UL NO. 422: To Survive AI, We Must Become Creators

Fabric Threat Models, An AI Worm, GitHub Auto-blocks, Long Covid IQ, and more…

Unsupervised Learning is a security, AI, and meaning-focused newsletter that looks at how best to thrive as humans in a world that’s changing faster than ever. It combines original ideas and analysis to bring you not just what’s happening—but why it matters, and how to respond.

TOC

Hey there!

Added tons of new Patterns to Fabric this week!

  • create_threat_model — Creates a logical, real-world threat model for a given scenario. MORE

  • find_hidden_message — Cynically consumes any opinion and looks for hidden meaning in it. MORE

  • create_ascii_visualization — Creates an ASCII visualization of any idea you feed it. MORE

  • create_markmap_visualization — Creates a mindmap of any concept you give it. MORE

  • create_mermaid_visualization — Creates a Mermaid datavisualization of any concept you give it. MORE

Plus we’ve added (very early) CrewAI integration! 1,001,374 thanks to @xssdoctor (Jonathan Dunn) for all the work on the CrewAI stuff!

Update your project, re-run setup.sh and restart your shell. Then do:

fabric agents trip_planner 

And it will plan you a trip!

So. Much. Coding going on. Elated to be on the planet with you.

Ok, let’s get into it.

MY WORK

SECURITY

Researchers have created a worm that exploits Generative AI to spread via prompt injection. Named Morris II, the worm can replicate malicious prompts through GenAI models, leading to data theft or spam. THE PAPER

GitHub now automatically blocks commits with secrets in public repositories. In the first eight weeks of 2024, over 1 million leaked secrets were detected. MORE

Biden is viewing Chinese "connected" cars as a national security threat, proposing an investigation into their risks. The Department of Commerce has issued a notice seeking public comment on regulations to secure the tech supply chains of these vehicles. MORE

💡So happy about this new approach to China. One of the few things I credit the previous administration for.

Sponsor

Enhance Enterprise Security: Trust Every Device with Kolide!

What do you call an endpoint security product that works perfectly but makes users miserable? A failure. The old approach to endpoint security is to lock down employee devices and roll out changes through forced restarts, but it just. Doesn't. Work.

IT is miserable because they've got a mountain of support tickets, employees start using personal devices just to get their work done, and executives opt out the first time it makes them late for a meeting. You can't have a successful security implementation unless you work with end users. That's where Kolide comes in.

Kolide’s user-first device trust solution notifies users as soon as it detects an issue on their device, and teaches them how to solve it without needing help from IT. That way, untrusted devices are blocked from authenticating, but users don't stay blocked.

Kolide is designed for companies with Okta and it works on macOS, Windows, Linux, and mobile devices.

So if you have Okta and you're looking for a device trust solution that respects your team, visit kolide.com/unsupervisedlearning to watch a demo and see how it works.

The US military's Project Maven is now actively using AI to identify and strike targets, marking a significant shift from skepticism to reliance on artificial intelligence in warfare. In recent operations, AI algorithms have located targets in Yemen, the Red Sea, Iraq, and Syria. MORE

ShotSpotter, now called SoundThinking, uses hidden sensors for gunfire detection. A leaked spreadsheet revealed the exact locations of these sensors, which were previously kept secret even from law enforcement agencies. MORE

Researchers found over 200 AI hacking services on the dark web since early 2023. Attackers are leveraging AI chatbots like "BadGPT" to enhance phishing attacks and create deepfakes. MORE

Cryptocurrency enthusiasts are being targeted with Mac malware through fake Calendly meeting links. MORE

A team of hackers (the good kind) (including UL Member @rez0) found significant vulnerabilities in Google's AI and cloud systems, getting $50,000 in bounties. MORE

A new vulnerability in Hugging Face's Safetensors conversion service could lead to supply chain attacks by hijacking AI models. MORE

TECHNOLOGY

Nvidia's CEO thinks AI will soon make coding obsolete, urging people to learn other skills instead. MORE

💡Agree, but it’s nuanced. To me it’s more about Creators and Executors than coding itself. Coding just thinking and speaking and writing.

Those things aren’t less important just because computers can do them better. It just means don’t go head-to-head with computers on generating them en masse.

Waymo got the OK to expand to highways in Los Angeles and the Bay Area, and it allows their cars to go up to 65mph. MORE

Apple cancelled their car project, and they’ve moved over 2,000 employees from the project to Apple's AI initiatives. MORE

💡I have never been more excited for an Apple keynote then the one we’re going to get in June. We’re talking about real AI built right into iOS! So not just a better Siri, but something way beyond. The big difference will not just be the tech (which I hope is good), but the fact that it’s always with you.

Good AI that’s always with you is way better than Amazing AI that’s stuck in an IDE somewhere.

In 2023, public tech companies added $2.4 trillion to their market cap while laying off over 260,000 workers. MORE

Elon Musk is suing OpenAI, claiming it prioritized profits over its public-benefit mission. Hard to know how much of this is old Musk (help humanity) vs. new Musk (attack your enemies). MORE

OpenAI claims the New York Times paid someone to hack its products to produce content matching the newspaper's articles. MORE

Docusign has been using customer data to train their AI, and people are freaking out. Similar to the Reddit situation. | MORE

💡Wrong question. It’s not about whether someone uses customer data to train AI. Everyone should be doing that to some degree. Question is—are you training on personal data? On sensitive data? On privacy-related data? In a way that your customers wouldn’t like?

Again, transparency is key here. There’s a big difference between training on general behavior and preferences to make the product better vs. doing something gross.

SpaceX just hit a 17Mb/s download speed sending internet directly to a stock Android phone. MORE

Wendy's is looking to test dynamic surge pricing for food in 2025, influenced by demand and weather. Interesting idea. MORE

January and February saw a resurgence in tech job cuts, with both large tech firms and startups reducing staff. MORE

The Nvidia GeForce RTX 5090 is rumored to be up to 70% faster than the RTX 4090. This performance leap could come from having as many as 192 streaming multiprocessors and 24,576 CUDA cores. MORE

HUMANS

A new study of 113,000 showed those with Long Covid scored roughly 6 I.Q. points lower than those never infected. MORE

Political extremism is now Americans' top concern, edging out the economy and immigration. A recent poll found 21% of respondents view it as their biggest worry. MORE

Oregon is reversing its drug decriminalization policy amid rising overdose deaths and public concern. The state legislature passed a bill to reimpose criminal penalties for some drug possession, reflecting a shift in political support. MORE

💡I feel like 2024 is the year of the pendulum swinging back on a whole bunch of hyper-liberal policies and attitudes. I just wish it could swing back to the middle instead of continuing on to the extreme other side, as per usual.

California is proposing a bill to ban homeless encampments near public spaces. The bipartisan Senate Bill 1011 aims to encourage the use of shelters by making it illegal to form encampments within 500 feet of schools, transit stops, and other specified areas. MORE

Florida is experiencing a number of outbreaks of already-beaten diseases. Why? Because vaccine skeptics on the left and right are reducing vaccination percentages below the required numbers for herd protection. MORE

Alcohol-related deaths in the US jumped by nearly 30% recently, hitting about 500 deaths daily in 2021. MORE

A neurosurgeon is using ultrasound to tackle Alzheimer's and addiction, showing promising results. MORE

IDEAS & ANALYSIS


NOTES

💕 Sunday was 30 years with my love. 2 peas, kombi. 🤞 

Dune 2 was insanely good. 10/10, for a sci-fi movie.

DISCOVERY

🔥 My homie Jason Haddix just put out a sick episode of his newsletter all about hacking AI. Lots of prompt injection and other resources. Read the episode and subscribe! MORE

Do Literally Anything MORE

Caltrans offers CCTV data in CSV, JSON, TXT, and XML formats for free integration into applications. MORE

Adrian Göransson shares a deep dive into his git configuration, offering practical tips and insights for both beginners and seasoned users. He covers aliases, rebasing techniques like --keep-base, and the importance of signing commits and tags with SSH keys. MORE

How to get Nmap to detect new services. MORE

How I decide if your website is worth a revisit MORE

The Internet Feels Fake Now. MORE

Tyler Cowen shares his personal, highly structured approach to listening to music, from genre preferences to storage systems. He emphasizes a focus on core repertoire over random discovery. MORE

Apple's releasing William Gibson's "Neuromancer" to life as a 10-episode series on Apple TV Plus. MORE

"Bad Therapy" argues modern therapeutic parenting is failing, leaving kids anxious and unprepared for life. | by Mary Harrington | MORE

Daniel Zingaro's "Algorithmic Thinking" is one of my favorite books, and it now has a second edition with new chapters. MORE

Spending just 10 minutes on something is roughly 1% of your day. MORE

RECOMMENDATION OF THE WEEK

Ask yourself if you’re primarily a:

  • Creator

  • Nurturer

  • or Worker

It’s my belief that Creators and Nurturers (people that help others become Creators and Nurturers) are the future of humans. So:

  • Parents (Nurturers)

  • Artists (Creator)

  • Entrepreneurs (Creator)

  • Therapists (Nurturer)

  • Etc.

I think those are some of the roles that will be most resilient to AI, and they’re also the most human. They’re what humans should be doing anyway!

Try to get out of the worker mentality. My family is Lutheran. Hard work was instilled in me, and I think it’s a noble and honorable thing.

But AI will do most old-style worker jobs better.

Start planning your migration to Creator and/or Nurturer now. We’ll all be hybrids, and that’s ok. But try to move towards Creator / Nurturer as quickly as possible. And help the people you care about do the same.

APHORISM OF THE WEEK

The end of labor is to gain leisure.

Aristotle

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶 

Yours,