AI & Transparency, lifeOS, China Model Fears, Data Criticality…
Happy RSA Monday—I hope you're having a good one so far!
If you see me around RSA this week please come get a wave, fist bump, or hug (your choice). I'd love to say hi! And don't forget we have a member lunch/meet-up on Thursday!
Have a great week!
In this episode:
🔍 Discover AI's game-changing role in transparency
🌩️ Unravel Microsoft's stormy threat actor names
🇨🇳 Explore China's AI chatbot rules & secret NYPD base
🍏 Peek into Apple's journaling app & savings account
🌀 Embrace psychedelics for mental health in the US
🚀 Gartner's 2023 guide to cloud-native app protection
🚫 AI controls and more!
MY WORK
AI is a Gift to Transparency
A collection of real-world use cases for what we can do with AI-provided transparency into human challenges. MORE
SECURITY NEWS
Microsoft Weather Mappings
Microsoft will start naming threat actors after weather events. Not the campaigns, but the actors themselves. Interesting concept. Here are the first mappings.
Blizzard -> Russia
Typhoon -> China
Sandstorm -> Iran
Sleet -> North Korea
Dust -> Turkey
Cyclone -> Vietnam
Rain -> Lebanon
Hail -> South Korea
Tempest -> Financially motivated
Tsunami -> Private Sector attacker
Flood -> Influence operation
Storm -> Groups in development MORE
China Applies AI Controls
China proposes new checks on AI chatbots, slowing tech industry's rollout.
• Draft measures require security reviews and user identity verification
• AI-generated content must embody core socialist values
• Alibaba, SenseTime, and Baidu recently launched ChatGPT-like bots
• Regulators and state media warn against speculative frenzy in AI stocks MORE
Secret Chinese Police Station
The US charged 40 Chinese individuals for running a troll farm and secret NY police station.
• Alleged efforts to intimidate, harass, and censor China's critics overseas
• Secret police station in Manhattan's Chinatown
• Massive online troll farm spreading disinformation and harassment
• Only two New York-based officers arrested so far MORE
✋ Sponsor Love is UL Love — Sponsors help us produce this newsletter full-time. We spend a lot of time and effort picking the companies we promote here, and we pass on many of them because we care about what we're showing you.
Do us a favor and explore the sponsors we share. It helps us keep doing what we love, which is bringing you great ideas and analysis full-time. 💙
Sponsor
🚀 Discover the Future of Cloud Security with the Gartner® 2023 Market Guide for CNAPP 🚀
As cloud-native applications evolve, so do security threats. Stay ahead of the curve with Gartner's comprehensive 2023 Market Guide for Cloud-Native Application Protection Platforms (CNAPP). Learn how to protect your cloud infrastructure and applications from development to production with a single, integrated platform.🛡️
Key insights include:
🔑 The increasing attack surface of cloud-native applications
🔑 How CNAPPs streamline security and risk management
🔑 Recommendations for evaluating and deploying CNAPP solutions
Don't miss out on this essential guide to securing your cloud-native applications!🌐
👉 Download the Gartner® CNAPP Market Guide Now👈
wiz.io/lp/gartner-market-guide-cnapp-2023
Download Now
TECHNOLOGY NEWS
Lyft announces more layoffs. I am not sure how much longer they'll last. I used them for a few months when Uber was being gross to female employees, but the Lyft interface and experience was always worse for me. Question is: would the US let them merge? MORE
Is Apple launching a journaling app? I'd love to see this. Hope it's true. MORE
Googlers say Bard is worse than useless. MORE
Niantic is making a real-world Monster Hunter game. MORE
Google consolidates AI labs into DeepMind. MORE
HUMAN NEWS
Legalized Psychedelics?
In 2023, the US government may approve the use of hallucinogenic drugs for mental illness treatment, with MAPS seeking FDA approval for MDMA as a PTSD treatment.
- MAPS has completed two successful clinical trials on MDMA's effectiveness for treating PTSD.
- Australia approved MDMA as a PTSD treatment in February, with restrictions.
- There are concerns about how MDMA will be administered and its potential financial incentives.
- MAPS envisions global treatment centers where people can safely use psychedelics under therapist guidance.
I really hope this happens. Everything I've seen and read and seen anecdotally has indicated this will be massive for mental health. And we really need that right now. Combine that with more access to good therapy through AI and I think we could seriously help millions of people. MORE
Apple Savings Account
Apple just introduced a high-yield savings account with 4.15% APY.
- Savings account by Goldman Sachs
- No fees, minimum deposits, or balance requirements
- Manage account directly from Apple Card in Wallet
- Savings dashboard for tracking balance and interest
I think this is going to be one of those moves where, when people look back, it's marked as one of Apple's main milestones towards lifeOS. Tech. Education. Health. Now finance. lifeOS seems imminent. MORE
Trump Catching DeSantis
Trump now has a 13-point lead over DeSantis in a new Wall Street Journal Poll. I keep telling people not to count Trump out. People keep ignoring me. MORE
Trump Resilience
68% of GOP voters support Trump despite indictment and investigations.
- 26% of Republicans prefer a less-distracted candidate
- 46% would support Trump in GOP primary today
- 60% of general voters say Trump shouldn't run
- 70% don't want Biden to run again MORE
IDEAS & ANALYSIS
AI is a Gift to Transparency
A collection of real-world use cases for what we can do with AI-provided transparency into human challenges. MORE
The CCP and GPT
I bet the CCP is super scared of AI models they don't have explicit control over. Especially local ones! No need to bypass the Great Firewall if you can get honest answers from software running locally. MORE
Data Becomes Important, Again
We've heard for a long time now that 'data is the new oil', and I guess that has been true in many cases. But it's about to get a whole lot more true when everyone is running an SPQA stack. State requires data. And training large models requires data. People who have more data, and more access to newer and more unique data, will be winners. A big problem we'll have soon is having tons of the new data coming out being produced by GPTs. It'll become derivative. So the companies that have access to new, raw, human-generated data will have a major advantage. Think about who those companies might be. Data brokers? MANGA companies? Shadow companies like Palantir? This will be a major battleground.
NOTES
Super hyped to share that UL member and buddy in crime Joseph Thacker (@rez0) and another great hacker @rhynorater are launching a new company called WeHackAI (wehack.ai). The service is designed to help companies launching AI-based or AI-augmented products—or that are adding AI to their existing offerings—by finding vulnerabilities throughout their stack. That includes not just the AI components, but the supporting infrastructure as well. I believe so much in the vision and in the pedigree of the founders that I’ll be an advisor for the company as well! Stay tuned for more info from them, and in the meantime go sign up here to get the latest. And if you know anyone building AI stuff, or adding AI to their stuff, point them to wehack.ai.
I keep hearing about how Picard Season 3 is a love letter to STTNG, and I can't wait to watch it. AI has seriously crushed my media consumption, and TV-watching especially, which was already quite minimal. But I make exceptions for Captain Picard and crew.
I just got to catch up with a friend I met online in my first online community, DSLR. His name is Steve Friedl, and he's awesome. He wrote a consulting guide called So You Want to be a Consultant way back then that served as the foundation of my consulting philosophy for years, and still does. Talking with Steve on the phone for the first time was fantastic, and I can't wait to grow the relationship even more. Thanks, Steve, for your mentorship when I was starting out. And I hope to be like Steve when I grow up because he's still crushing consulting today just like the day I met him almost 25 years ago. Goals. FOLLOW STEVE
I'm thinking about trying a new format for news stories. I have some possible format examples here in this episode. It would look something like this:
--
⛓️ Embedded Supply Chain Hacks
The X_Trader software supply chain attack led to the 3CX breach and affected critical infrastructure organizations in the US and Europe.
- North Korean-backed threat groups involved
- Trojanized installer used for attack
- Multi-stage modular backdoor deployed
- Victims' systems compromised
- US and European critical infrastructure impacted
This is another example of how deep the rabbithole goes on supply chain stuff. We will never get to the bottom of this until we can clearly 1) see, and 2) understand everything we have installed, everywhere—including its current version, patch levels, and configuration—all at the same time. Until then we're just grasping and hoping when it comes to supply chain vulnerabilities. MORE | MORE
--
That's not a great analysis example because it was a made-up one, and some stories won't have analysis anyway. But the point is that you could get away with just the first sentence. Or you could get the bullets for the second level. Or the analysis for the third level. Finally, you'll have the MORE links for even more if you want it.
I plan on using some of my own custom AI for some of the summary stuff, such as the bullets, and then writing the analysis myself (it'll be a while before an AI can do that without it being generic). So we get the advantages of both worlds (AI summarization + human analysis).
Thoughts? Reply to this email or start a thread in chat.
DISCOVERY
🤖 ProfileGPT: Reveals user's personality using ChatGPT data
- Analyzes personal data, hobbies, and traits
- Assesses mental health and future predictions
- Python >=3.8 and ChatGPT data needed
- Promotes awareness of data usage MORE | BY SAHBIC
🔍 bloop: AI-powered code search and understanding tool
- Natural language search for internal libraries
- Summarizes and explains code intention
- Supports 20+ languages and regex matching
- Offers precise code navigation and unlimited free tier for self-hosted open source users MORE | BY HAMEL HUSAIN
Maintaining this site fucking sucks MORE
You can buy a house in Japan for $25,000 MORE
Who will you be after ChatGPT takes your job? MORE
So you want to start an AI startup MORE
Writers are becoming AI Prompt Engineers MORE
90% of my skills are now worth $0, but the other 10% are worth 1000x MORE
Prompt Injection: What's the worst that could happen? MORE
Looks like da Vinci was Jewish. MORE
They're acquaintances, but they're still important. MORE
Why people are fleeing blue cities for red states MORE
RECOMMENDATION OF THE WEEK
If you care about AI's threat to your business, or you are a builder thinking about the future of applications, you need to be watching Langchain as close or closer than OpenAI. It's not about the boards and nails and drywall. It's about the buildings we can build with them. Learn Langchain. LANGCHAIN DOCS | INTRO VIDEO
APHORISM OF THE WEEK
"The art of life lies in a constant readjustment to our surroundings."
Kakuzo Okakura
Thank you for reading. To become a member of UL and get more content and access to the community, you can become a member.