TechLetters #131 Self-breaching systems via AI code generation. US fears China cyberattacks. Alleged breakthrough in: quantum computing. Breakthrough in: GNU/Hurd.
Security
Attacking AI code generation. AI/GPT-generated source code may contain bogus lines inserting non-existing software/libraries. It is possible to exploit such fake-generation by… uploading such packages that would have attacker-controller functionality. “Using this technique, an attacker starts by formulating a question asking ChatGPT for a package that will solve a coding problem. ChatGPT then responds with multiple packages, some of which may not exist. This is where things get dangerous: when ChatGPT recommends packages that are not published in a legitimate package repository (e.g. npmjs, Pypi, etc.). When the attacker finds a recommendation for an unpublished package, they can publish their own malicious package in its place. The next time a user asks a similar question they may receive a recommendation from ChatGPT to use the now-existing malicious package. We recreated this scenario in the proof of concept below using ChatGPT 3.5.”
Disinformation/information operation targeting France. In a rare move, France attributes it to Russian State. "creation of false web pages impersonating national media and government sites as well as the creation of false accounts on social networks". A multi-channel campaign involving Russian embassies, cultural centers (actively participated in amplifying, including through accounts on social networks). Campaign targets French support of Ukraine.
U.S. fears China’s cyberattack. "in the event of open conflict between the U.S. and China ... hacking groups would target pipelines and railways ... disruption of critical pipelines, communications infrastructure, or transportation ... in the case of conflict "
Google introducing security framework for AI. Good that someone is seriously working on practical issues. Much more productive to focus on realistic risks than an over focus on big-talk such as IMPENDING-DOOM scenarios.
Technology Policy
EU competition probe of Google. Despite the high-flying words flung by EU officials, it's not the case that the only "solution" on the table is a divestment of Google from certain parts of their business. Why? Technology is changing. Other
Breakthrough in quantum computing. IBM obtained results indicating the possibility of “some” practical applications of small-scale quantum computers, with a high error rate, the only available equipment as of now (without error correction). It remains to be refined, but this is a huge progress. They tested the task on a quantum computer with 127 qubits (unreliable, high error rate). However, some meaningful results were obtained. This would indicate that having a few thousand such qubits could be even better. Such equipment will be available soon.
Nobody expected the Spanish Inquisition. GNU/Hurd, an operating system that was advertised as an 'Unix replacement (20-30 years ago) has been released. It's not even 2060 yet.
In case you feel it's worth it to forward this content further:
If you’d like to share: