UL NO. 439: Humans vs. AI in Prediction Markets

Project Metaculus, SSH and Juniper 0-Day, China v. Taiwan, R1 Leaks, and more…

Author

Daniel Miessler
July 01, 2024

SECURITY | AI | MEANING :: Unsupervised Learning is my continuous stream of original ideas, analysis, tooling, and mental models designed to help humans thrive in a world full of AI.

TOC

NOTES

  • Heads-down on talks and courses and essays and video content. Feels good to have lots of ideas, but bad to be behind.

  • Matt Williams put out a quality introduction to Fabric on his YouTube channel. 🫶🏻YOUTUBE

!!! 📚Updated AUGMENTED v2 Course Outline !!!

Okay, here's an update on AUGMENTED V2—it’s now significantly better than the first version. The original plan was a big refresh, which would have been awesome, but over the last week it’s morphed into something else.

  • Expansion to 4+ hours vs. 3 for V1.

  • A whole section on augmenting AI with your personal context

  • A full section on building your own work/life workflows

  • A full section on Obsidian integration

  • Extensive training on—and use of—Fabric throughout

  • Far more examples of patterns and workflows

  • A more cohesive “philosophical —> technical” flow of the course

  • Adding more over the next two weeks…

My next couple weeks are tasked just to making this class better. Can’t wait.

🧠CHEAT CODE—become a UL member to get $250 off AUGMENTED V2. 

Ok, let’s get to it…

MY WORK

I think I cracked Trump’s popularity, and unless the DNC does the same, we’re probably heading for Trump 2.

How the Far-left Will Elect Trump in November 2024

I think I finally figured out the energy source for Trump's inexplicable popularity…

danielmiessler.com/p/farleft-will-elect-trump-november-2024

STORIES

🚨There's a new zero-day in OpenSSH that allows remote code execution as root on glibc-based Linux systems. It’s not super clear which SSH stacks are affected yet, but we do know that it takes some time to exploit—at least on the Morning of July 1st. Make sure you’re aware of your SSH exposure and check the resources for your stack. QUALYS

🚨There's a full 10.0 critical vulnerability in Juniper Networks routers that allows attackers to bypass authentication and take full control. | CVSS 10.0 | THEREGISTER

The Snowflake breach is expanding with over 165 victims, including Ticketek and Advance Auto Parts. A hacker from ShinyHunters claims they accessed Snowflake via third-party contractors. THEREGISTER 

As part of the Snowflake incident, Santander's US branch is notifying over 12,000 employees that their personal info was compromised in a third-party breach. SECURITYWEEK

RedJuliett, a Chinese state-sponsored group, has been exploiting network edge devices to target Taiwanese government, academic, technology, and diplomatic organizations. RECORDEDFUTURE 

Sponsor

Work Faster and Reduce Barriers to Automation with AI in Tines

Everyone is talking about AI right now, but the value of AI depends on your ability to trust it.

AI in Tines is designed with security and privacy in mind - you decide when and how your workflows interact with AI.

Here’s what security leaders and practitioners are saying about AI in Tines:

  • “Automatic mode is a gamechanger for new users, it makes the learning curve for advanced use cases very short.” - Amulya Namburi, SOAR Team Lead at Experian

  • "It's unlocking new use cases for us.” - Allen Cox, Senior Director of Security and IT, MyFitnessPal

  • “In terms of what you can build with it, the limit is your imagination.” - Kyle McGaley, Senior Security Engineer, Udemy

Remember the R1 AI device? Well, all R1 responses ever given can be downloaded. Nightmare fuel, basically. Anything you got back from your “personal” AI device, now visible to whomever. | RABBITU 

💡This is exactly what most security experts (including me) predicted with regard to AI and security. Specifically, AI startups and security.

Startups generally run with scissors, and AI startups run extra fast with extra scissors.

And if you think THIS is bad, wait until the Digital Assistant (DA) companies start popping up, and everyone is uploading their personal context to these startups. Traumas, journals, personal conversations, etc.

When those startups get breached, it’s going to be way worse.

It won’t stop DAs or AI from moving forward, mind you, because the benefits will be too powerful. But it’ll be nasty.

Here’s the AI Attack Surface as I see it:

Click for full size

Russian hacking group APT29, also known as Cozy Bear, breached TeamViewer's corporate IT environment. THERECORD 

💡This is why I’ve slowly over the years migrated to a very simple stance on security tooling (or really any core tooling):

Use the official offerings from the big companies whenever possible.

Why?

  • They have giant security teams

  • They have giant security budgets

  • They have a LOT to lose in terms of PR and market share

In short, I only want to trust my data to companies that have both the incentive AND the resources to protect it, and those tend to be the big players like Microsoft, Google, Apple, etc.

You obviously can’t do that for all tooling, but it’s my preference when the option is available.

Chinese hackers are now using ransomware as a cover for cyberespionage, making it harder to attribute attacks. | CYBERSCOOP 

Perplexity AI is under fire for allegedly stealing content from publishers and bypassing web scraping protocols. | by Cassandra Cassidy | MORNING BREW 

Metaculus is launching a series of quarterly tournaments to benchmark AI forecasting against human forecasting on real-world questions, with $120,000 in prizes. | METACULUS 

💡Ok this is spectacular. It’s becoming my new obsession.

RIGOROUS PREDICTIONS.

Basically, there are groups (including this Metaculus one) where people make specific predictions, and they track their success rates. So it’s not just feels; it’s real results and looking back to see how people did.

Well, THIS project is now having AI compete against humans on this!

I cannot wait to watch this field progress. NOTE: If you want to get into this world, go read SUPERFORECASTING. It’s the book that got me started in all this.

Researchers at UC Santa Cruz have figured out how to run billion-parameter-scale LLMs on just 13 watts of power, about 50 times more efficient than current data center GPUs. They achieved this by removing matrix multiplication from the LLM training and inference processes. | TOMSHARDWARE 

💡This is what I call “slack in the rope”, and what Leopold Aschenbrenner calls removing “hobbling”. And it’s why I think we’re at like 1% (or way less) of our potential for neural nets and LLMs.

To me, the game is: SCALE X ALGO X TRICKS

Where “tricks” are finding this slack in the rope, which can potentially massively improve the algorithms or advantages from scale.

Leopold’s SITUATIONAL AWARENESS has the best long-form discussion of all this.

Businesses are desperate for AI guidance, and big consulting firms are stepping in to help. McKinsey says generative AI will be 40% of its business this year, and IBM's consultants have secured $1 billion in AI sales commitments. | by Matty Merritt | MORNING BREW 

💡What have we been saying? 40% of McKinsey’s business!

And this stuff all started like 3 days ago, basically. 18 months is a blink of an eye. Now ask what percentage of their business is crypto-related.

Alibaba's Qwen models take three top spots on Hugging Face, while major US competitors lag behind. The new leaderboard tests models on tasks like solving 1,000-word murder mysteries and high-school math equations. | TOMSHARDWARE 

💡This is disturbing. AI and drone tech are two places we need to beat China.

People in high-income democracies are increasingly dissatisfied with how democracy is working. Since 2021, satisfaction has dropped significantly in countries like Canada, Germany, Greece, South Korea, the UK, and the US. | by Pew Research Center | PEWRESEARCH 

🔥 This is fine.

A study showed that loneliness in midlife is linked to believing in conspiracy theories. | NATURE 

IDEAS

If I designed an education curriculum, one of the main themes would be hard work → easy life, and laziness → hard life. And the concept of resilience. Honestly I would focus a lot on the Stoics, but these themes are the biggest for me. X

DISCOVERY

Project Naptime — Google's new AI framework for vulnerability research lets humans "take regular naps" while it mimics human security researchers. It uses tools like a Code Browser, Python sandbox, and Debugger to improve automated discovery of vulnerabilities. | THEHACKERNEWS

💡These frameworks just keep getting better. Here’s what I think you should expect:

Remember when we saw Will Smith eating spaghetti like a year ago, and it was horrible? Well, now it looks almost realistic.

The same will happen with hacking frameworks, but I think that last 5% of skill at the top will take longer to break into for AI because it’s so heavy on human creativity.

But getting to 90-95% of what an average manual tester does in the next 2 years will be massive.

These frameworks will be used by all attackers and defenders, and the window between new vulnerabilities and either exploitation or mitigation will shorten dramatically.

Extending Burp Suite for Fun and Profit — This guide shows you how to extend Burp Suite using Montoya's methods. | by Federico Dotta | HUMANATIVASPA 

ElevenLabs Text to Audio — ElevenLabs has launched an iOS app that converts any text into audio narration using AI. These voices are basically perfect, including the timing. Insanely good. | by ElevenLabs | VENTUREBEAT 

Claude Projects — A new feature in Claude is Anthropic’s answer to Assistants. | ANTHROPIC 

Dappier — A new platform where publishers can set a price for using their content in model training. | by Dappier | TECHCRUNCH 

A Better Paradise — Absurd Ventures' new podcast "A Better Paradise" aims to elevate a fictional episodic series with a billionaire leading the world toward a digital dystopia in 2040. | by Absurd Ventures | A BETTER PARADISE 

RECOMMENDATION OF THE WEEK

A soon as you get a chance, go for a ride in a Waymo in San Francisco. They’re now open to everyone. It’s a remarkable experience—especially the first few times.

Try it out, and watch the screen in the vehicle. Those are all the things it’s tracking while never texting, looking at its phone, or daydreaming.

APHORISM OF THE WEEK

Every event has two handles—one by which it can be carried, and one by which it can't.

Epictetus

Hey there,

You should become a UL member. Here’s what you get:

  • Entry into the best online community I’ve ever been a part of

  • We’re voraciously curious, we’re constantly reading, constantly learning, and we share what we learn with others. But most importantly, we’re kind. We’re a community of helping people become their best selves

  • An insanely great Book Club, which has been running for like 5 years straight!

  • Additional monthly meetups where we share tools, routines, personal challenges, and lots of other stuff you can’t get anywhere else

  • Significant discounts on my paid offerings

  • Access to private UL events

  • And more…

Thank you,

-Daniel