Unsupervised Learning: No. 181

Unsupervised Learning: No. 181

Some absolutely fascinating research has just come out on what percentages and types of vulnerabilities are actually exploited in the wild. It found that only 5.5% of vulnerabilities discovered between 2009 and 2018 were actually exploited, with most of those being issues with a CVSS score of 9 or 10. The best part of the paper, however, was a discussion of optimal patching strategies, where they looked at different methodologies for what to patch and measured them against each other based on coverage (no misses) and efficiency (not patching what you don't have to). Options included patching by CVSS, whether or not there are public exploits, by vulnerability tags, etc. The ML model performed best, but it seemed that patching the CVSS 7 and above was decent as well, and for more efficiency but less coverage—CVSS 9 and above. Super interesting paper. More

The US is going to start requiring 5 years of social media account history from Visa applicants, as part of the filtering process. I'm genuinely curious as to how effective this is going to be. On the one hand, there will now be a market for creating and maintaining fake social media accounts that people can use for this purpose. But on the other hand, there will be many who don't want to go to that effort and either won't try to come, or will get caught in the filter. As with most things, the efficacy will come down to execution. More

A team at Stanford has made it possible to edit video using a text editor. So, editing the things that were said by the actual subject, to say something else entirely, but having it seamlessly injected into the video so it looks completely natural. More

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Episoder(532)

Using the Smartest AI to Rate Other AI

Using the Smartest AI to Rate Other AI

In this episode, I walk through a Fabric Pattern that assesses how well a given model does on a task relative to humans. This system uses your smartest AI model to evaluate the performance of other AIs—by scoring them across a range of tasks and comparing them to human intelligence levels. I talk about: 1. Using One AI to Evaluate AnotherThe core idea is simple: use your most capable model (like Claude 3 Opus or GPT-4) to judge the outputs of another model (like GPT-3.5 or Haiku) against a task and input. This gives you a way to benchmark quality without manual review. 2. A Human-Centric Grading SystemModels are scored on a human scale—from “uneducated” and “high school” up to “PhD” and “world-class human.” Stronger models consistently rate higher, while weaker ones rank lower—just as expected. 3. Custom Prompts That Push for Deeper EvaluationThe rating prompt includes instructions to emulate a 16,000+ dimensional scoring system, using expert-level heuristics and attention to nuance. The system also asks the evaluator to describe what would have been required to score higher, making this a meta-feedback loop for improving future performance. Note: This episode was recorded a few months ago, so the AI models mentioned may not be the latest—but the framework and methodology still work perfectly with current models. Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

19 Apr 9min

A Conversation with Patrick Duffy from Material Security

A Conversation with Patrick Duffy from Material Security

➡ Secure what your business is made of with Martial Security: https://material.security/ In this episode, I speak with Patrick Duffy from Material Security about modern approaches to email and cloud workspace security—especially how to prevent and contain attacks across platforms like Google Workspace and Microsoft 365. We talk about: • Proactive Security for Email and Cloud PlatformsHow Material goes beyond traditional detection by locking down high-risk documents and inboxes preemptively—using signals like time, access patterns, content sensitivity, and anomalous user behavior. • Real-World Threats and Lateral MovementWhat the team is seeing in the wild—from phishing and brute-force attacks to internal data oversharing—and how attackers are increasingly moving laterally through cloud ecosystems using a single set of compromised credentials. • Customizable, Context-Aware Response WorkflowsHow Material helps teams right-size their responses based on risk appetite, enabling fine-grained actions like MFA prompts, access revocation, or full session shutdowns—triggered by dynamic, multi-signal rule sets. Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler Chapters: 00:00 - Welcome & High-Level Overview of Material Security02:04 - Common Threats: Phishing and Lateral Movement in Cloud Office05:30 - Access Control in Collaborative Workspaces (2FA, Just-in-Time, Aging Content)08:43 - Connecting Signals: From Login to Exfiltration via Rule Automation12:25 - Real-World Scenario: Suspicious Login and Automated Response15:08 - Rules, Templates, and Customer Customization at Onboarding18:46 - Accidental Risk: Sensitive Document Sharing and Exposure21:04 - Security Misconfigurations and Internal Abuse Cases23:43 - Full Control Points: IP, Behavior, Classification, Sharing Patterns27:50 - Integrations, Notifications, and Real-Time Security Team Coordination31:13 - Lateral Movement: How Attacks Spread Across the Workspace34:25 - Use Cases Involving Google Gemini and AI Exposure Risks36:36 - Upcoming Features: Deeper Remediation and Contextual Integration39:30 - Closing Thoughts and Where to Learn MoreBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

15 Apr 26min

AICAD: Artificial Intelligence Capabilities For Attack & Defense

AICAD: Artificial Intelligence Capabilities For Attack & Defense

AI is changing cybersecurity at a fundamental level—but how do we decide what to build, and when? In this episode, I outline a structured way to think about AI for security: from foundational ideas to a future-proof system that can scale with emerging threats. • Rethinking Human Workflows as Intelligence PipelinesBy mapping tasks into visual workflows, we can pinpoint exactly where human intelligence is still required—and where AI agents are most likely to replace or enhance us. • Using AI to Understand and Manage Organizational StateI introduce the concept of AI state management: building systems that track your current and desired security posture in real time, and using AI to bridge the gap—automating insights, decisions, and even actions across your environment. • Building a Cyber Defense Program Inspired by Attacker PlaybooksInstead of waiting for threats, I propose a new framework based on attacker capabilities—what they wish they could do now and in the near future—and how to proactively prepare by building a continuously adapting AI-powered defense system. Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler Chapters:00:00 - Framing the Future: Two Key Questions on AI and Cybersecurity01:28 - Intelligence Pipelines: Visualizing Human Work as Replaceable Workflow06:10 - Theory of Constraints: How Attackers Are Bottlenecked by Human Labor10:42 - Defining Agents: What Makes AI Different From Traditional Automation12:08 - AI State Management: The Universal Use Case for Automated Intelligence16:53 - Real-World Demo: Unified Context AI for Security Program Management26:30 - Advanced Uses: Reassigning Projects, Updating KPIs, and Security Reports34:58 - Automating Security Questionnaires With AI Context Awareness38:43 - ACAD Framework: Predicting and Preparing for Future Attacker Capabilities47:40 - Defender Response: Building AI-Driven Red Teams and Internal UCCs52:25 - Final Answers: How Software and Security Change With AI AgentsBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

12 Apr 42min

A Possible Path to ASI

A Possible Path to ASI

The conversation around AGI and ASI is louder than ever—but the definitions are often abstract, technical, and disconnected from what actually matters. In this episode, I break down a human-centered way of thinking about these terms, why they’re important, and a system that could help us get there. I talk about: • A Better Definition of AGI and ASIInstead of technical abstractions, AGI is defined as the ability to perform most cognitive tasks as well as a 2022 U.S.-based knowledge worker. ASI is intelligence that surpasses that level. Framing it this way helps us immediately understand why it matters—and what it threatens. • Invention as the Core Output of IntelligenceThe real value of AGI and ASI is their ability to generate novel solutions. Drawing inspiration from the Enlightenment, we explore how humans innovate—and how we can replicate that process using AI, automation, and structured experimentation. • Scaling the Scientific Method with AIBy building systems that automate idea generation, recombination, and real-world testing, we can massively scale the rate of innovation. This framework—automated scientific iteration—could be the bridge from human intelligence to AGI and beyond. Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerChapters: 00:00 - Why AGI and ASI Definitions Should Be Human-Centric01:55 - Defining AGI as a 2022-Era US Knowledge Worker03:04 - Defining ASI and Why It’s Harder to Conceptualize04:04 - The Real Reason to Care: AGI and ASI Enable Invention05:04 - How Human Innovation Happens: Idea Collisions and Enlightenment Lessons06:56 - Building a System That Mimics Human Idea Generation at Scale09:00 - The Challenge of Testing: From A/B Tests to Biotech Labs10:52 - Creating an Automated, Scalable Scientific Method With AI12:50 - A Timeline to AGI and ASI: Predictions for 2027–2030Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

8 Apr 10min

A Conversation With Matt Muller From Tines

A Conversation With Matt Muller From Tines

➡ Build, run, and monitor workflows with Tines at: tines.com In this episode, I speak with Matt Muller, Field CSCO at Tines, about how automation and AI are transforming security operations at scale. We talk about: • Tines' Mission to Eliminate Manual Security Work Through Automation How Tines helps security teams streamline incident response and workflow automation without needing to write code, saving time and reducing burnout. • Applying AI to Security Operations and Analyst Workflows How AI is used in phishing analysis, threat intel reporting, and data transformation—integrated safely into workflows using tools like Workbench with private LLMs. • Tines Workbench and the Future of Agentic AI How Workbench combines chat with deterministic automation to help analysts take action securely, and how Tines is exploring agentic AI to take automation even further. Chapters: 00:00 - How Tines Automates Security to Solve SOC Burnout07:19 - The AI Arms Race: How Attackers and Defenders Are Evolving09:08 - Why Security Still Comes Down to Workflow, Logging, and Action13:41 - How CISOs Are Balancing AI Adoption and Enterprise Risk17:36 - Using AI in Tines to Transform and Automate Security Workflows20:40 - How AI Detects Business Email Compromise Better Than Rules25:26 - From Security to Data Pipelines: Tines as Workflow Orchestration28:59 - Inside Workbench: Secure AI-Powered Chat for Analysts36:00 - Automating Phishing Investigations with Trusted Tool Integrations39:19 - Where to Learn More and Try Tines for FreeBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

1 Apr 39min

UL NO. 474 | Signal OPSEC, White-box Red-teaming LLMs, Unified Company Context (UCC), New Book Recommendations, Single Apple Note Technique, and much more...

UL NO. 474 | Signal OPSEC, White-box Red-teaming LLMs, Unified Company Context (UCC), New Book Recommendations, Single Apple Note Technique, and much more...

STANDARD EDITION: Signal OPSEC, White-box Red-teaming LLMs, Unified Company Context (UCC), New Book Recommendations, Single Apple Note Technique, and much more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to unlock the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

31 Mar 18min

A Conversation With Slava Konstantinov From ThreatLocker

A Conversation With Slava Konstantinov From ThreatLocker

➡ Allow what you need, block everything else with ThreatLocker: threatlocker.com In this episode, I speak with Slava Konstantinov, ThreatLocker's MacOS Lead Architect, about their zero-trust approach to endpoint security and their latest cybersecurity innovations. We talk about: • ThreatLocker’s Zero Trust Approach to Cybersecurity:How ThreatLocker enforces a default deny security model, ensuring only explicitly allowed applications and actions can run, reducing attack surfaces and unauthorized access. • Key ThreatLocker Products and Features:How ThreatLocker’s solutions—Application Control, Storage Control, Ring Fencing, Network Control, and ThreatLocker Detect—help organizations enhance security through granular policy enforcement. • New & Upcoming ThreatLocker Features:How new solutions like Patch Management, Web Control, Insights, and Cloud Detect will provide even greater security, automation, and compliance for businesses managing complex IT environments. Chapters:00:00 - Intro to ThreatLocker and Zero Trust Security01:24 - How ThreatLocker’s Application Control Blocks Unauthorized Software06:52 - Storage Control: Preventing Unauthorized Data Access and USB Threats08:19 - Ring Fencing: Controlling App Permissions and Network Access12:37 - Elevation Control: Granting Admin Privileges Without Risk16:23 - Network Control: Restricting Internet and Internal Network Access19:26 - AI-Driven Security Policies: The Future of ThreatLocker Management24:07 - Mac vs. Windows Security: Key Differences and Challenges29:49 - ThreatLocker’s Expansion: New Products and Future Plans32:32 - Where to Learn More About ThreatLocker’s Security SolutionsBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

18 Mar 33min

UL NO. 472 | STANDARD EDITION: 28 Open Cyber Jobs, Real-world AI Propaganda Poisoning, MCP Explained, Cline vs. Windsurf, and more...

UL NO. 472 | STANDARD EDITION: 28 Open Cyber Jobs, Real-world AI Propaganda Poisoning, MCP Explained, Cline vs. Windsurf, and more...

STANDARD EDITION: 28 Open Cyber Jobs, Real-world AI Propaganda Poisoning, MCP Explained, Cline vs. Windsurf, and more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member for the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessleBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

15 Mar 39min

Populært innen Teknologi

romkapsel
rss-avskiltet
teknisk-sett
energi-og-klima
tomprat-med-gunnar-tjomlid
shifter
rss-impressions-2
nasjonal-sikkerhetsmyndighet-nsm
smart-forklart
rss-alt-som-gar-pa-strom
pedagogisk-intelligens
rss-digitaliseringspadden
elektropodden
rss-heis
i-loopen
kunstig-intelligens-med-morten-goodwin
rss-snakk-om-sikkerhet
rss-alt-vi-kan
rss-plateprat
rss-fjorsilkebris-podcast