Yoni Shohed (13:19)

So I think there's two layers here of concerns in areas that most people are focusing on. The first is the fact that it's coming from China and the second is the fact that it's open source. I think the best way that most people can probably understand today is the fact that just looking at Deep SEQ as the latest example that really hit the headlines. But it's eventually tools that are encouraging users or adopters of the open source capabilities to leverage open source models that include can include a wide variety of open source capabilities from the code or to or algorithms to the data itself. That is the core aspect in most AI models. And the fact that it's open source, meaning that everybody has access to see exactly the source code and the source elements in an open source fashion, which is atypical to how most AI models were released until recently. Even OpenAI, even in the name, OpenAI is not open source. So a lot of the ChatGPT capabilities and others are closed source, meaning that you have limited transparency in terms of how the logic in the backend operates.

Dave Bittner (14:31)

So in your estimation, what are the specific risks here?

Yoni Shohed (14:35)

Yeah, so I think the main thing that concerns a lot of people is really the fact that it's Chinese in terms of the infrastructure and the people behind these types of open source models, which means that it's governed by the Chinese government regulations, not by more Western society in terms of how the data is treated, in terms of privacy and potential security concerns, and also in terms of their obligations and requirements to disclose some of this data to potential government. The data that you feed to the AI models to the potential government, which I think is the first order of most of the risks and concerns that we see today within the industry is eventually am I giving away my data to the Chinese government by leveraging these tools? Basically, I think the second, second aspect is really the fact that these tools are open source. There's pros and cons of fact that it's open source AI tools. Obviously it can lead to better collaboration and to more inputs from the broader industry in terms of what you can do with these tools or how you can make them applicable. But also these types of open source AI tools are typically also less focused on enterprise grade capabilities. Ensuring proper security, reducing chances of vulnerabilities, or patching potential vulnerabilities in the logics that they implement and how they handle the data. And also the fact that specifically some of these models have a open source also the data models themselves then also could potentially the data that I'm feeding to a prompt or to a tool eventually get open sourced itself because it's going to be leveraged for potential learning of these AI models which are very data hungry as we all know.

Dave Bittner (16:31)

So help me understand here. I mean, the models being open source, would they typically be running locally or will they be running remotely?

Yoni Shohed (16:42)

So it could be either or eventually you could download it and run it locally and own the infrastructure that it's running. But also you can just log in to Deep seq's prompt and work with the chat directly. Which I think also leads to other concerns because there could be a lot of variations that are based on very high quality models and data and they can market it in separate in different ways that would make it look very legitimate. But you don't have precisely a good understanding of who's behind these capabilities and tools because we're making them more accessible for potentially malicious or adversary organizations to leverage high quality AI models and data to build commercial tools that will look if they're like powered by Deep SEQ or try to build credibility based on a well known brand name, even though they're not precisely the same people behind these original tools. Even if you can question their credibility.

Dave Bittner (17:47)

Regardless, I know one of the concerns that you've expressed is the use of these tools within financial services institutions. What is the specific risk there?

Yoni Shohed (17:59)

Yeah, so I think their main concerns from what we've seen, and this is probably when we look at what we do at valence as a SaaS security company, and we highlighted for some of our customers the adoption of Deep SEQ within the organization. It's just the unknown on how employees are sharing data, because again, AI is as good as the data that you feed it. And if you're trying to use an AI model or an AI application to get your job done, you most likely need to tell it something about your work or about the nature of what you're doing, or even specific information that could be sensitive. Eventually, when you feed this data to an AI model that nobody has vetted and nobody's trusting, and these AI models can pop up and become the hottest trend and make the headlines and everybody's curious to see, oh, is this going to be better than ChatGPT or Gemini or one of the other tools that I'm already leveraging, Then potentially there could be misuse of data that could lead to either exposure of that data because it will become open source, or because it's not going to be protected capabilities or the right standards that the organization has. Or in case of these specifically Chinese tools, it could eventually end up in the hands of the Chinese government. At least what we've seen in terms of customers pretty concerned in terms of their risk there.

Dave Bittner (19:18)

Yeah. So what are your recommendations then? I mean, for the folks who are tasked with protecting their organizations, how should they approach this reality?

Yoni Shohed (19:28)

Yeah, what we've seen being very affected over the past couple of years with the rise of AI in general is that, first of all, you can't really stop it. So I think most organizations are past the point of saying, I'm not going to let anybody adopt AI, and we're going to use just the traditional tools because if you block it that aggressively, eventually employees will just find a workaround. What we've seen successful organizations implement is basically identify the approved and sanctioned capabilities and tools that they want to use for the different business requirements, whether if it's prompt questions, data analysis, recording analysis, transcriptions, whatever the purpose that the business is raising, that they need the specific tools, code analysis or code improvements that we see today is also a hot topic. And make sure that these sanction capabilities are highly accessible and that people know how to use them in the organization, know how to use them and how to adopt them when they need. And then instead of saying when a new tool comes out, saying, hey, this is not approved, don't use it. It's if the message is, hey, we have these alternatives that we already approved. This is not something you can use, but we want to redirect you to something else that could get the same purpose done. But it's already approved and governance sanctioned and therefore we have less concerns from a security perspective around it. Or it's more controlled in terms of the risk when we accepted it. And focusing on how to do something rather than how not to do something has been proven to be very effective, especially with the adoption of innovative tools by business users and business admins.

Dave Bittner (21:13)

That's Yoni Shohet from Valence Security.

Yoni Shohed (21:28)

Foreign.

Dave Bittner (21:33)

Secure access is crucial for US Public sector missions, ensuring that only authorized users can access certain systems, networks or data. Are your defenses ready? Cisco's security service Edge delivers comprehensive protection for your network and users. Experience the power of zero trust and secure your workforce wherever they are. Elevate your security Strategy by visiting Cisco.com Go SSE that's Cisco.com Go SSE and finally, our malicious jaywalking desk tells us that crosswalk buttons in cities like Seattle and Silicon Silicon Valley have been hijacked to play AI generated voices of tech billionaires like Jeff Bezos, Elon Musk, and Mark Zuckerberg. Instead of the usual robotic walk or wait, pedestrians were greeted with Bezos promoting Amazon prime or joking about billionaires moving to Florida if taxed. Classic parody wrapped in high tech mischief. The culprit? A mix of social commentary and shoddy security. The devices made by crosswalk hardware giant Polara are managed via a Bluetooth enabled app called the Polara Field Service app. It was publicly available and protected only by the worst password in tech 1234. Pranksters easily reprogram the devices to play custom AI generated audio. While some call it harmless fun, the stunt raises serious issues. Visually impaired pedestrians depend on those audio cues to cross safely. Swapping them for tech tycoon impersonations isn't just a laugh, it's a hazard. It also highlights the risks of default credentials in critical infrastructure. The app has since been pulled from app stores, but archived versions remain, meaning this could happen again. Municipal crews now face the tedious task of manually updating credentials on thousands of devices one intersection at a time. So let this be a friendly PSA Customizable Crosswalk Audio Great billionaire bedtime banter at intersections? Not so much. And for the love of pedestrians, change your default passwords. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapid, rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. And now a message from Black Cloak did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home? Blackcloak's award winning digital executive protection platform secures their personal devices, home networks and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one third of new members discover they've already been breached. Protect your executives and their families 247365 with BlackCloak. Learn more at BlackCloak IO.