faebudo2d ago
Ian Campbell 🏴

NEW RESEARCH - I'm pretty proud we were able to pound out and ship a piece on this within 3 days. But its importance may get lost in the news cycle.

While we continue to struggle with things like keeping private keys secret, we're also busy introducing autonomous, nondeterministic agents into every place possible that are subject both to all the problems we still struggle with *AND* largely interminable new problems that can't be easily guardrailed-away.

Sure, this is a Chinese company so it's difficult for many folks to envision the same thing happening in the US, but we are 100% setting ourselves up for it, and companies and professionals not gleefully joining in the regressions are being continually punished.

This is a warning sign, and unfortunately, we will fail to heed it.

https://dti.domaintools.com/research/exposure-of-tls-private-key-for-myclaw-360-in-qihoo-360-security-claw-ai-platform

DomainTools Investigations | Exposure of TLS Private Key for Myclaw 360 in Qihoo 360 “Security Claw” AI Platform

DTI analysis of a leaked TLS private key from Qihoo 360's AI security platform, covering cryptographic validation, threat scenarios, and incident response.

Mar 20 at 2:14pmWeb
Show threadRootWyrm 🇺🇦3d ago
@neurovagrant I'm quite certain there are US and EU companies making exactly these kind of mistakes in shipping products now. After all, they made them first. Multiple times. (See also: Sony every fucking time with the Playstation.)