TechLetters ☕️ AI use in cyber/info operations will be invisible. Cybersecurity of AI. Apple processor bugs. Italy banned DeepSeek. Korea fined Apple and Alibaba
AI propaganda.
Exactly like I explain in my book "Propaganda". AI/LLM is for digital propaganda, rather than cyberattacks. Cyber threat actors are using generative AI like Gemini to increase their productivity in cyberattacks and information operations. This will rapidly grow in 2025. Expect every single one of them using those. Some of these uses will be invincible. AI accelerates cyberattacks by generating scripts, automating reconnaissance, troubleshooting malware development.Threat actors use AI to craft highly convincing phishing emails, fake personas, misinformation campaigns. This makes scams harder to detect and increases success rates. State-backed actors automate propaganda, generate tailored content, and optimize disinformation, manipulating public opinion at an unprecedented scale with minimal effort.AI will introduce entirely new attack methods, many of such uses will be undetectable. Though in general, the found uses of Gemini were completely unremarkable. No wonder. Why would they type it to some server-side prompt? The real uses won’t be found. We will not hear about them in such an easy way.
Security
China's DeepSeek. LLM model that shook up American AI makers with the debut of its V3 and reasoning-capable R1 LLM families, had a temporary limit on new signups to its web-based interface to its models due to what's said to be an ongoing cyberattack. DeepSeek’s database (leak?) was also found to be accessible publicly (development servers), contained some chat histories. With highly sensitive data.
Serious security issues in Apple M processors and iPhone Ax. They allow data leaks, theft, and active cyberattacks. SLAP exploits Load Address Prediction to leak sensitive data and bypass ASLR. FLOP uses Load Value Prediction for speculative data leaks and sandbox escapes in Safari and Chrome. No patch yet. Apple is investigating.
U.S. Food and Drug Administration warns about critical cybersecurity vulnerabilities in Contec and Epsimed patient monitors. The device may be remotely controlled by an unauthorized user. The software on the patient monitors includes a backdoor. Once the patient monitor is connected to the internet, it begins gathering patient data and exfiltrating the data outside of the health care delivery environment.
Privacy
Italy banned DeepSeek. Italian Data protection Authority has issued an urgent GDPR order to prohibit (ban) DeepSeek to offer services in Italy. "adopted to protect the data of Italian users ... DeepSeek [company] declared that they do not operate in Italy and that European legislation does not apply to them"
Korea issued a data protection fine on Apple and Alibaba. Korean data protection authority fined Kakao Pay $4.1 million for unauthorized user data transfers, Apple $1.68 million for failing to disclose overseas trustees, and ordered Alipay to destroy the NSF score predictive model (used to rate the likelihood of payment failure due to insufficient funds). Apple failed to inform users of the involvement of Alipay, violating transparency requirements under data protection laws.
Other
Research finds TikTok’s algorithm apparently favors one political side more than the other. Republican accounts got 11.8% more content supporting their views, Democrats saw 7.5% more content opposing theirs. The bias comes from negative partisanship, prioritizing criticism. Engagement alone doesn’t explain it. Limitations: LLMs classified content, bot-driven experiments don’t reflect real users, and visual/audio elements weren’t analyzed. From my experience in measurement studies, the methodology is sound. https://arxiv.org/pdf/2501.17831
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: