News/Cybersecurity
What you need to know about data privacy in 2025
AI data privacy presents mounting challenges for SaaS companies as artificial intelligence adoption creates new risks around sensitive data handling and protection. The evolving landscape of AI privacy: The integration of AI features into SaaS products has introduced unprecedented privacy challenges, particularly regarding the handling of personally identifiable information (PII) in training data. Training data frequently contains hidden PII across public datasets, proprietary information, customer prompts, and documents Current monitoring systems for AI models lack the sophistication needed to adequately protect sensitive data Major AI providers like OpenAI and ChatGPT explicitly warn users against sharing sensitive information through their platforms...
read Feb 2, 2025Cybersecurity professionals sound the alarm about DeepSeek’s vulnerabilities
DeepSeek, the Chinese AI model taking the tech world by storm, has been facing persistent jailbreaking vulnerabilities, with multiple security firms discovering significant safety risks in the company's V3 and R1 models. Key findings from security research: Multiple cybersecurity teams have successfully bypassed DeepSeek's AI model safety restrictions, revealing concerning vulnerabilities in the system. Unit 42's research team demonstrated three different jailbreaking methods requiring minimal technical expertise The compromised models provided instructions for creating malware, conducting social engineering attacks, and developing harmful devices Cisco's testing showed DeepSeek R1 failed to block any harmful prompts from a set of 50 HarmBench...
read Feb 1, 2025A DeepSeek database left sensitive user data and chat histories completely exposed
DeepSeek, a Chinese AI startup, recently secured a database that had been exposing sensitive user data and system information without any authentication requirements. Critical security breach: Cloud security firm Wiz discovered an unprotected database containing DeepSeek user information and system data that was freely accessible to anyone. The exposed database contained more than 1 million log lines including user chat histories, API authentication keys, and system logs The data was stored in ClickHouse, an open-source data management system Security researchers found the vulnerable database "within minutes" without needing any authentication Potential impact: The security flaw could have allowed malicious actors...
read Feb 1, 2025Forrester on AI security: How to prevent jailbreaks, data poisoning and more
AI security is evolving rapidly, with recent incidents involving DeepSeek, Google, and Microsoft highlighting critical vulnerabilities and security challenges in generative AI systems. Recent developments; Major players in the tech industry have released significant findings about AI security threats and defensive measures. DeepSeek's app store success was quickly followed by Wiz's discovery of basic developer errors in their system Google published research on adversarial misuse of generative AI Microsoft released findings from red teaming 100 generative AI products, emphasizing how AI amplifies existing security risks Priority security areas; Organizations must focus on three key areas to effectively secure their AI...
read Feb 1, 2025OpenAI teams with US National Labs to bolster national security through AI
Partnership Overview: OpenAI is expanding its collaboration with the US government by providing its advanced AI models to approximately 15,000 scientists across National Laboratories. The partnership centers on providing access to OpenAI's o1 or other o-series models through Venado, an Nvidia supercomputer at Los Alamos Microsoft will assist in model deployment across the laboratory network The initiative encompasses Los Alamos, Lawrence Livermore, and Sandia National Labs Key Research Areas: The collaboration aims to accelerate breakthroughs in multiple critical domains that could significantly impact national interests. Scientists will focus on materials science, renewable energy, and astrophysics research The partnership includes efforts...
read Jan 31, 2025Taiwan bans its government departments from using DeepSeek
Taiwan has banned government departments from using DeepSeek's artificial intelligence service, citing security risks associated with the Chinese startup's cross-border data handling practices. Key policy announcement: The Taiwan Ministry of Digital Affairs has issued a directive prohibiting government departments from utilizing DeepSeek's AI services due to national security concerns. The ministry specifically highlighted risks related to cross-border data transmission and potential information leakage Officials emphasized that DeepSeek's status as a Chinese product raises particular security concerns given the geopolitical context The ministry indicated it will continue monitoring technological developments and adjust security policies as needed Geopolitical context: Taiwan's decision reflects...
read Jan 30, 2025Israeli cyber firm claims DeepSeek exposed sensitive data online
Chinese AI startup DeepSeek accidentally exposed sensitive data including software keys and user chat logs to the open internet, according to cybersecurity firm Wiz. The discovery: Wiz's infrastructure scans revealed over a million lines of unsecured DeepSeek data accessible on the open internet. The exposed information included digital software keys and chat logs containing user prompts to DeepSeek's free AI assistant DeepSeek responded quickly to Wiz's alert, securing the data within an hour Wiz's CTO Ami Luttwak expressed concern that others may have discovered the vulnerability due to its easy detection Market impact and competitive position: DeepSeek's rapid rise has...
read Jan 30, 2025This Nepalese AI startup is helping major American companies close their biggest sales
Global AI startup SecurityPal, headquartered in Nepal, has emerged as a key player in helping major tech companies like OpenAI, Figma, and Airtable efficiently manage security compliance questionnaires for their enterprise sales processes. The business need: Security questionnaires are a critical but time-consuming requirement for enterprise software sales, often involving hundreds of questions about data privacy, infrastructure security, and compliance measures. Companies like OpenAI typically dedicate multiple staff members to handle these questionnaires Sales engineers at companies like Grammarly previously spent significant time processing 10-12 questionnaires monthly Without completing these assessments, large enterprises cannot proceed with software purchases due to...
read Jan 29, 2025Google thwarts hacker group using Gemini to breach accounts
State-sponsored hackers from Iran, North Korea, China, and Russia have attempted to use Google's Gemini AI for malicious purposes, but their efforts have not produced any significant cybersecurity threats. Key findings: Google's investigation revealed that multiple state-sponsored hacking groups have been experimenting with Gemini AI for various tasks, though their attempts at sophisticated cyber attacks have been unsuccessful. More than 10 Iranian, 20 Chinese, and nine North Korean hacking groups were identified using Gemini Iranian APT actors were found to be the most frequent users of the AI system The hackers primarily used Gemini for basic tasks like translation, content...
read Jan 29, 2025OpenAI is investigating a potential data breach by DeepSeek
ChatGPT maker OpenAI is investigating Chinese AI startup DeepSeek for potentially misusing data from its models to create a competing AI assistant. Core investigation details; OpenAI is reviewing evidence that DeepSeek may have used a technique called distillation to transfer knowledge from OpenAI's models to its own smaller model. Distillation is a legitimate technique that transfers knowledge between AI models without exposing their inner workings While distillation itself is permitted, OpenAI's terms of service prohibit using distilled data to build competing AI products OpenAI is working with the U.S. government to protect advanced AI models developed in the United States...
read Jan 29, 2025Observo’s new AI-native data pipelines reduce noisy telemetry by 70%
A new AI-powered platform from Observo AI significantly reduces enterprise telemetry data noise while improving security incident response times. The core innovation: Observo AI has developed an AI-native data pipeline platform that automatically filters and routes telemetry data (logs, metrics, and traces) to optimize enterprise security operations. The platform uses machine learning to analyze incoming data streams and identify critical signals for incident detection Early customers report 70% reduction in noisy telemetry data and 40% faster incident response times The solution adapts automatically to new threats without requiring manual rule updates Market context: Enterprise systems are generating unprecedented volumes of...
read Jan 29, 2025Web developers deploy digital quicksand to fight back against AI crawlers
A new battlefront has emerged in the struggle over AI training data, as tech developers deploy sophisticated "tarpit" software designed to entangle and frustrate AI web crawlers that ignore traditional access controls. These digital traps, including tools like Nepenthes and Iocaine, create endless mazes of meaningless data specifically engineered to ensnare AI companies' web crawlers while wasting their computational resources. The development of these defensive measures marks an escalation in the ongoing tension between AI companies' aggressive data collection practices and website owners' attempts to maintain control over their content, though their long-term effectiveness remains to be seen. The core...
read Jan 29, 2025DeepSeek services are being disrupted by massive cyberattacks
Breaking development: Chinese AI company DeepSeek reports experiencing large-scale malicious attacks affecting its services, with Chinese state media claiming these attacks originate from US IP addresses. Current situation: The disruption comes as DeepSeek's powerful yet cost-effective AI model has drawn significant attention from Silicon Valley and U.S. government officials. A banner on DeepSeek's website indicates registration issues due to the reported attacks This marks the second such attack this week, with state broadcaster CCTV claiming multiple incidents of increasing intensity DeepSeek has not responded to requests for comment White House response: The U.S. National Security Council is investigating DeepSeek amid...
read Jan 28, 2025Is your data safe if you use DeepSeek?
Core security concerns: DeepSeek AI, a new artificial intelligence platform competing with ChatGPT, is raising significant privacy and data security concerns, particularly regarding its data collection practices and server locations in China. Privacy policy red flags: The platform's privacy policy reveals extensive data collection and storage practices that may put user information at risk. DeepSeek collects various forms of personal data, including names, birth dates, email addresses, and all user interactions with the platform User content, including text inputs, audio, uploaded files, and chat histories, is stored on servers located in China The company retains user data for an unspecified...
read Jan 28, 2025Microsoft is investigating whether DeepSeek stole data from OpenAI
Microsoft's investigation into potential unauthorized data access by DeepSeek-linked individuals highlights growing concerns about AI data security and international competition in artificial intelligence development. The core investigation: Microsoft security researchers have identified suspicious data collection activities potentially tied to Chinese AI startup DeepSeek involving OpenAI's technology. In fall 2023, Microsoft detected what appeared to be unauthorized extraction of large amounts of data through OpenAI's API The investigation focuses on individuals believed to be connected to DeepSeek, a Chinese artificial intelligence company The activity involved accessing OpenAI's proprietary AI models, which are normally available through paid API licenses Technical context: OpenAI's...
read Jan 27, 2025DeepSeek limits new user registrations to combat major influx of cyberattacks
China's AI startup DeepSeek has temporarily limited new user registrations following what the company claims are "large-scale malicious attacks," coming just as the company's rapid rise began impacting US tech market valuations. Recent developments; DeepSeek announced service disruptions amid cybersecurity concerns, though existing users can still access the platform. The timing coincides with DeepSeek's surge in popularity, recently surpassing ChatGPT's ranking on Apple's App Store The company has not provided specific details about the nature or source of the alleged attacks DeepSeek is actively investigating the security incidents Market impact; The rise of DeepSeek has triggered significant turbulence in US...
read Jan 25, 2025OpenAI research: Extending AI model ‘thinking time’ protects against cyber attacks
OpenAI's recent research reveals how extending AI model processing time can significantly enhance security against cyberattacks. By allocating more "thinking time," AI systems demonstrated improved robustness against adversarial threats, showcasing a promising avenue for bolstering AI security while acknowledging the challenges of evolving attack methods. Research overview: OpenAI researchers tested their o1-preview and o1-mini models to evaluate how increased inference time computation affects resistance to adversarial attacks. Tests included image-based manipulations, math problem attacks, and information overload techniques Results showed attack success probability often decreased to near zero with increased processing time While the models aren't completely unbreakable, extended computation...
read Jan 23, 2025How to enhance data backup and recovery with AI
The integration of AI and Machine Learning technologies is transforming data backup and recovery solutions, enabling more robust protection against cyberthreats, hardware failures, and human errors. The evolution of data protection: AI and ML technologies are fundamentally changing how organizations approach data backup and recovery by enabling advanced threat detection and automated response capabilities. Real-time monitoring systems can now detect unusual activities and potential cyberthreats, including unauthorized access attempts and abnormal data transfers Machine learning algorithms optimize backup processes by learning from historical data patterns The Veeam 2024 Data Protection Trends Report emphasizes the crucial role of AI/ML integration in...
read Jan 23, 20254 CEOs reveal AI and cyber insights at Davos
The World Economic Forum's annual meeting in Davos brought together influential CEOs who shared insights on AI, cybersecurity, banking, and political implications for 2025. Key executives and context: Four major portfolio company CEOs - from CrowdStrike, Goldman Sachs, Microsoft, and Salesforce - offered their perspectives on critical business and technology trends during the Davos summit. Chinese Vice Premier Ding Xuexiang and ECB President Christine Lagarde were among the key speakers Donald Trump is scheduled to speak remotely on Thursday BlackRock CEO Larry Fink will participate in an economic panel on Friday CrowdStrike's cybersecurity outlook: CEO George Kurtz addressed the evolving...
read Jan 23, 2025AI impersonators are on a mission to exploit your personal data
The rise of AI personas designed to mimic individuals for marketing and potential scams represents a significant development in digital marketing and online fraud techniques. The core concept: Advanced generative AI systems can now create sophisticated digital replicas of individuals, using their likeness, personality traits, and communication styles to influence purchasing decisions or perpetrate scams. AI personas can mimic an individual's writing style, voice, facial expressions, and even full-body movements These digital replicas can be created using publicly available data from social media and other online sources The technology can create both static and dynamic representations, including 3D visualizations Technical...
read Jan 22, 2025Developing nations will fall further behind without taking these ‘AI resilience’ measures
The deployment of advanced artificial intelligence systems poses unique challenges and potential risks for developing nations that lack robust technological and institutional infrastructure. The core challenge: Developing nations often lack fundamental safeguards and systems needed to manage potential AI risks, creating a significant vulnerability gap compared to more technologically advanced countries. Many nations have limited systems oversight capabilities and insufficient protection against cyber and biological threats Technical knowledge gaps and socioeconomic instability further complicate AI adoption Weak or nascent governmental institutions may struggle to effectively regulate and control AI deployment Critical vulnerabilities: The absence of key resilience factors in developing...
read Jan 21, 2025Major accounting firm pauses AI assistant after revealing sensitive customer information
The core details: An accounting technology company called Sage Group has temporarily suspended its AI assistant after it was discovered revealing customers' financial information to other customers. Sage Copilot, the company's AI assistant, was sharing customer financial records when asked to show recent invoices The issue was discovered by a customer who reported that the AI pulled data from multiple customer accounts The service was taken offline for several hours on Monday to address the data exposure Company response and implications: Sage Group downplayed the severity of the incident while implementing fixes to their AI system. A company spokesperson characterized...
read Jan 19, 2025How to protect yourself against AI scams
AI-powered scams are becoming increasingly sophisticated, with scammers using deepfake technology to impersonate voices and create deceptive video content. Current threat landscape; Recent incidents highlight how AI technologies are being weaponized for financial fraud and impersonation scams. A notable case involved a scammer using AI to replicate WIRED editorial director Katie Drummond's voice in an attempt to deceive her father Fraudsters are now employing AI tools to create convincing deepfake videos for real-time scam operations Some AI financial advisory startups have been found to push high-fee cash advances and high-interest personal loans rather than providing genuine financial guidance Key warning...
read Jan 17, 2025Microsoft is cracking down on malicious actors who bypass Copilot’s safeguards
Microsoft has initiated legal action against cybercriminals who developed tools to bypass security measures in generative AI services for malicious purposes. Key details of the breach: A foreign-based threat group created sophisticated software to exploit exposed customer credentials and manipulate AI services. The group collected credentials from public websites to gain unauthorized access to customer accounts After gaining access, they modified AI service capabilities and sold this unlawful access to other bad actors The group also provided instructions for creating harmful content using these compromised services Microsoft's response: The tech giant has taken immediate defensive actions while pursuing legal remedies...
read