Andrei KucharavyGiving a talk today at the Swiss #CISOSummit in the margin of the #SwissCyberStorm about the LLMs in cybersecurity, current hype, and the lessons from the last few decades to provide them with tools to make informed decisions.
A super interesting talk from Ruben Santamarta, at the #SwissCyberStorm on the cybersecurity of nuclear reactors.
The full report is really cool, and the blend of the physics and cyber in energy-intense applications is really cool and reminds me a lot of work @ianapeix did on renewables, power IOT, and energy grid stability at @cydcampus
Full 130 pages of report: https://drive.google.com/file/d/1qe_nBH1ACDX2ydmzcIhJnbdRGnoDvVfP/view
Nice to see @LukaszOlejnik echo the concerns as to LLMs and GenAI usage in information operations for countries with isolated langauage and cultural background, especially for locally usable GenAI, that we voiced in our report for the CYD campus in early 2023 (https://arxiv.org/abs/2303.12132)
Fundamentals of Generative Large Language Models and Perspectives in Cyber-Defense
Generative Language Models gained significant attention in late 2022 / early 2023, notably with the introduction of models refined to act consistently with users' expectations of interactions with AI (conversational models). Arguably the focal point of public attention has been such a refinement of the GPT3 model -- the ChatGPT and its subsequent integration with auxiliary capabilities, including search as part of Microsoft Bing. Despite extensive prior research invested in their development, their performance and applicability to a range of daily tasks remained unclear and niche. However, their wider utilization without a requirement for technical expertise, made in large part possible through conversational fine-tuning, revealed the extent of their true capabilities in a real-world environment. This has garnered both public excitement for their potential applications and concerns about their capabilities and potential malicious uses. This review aims to provide a brief overview of the history, state of the art, and implications of Generative Language Models in terms of their principles, abilities, limitations, and future prospects -- especially in the context of cyber-defense, with a focus on the Swiss operational environment.
Closing keynote of #SwissCyberStorm: WAFs and Log4Shell by John Graham-Cumming, CTO of Cloudflare.
Apparently 9 min from public disclosure to first exploitation attempt. An amazing example of real-world detector evasion on an actual incident.
Apparently 9 min from public disclosure to first exploitation attempt. An amazing example of real-world detector evasion on an actual incident.