Google has released its Secure AI Framework (SAIF), a conceptual framework aimed at establishing robust security standards for AI development and deployment. This follows the European Commission’s draft Artificial Intelligence Act and Microsoft’s efforts in AI security. SAIF aims to address security risks, integrate various security efforts with Google’s AI platforms, encourage research, and emphasis the delivery of secure AI offerings.
Google’s SAIF aims to strengthen security measures and establish trust in AI models, by addressing security risks, integrating various security efforts with Google’s AI platforms, encouraging research, and emphasizing the delivery of secure AI offerings.
The framework is inspired by the European Union’s proposed AI regulation, which calls for high-risk AI applications to undergo impact assessments and be subjected to regular audits to ensure they comply with safety standards. The new Google framework aims to enable companies to securely develop and deploy AI systems, while also advancing the state of AI security. It is expected that SAIF will play a critical role in developing robust AI security infrastructure, and drive innovation in AI security.
However, some experts suggest that the new framework ultimately serves Google’s business interests by enhancing its reputation, differentiating its products, and ensuring customer retention. This raises concerns that the framework prioritizes commercial interests over security, and questions if it aligns with the greater good.
Meanwhile, companies affected by the MOVEit vulnerability continue to grapple with the impact of active exploitation by the Cl0p ransomware group. This includes big names like the BBC, British Airways, and Boots, who have been issued ultimatums by the hackers to release stolen data by June 14, 2023, unless the ransom is paid. The MOVEit Transfer vulnerability has affected not only MOVEit Transfer clients but also companies that use the services of Zellis, a payroll service provider.
Elsewhere, Anonymous Sudan has launched a fresh wave of DDoS attacks on American organizations, including Microsoft. The hacktivist group seemingly misunderstood a statement made by the US Secretary of State, leading to these attacks. It is unfortunate to see how misunderstandings can escalate into such large-scale malicious activities.
In addition, over 45,000 users fell victim to malicious PyPI packages, according to Cyble Research and Intelligence Labs (CRIL). PyPI administrators temporarily suspended new user and project registrations due to an overwhelming surge in malicious users and projects. It is concerning to see how these malicious actors exploit platforms and put innocent users at risk.
Furthermore, new ransomware gangs have emerged, with the Darkrace ransomware gang in its early stages, targeting Windows operating systems and exhibiting similarities to the LockBit ransomware. CRIL researchers also discovered the newly discovered Ransomware-as-a-Service (RaaS) initiative NoEscape being promoted on a cybercrime forum. The NoEscape RaaS dashboard enables affiliates to customize ransomware executables, specifying various parameters such as ransomware name, key name, comment, price, and timer type.
The notorious LockBit 2.0 ransomware group has also resurfaced, utilizing various methods to spread its malware and employing a double extortion technique to increase its chances of receiving ransom payments. According to CRIL researchers, the Lockbit ransomware has taken a surprising turn by distributing its payload through malicious documents, making it difficult to predict the motives behind this change.
Finally, there have been cases where messenger apps that we use supposedly under the false hope that the chats are private and safe, are no longer that. Android malware like “HelloTeacher,” disguises itself as popular messaging applications like Viber or Kik Messenger. This malware is capable of stealing sensitive data, including contact details, SMs data, and even capturing pictures and recording screens. It is alarming to see how these malware creators have continued to evolve their tactics.
These recent security incidents serve as reminders of the constant threats in the digital world. It is crucial to remain vigilant and take necessary precautions to protect our systems and data. SAIF’s introduction could help strengthen AI security measures, but it still remains to be seen if it serves commercial interests more than the greater good.