Tag Archive for: Explored

DEF CON Generative AI Hacking Challenge Explored Cutting Edge of Security Vulnerabilities

/in


Data from the human vs. machine challenge could provide a framework for government and enterprise policies around generative AI.

AI generated image of a hacker in front of a laptop.
Image: AVC Photo Studio/Adobe Stock

OpenAI, Google, Meta and more companies put their large language models to the test on the weekend of August 12 at the DEF CON hacker conference in Las Vegas. The result is a new corpus of information shared with the White House Office of Science and Technology Policy and the Congressional AI Caucus. The Generative Red Team Challenge organized by AI Village, SeedAI and Humane Intelligence gives a clearer picture than ever before of how generative AI can be misused and what methods might need to be put in place to secure it.

Jump to:

Generative Red Team Challenge could influence AI security policy

The Generative Red Team Challenge asked hackers to force generative AI to do exactly what it isn’t supposed to do: provide personal or dangerous information. Challenges included finding credit card information and learning how to stalk someone. The AI Village team is still working on analyzing the data that came from the event and expects to present it next month.

This challenge is the largest event of its kind and one that will allow many students to get in on the ground floor of cutting-edge hacking. It could also have a direct impact on the White House’s Office of Science and Technology Policy, with office director Arati Prabhakar working on bringing an executive order to the table based on the event’s results.

Organizers expected more than 3,000 people would participate, with each taking a 50-minute slot to try to hack a large language model chosen at random from a pre-established selection. The large language models being put to the test were built by Anthropic, Cohere, Google, Hugging Face, Meta, NVIDIA, OpenAI and Stability. Scale AI developed a scoring system.

“The diverse issues with these models will not be resolved until more people know how to red team and assess them,” said Sven Cattell, the founder of AI Village, in a press release. “Bug bounties, live hacking events and other standard community engagements in security can be modified for machine learning model-based systems.”

SEE: At Black…

Source…

ICE, IRS Explored Using Hacking Tools, New Documents Show

/in


ICE

Image: Smith Collection/Gado/Getty Images

Federal agencies including Immigration and Customs Enforcement (ICE) and the Internal Revenue Service (IRS) are at least exploring the use of, if not actively deploying, hacking tools in criminal investigations, according to a newly released cache of documents shared with Motherboard.

The documents, which stem from a Freedom of Information Act lawsuit between activist group Privacy International and various government agencies, are heavily redacted, but draw the contours of how other federal law enforcement agencies beyond the FBI and DEA are interested in hacking criminal suspects.

“The documents show a growing perception among agencies that government hacking is not just acceptable, but an efficient and desirable solution for law enforcement activities. The fact that we’ve seen interest in acquiring hacking capabilities by organisations such as the U.S. Secret Service, the Drug Enforcement Agency, and even the Internal Revenue Service, reveals that there is a broader range of circumstances for which hacking is likely to be used,” Laura Lazaro Cabrera, a legal officer from Privacy International, told Motherboard in an emailed statement.

Do you produce NITs for the government? Do you deploy NITs or know anything else about them? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on [email protected], or email [email protected].

Some parts of the Department of Justice, including the FBI, use the term network investigative techniques (NITs) to broadly refer to hacking tools that agencies may use in cases. The FBI has deployed NITs against child abusers, people making bomb threats, and cybercriminals. Often they consist of Word documents or other files that are designed to communicate to an FBI controlled server once opened by a target, revealing their real IP address, particularly if they are using the Tor anonymity network to hide their location. Motherboard previously reported how other NITs deployed by the FBI include exploits targeting the Tails operating system and Tor Browser.

As Motherboard recently revealed, the U.S….

Source…