naval commandos who are known for their expertise in underwater operations and use a range of sophisticated weaponry, including underwater explosives and guided missiles. MORE
Germany is set to overtake Japan and become the world's third-largest economy. The weak yen is a big part of the rankings change, but I’m surprised this is happening even though Germany was hit so hard by the war in Ukraine. MORE | MORE
The International Energy Agency (IEA) is predicting for the first time that global emissions will peak by 2025. They also see the demand for oil, gas, and coal hitting its highest point by 2030. MORE
Anti-Jewish and anti-LGBTQ hate crimes saw a serious uptick in 2022, according to the latest FBI data. The number of anti-Jewish hate crimes jumped 36% from the previous year, while anti-LGBTQ bias crimes rose by 19%. MORE
IDEAS & ANALYSIS
(This is political; skip to NOTES if you want to pass on it)
I’m going to write a full essay on this, but I’ll give a brief preview here. I think the war in Israel, and the way much of the Left in the West has responded to it, has just created a new culture war. Or, to be more precise, it’s actually encompassed and magnified all the previous culture wars going back to 2014 or so, and turned it into a new monster. We have massive protests that seem to be celebrating Hamas, not just the Palestinians, many of which include violent slogans and signage, and we don’t see widespread condemnation from the Left. So what’s happening is polarization, with people in the West across the US, Europe, and elsewhere picking sides. And the sides are (generally and sloppily) pro-West and anti-West.
Here are some very imprecise and perhaps flawed associations:
Pro-violence to enact change (not everyone, obviously)
Narrative: Despite all its success, the West still today represents colonialism, oppression, and is the reason so many people are suffering on the planet.
Narrative: Despite its flaws, the West still represents the best place in the world for people of all types to come and pursue happiness and success, and it should be celebrated rather than torn down.
Those lists themselves aren’t what’s so important. And obviously not everyone fits into one or the other, and there are actually many columns, not just two.
But in a world where we’re often forced into X or Y, what’s crucial is how different groups of people in the US are slotting into one side or the other as we head into the 2024 election. Normally there wouldn’t just be two sides. Normally people would resist being forced to pick one. But right now isn’t normal. Right now the pressure is so high I think tons of people are going to literally “pick a side”.
So here’s the question. How are most people in these groups going to go?
West-coast Techie Types
The top 10% in income/wealth?
All this to say, I think a whole lot of Americans are going to go Pro-West, and guess who’s about to become their new spokesperson for the next 13 months?
I think this war in Israel, and the response we’ve seen to it, is about to galvanize the Pro-West side massively by pulling tons of center and left-center people to the Pro-West side, which will be lead by him.
This deeply troubles me, since I think a second Trump presidency is an extraordinary risk to civilization. The West absolutely needs a champion right now, but I really wish it weren’t going to be him.
This is what I see happening, though—basically the Islamacists (defined as extremist theocrats, not the majority of peaceful Muslims), US academia, the general group of “down with America” types, and tons of young idealistic people who have no idea what they’re talking about, are going to get increasingly vocal, and likely violent as well.
And the other side is going to say, “See!?!? This is the same thing as before with BLM and such! And this is why crime is rising. And this is why Israel was attacked! And the attacks in Paris! And this and that!” Etc. All this complexity and contradiction will get collapsed down into overly-simplified sides.
So it’ll be:
Trump (The Savior of The West according to his fans)
Biden (the Fragile Beacon of Subtlety and Nuance)
Who do you think is going to win that?
Basically, we’re fucked. Not just in the culture war that’s about to ensue, but in the fact that this might very well get Trump re-elected.
P.S.: Since I know you want to know, I’m on the Pro-West, Pro-Jewish/Israel/Palestine/Secular/Humanist, Anti-Trump side. Meaning, not cleanly in the two columns as they’ll likely play out, but mostly Pro-West.
Elgato is launching a new tool called Prompter that attaches to your camera or webcam and sits on top of a small monitor. So you basically have an extra monitor where you put your Zoom window, and behind it is the camera! So you’re making real eye contact instead of looking down or away. Pre-ordered. MORE
My Dad is an awesome life-long musician and he’s getting ready to release new material. I’ve been trying to help him figure out how to handle his branding and such, which is hard for him because he’d rather just make music.
I really love this song of his, especially the middle part about rejecting the call to cynicism. Just a wonderful song, and I especially love playing it with him live. Just me and him. Him on guitar and singing while I support on the drums. ❣️
Anyway, let me know what you all think!
⚒️Anti-ChatGPT — A tool that uses AI to detect if you’re being manipulated or otherwise influenced. GITHUB
⚒️ Scapy — Scapy, but in your browser MORE
⚒️VulnersAI — AI Scoring for Vulnerabilities MORE
⚒️Promptchainer — Create visual prompt chain models like Llama2, GPT 3.5/4 and Claude with an API interface. Like Yahoo! Pipes but for AI prompts. MORE
⚒️Talently.ai — Talently.ai provides a customizable number of interviews per month, tailored to your specific needs. MORE
⚒️SlickGPT gives ChatGPT a Slack-like interface so it looks like you’re interacting in a workspace. MORE
⚒️MonsterAPI — Democratizing AI with No-Code Fine-Tuning MORE
⚒️Copycat — A Chrome extension that takes copying to a new level, offering enhanced capabilities like copying a tab title, link text, image as HTML or Markdown, and even a native video as HTML. | by BlackGlory | GITHUB
⚒️SyncLabs — Sync any video to any audio in any language — no training required. MORE
Why Read Books When You Can Use Chatbots to Talk to Them Instead? MORE
Rob Henderson, a doctoral candidate in psychology at Cambridge, explores the concept of "luxury beliefs" in his recent talk at Nudgestock. These are ideas and opinions that confer status on the upper class, while often inflicting costs on the lower classes. MORE
U.S. GDP growth has surprised experts by growing 4.9% in the third quarter, which is higher than the 4.7% we were expecting. It was powered by stronger than nomral consumer spending. MORE
The number of publicly traded companies in the US has halved since 1996, from 8,000 to less than 4,000. Why? In large part, due to the private-equity industry. MORE
Heated Yoga as Depression Treatment MORE
Browser as Autobiography MORE
Grammarly can now write in your customized style. MORE
Researchers found that people who incorporated elements of the hero's journey into their personal narratives reported more meaning in life, more flourishing, and less depression. MORE
MKBHD does a nice look at VR headsets vs. smart glasses. Worth a watch for sure if you’re into AR/VR at all. MORE
Revolutionizing User Surveys with GPT-4 MORE
Return To Office is all about power MORE
RECOMMENDATION OF THE WEEK
Other than voting, consider doing something drastic for the next 13 months.
Ignore political news and social media, and spend this next year deep-diving into the list of classic books that you were always supposed to read but never got a chance to.
If you are lucky enough to live in a place where the conflicts are not directly threatening you, literally disconnect from the Zeitgeist (something I heard from Riva Tal in her David Perell interview), and focus elsewhere. It’ll lower your blood pressure and make you a nicer person.
Just an idea. I’m going to do this as much as possible myself, although running this newsletter requires me to dip my foot in every week regardless.
APHORISM OF THE WEEK
You can safely assume you’ve created God in your own image when it turns out he hates the same people you do.
Thank you for reading! And if you know someone who’d like UL, please share it with them below!