A (3:02)

So give some of the examples because I thought some of the examples that we included in the story were really, really interesting from the standpoint of how this would look if somebody was actually trying to pull off a scam.

B (3:13)

So, so one area that we know that we're seeing a lot of AI being used is in the job screening and job candidate screening and hiring process. And so they, the slick researchers essentially created, you know, sort of a test job test resumes for a bunch of different candidates that were all sort of plausible and realistic. There was one candidate, Natalie Carter, who had her website, she had sort of the weakest on paper qualifications. And when, when the Atlas browser was evaluating their her jobs against the other four candidates, she had got the lowest score. When she delivered a separate message to the AI crawler that had a lot of inflated qualifications, that test wound up rating her the highest by far. And so she kind of sailed through the screening process. That's just kind of one example where you can see this very obvious use increasing use of AI agents subject to this kind of manipulation.

A (4:14)

So the thing is, so I believe that Atlas, which is the OpenAI browser, is built on top of Chromium, which is the engine that the open source engine that Chrome releases for browsers. But I know that Chrome has protections built into this or Google has done some work to stop this prior to AI agents being built into the browser. Right. Like this is something that had been solved pre LLM.

B (4:44)

Yes, this is not an old problem. And sort of one of the things that was pointed out is that this was a problem that Google had with people gaming SEO in ways to show different and scam people and things like that. And it was a very simple means of blocking that. And I think that is kind of one of the surprises that the researchers had when I talked to them is that, you know, this is really something that would seem relatively straightforward to block. But we're not seeing anything and we're not seeing anything in OpenAI's terms of service that seems to specifically disallow that. I did reach out to OpenAI to ask that, ask about that myself and I did not get a response. So that, you know, their view is that there does not seem to be anything in OpenAI's guardrails or their terms of service that, that prevents this kind of behavior.

A (5:31)

So on top of that, Splix was not the only company that was busy poking and prodding. I know that you also looked at a company, Layer X, Layer X also dug in these browsers and found some more interesting stuff.

B (5:44)

Yeah, so essentially they found that when a user is, is, is already logged in and authenticated through ChatGPT that they could essentially piggyback off of that authentication to implant corrupted instructions and hidden instructions to the LLM that would persist in its deep memory. So it would, it would be something that the, the LLM would, would remember. And, and it's just going back to this, this really core problem, which is that these, these LLMs do what they are told. And if you're a, if you're, if they're getting malicious instructions, they're going to do malicious things. And it's one of the things that makes it kind of really questionable. There was also a tremendous amount of permissions that ATLAS has to have to every aspect of your system, which is something that Meredith Whitaker from Signal has warned about with these agents that they just have to have so much access to and they kind of, they just do what they're told that it's, it's a tremendous risk in some respects if there's not a baseline protections put in.

A (6:48)

So that's, and it just, I, I, I think about, when you say that, I think about the term that we hear a lot when it comes to, you know, financially motivated actors or just threat actors in general, lowering the bar to entry. Like it's, it's one thing if you have a malicious actor that is changing code or turning code off or like actually like breaking in to the code base or like something technical that needs to happen here. Whereas this, it's just, I'm just going to type the ignore all directions, ignore all pride directions and do this, which is, you don't need to be technically adept in order to do that.

B (7:26)

Well, and the word is out that, you know that this is what AI systems are doing when they're calling out to the Internet. This is, it's so easy to seed things now. You don't even have to, you don't have to hack anybody. That's that that's sort of what this shows, that nobody's getting hacked. In this example that Splix is showing, it's just the Website Understanding how LLMs retrieve things from the Internet and how they hone in on specific keywords and then exploiting that and telling the machine to do things that it wouldn't otherwise do. So that's just one of the things we always have to be aware of as these technologies get more and more embedded into our everyday processes.

A (8:03)

Right. Yes. It's a spin on the. It's not a bug, it's a feature. This stuff is working the way it is intended to on a technical level, but the outputs are not what's intended, I would imagine.

C (8:18)

Yeah.

B (8:18)

And it's the wild west out there. You know, it's, it's, it's. Nobody's out there policing, you know, if anyone's seeding, you know, the Internet with, with stuff that's meant to mess with LLMs, there's no, there's no process in place to, to handle that. And so it's something we have to think about.

C (8:31)

Right.

A (8:32)

Well, the bullet train of AI keeps barreling down the tracks, and I'm sure we'll hear about more research as more and more browsers continue to throw AI agents on top of them. And I know you'll be on top of it for cyberscoop readers and Safe Mode listeners.

B (8:47)

Will do.

A (8:48)

Thank you.

C (8:48)

Thanks.

A (8:49)

Our interview segment this week, we're talking with Betsy Cooper, the founding director of Aspen's Policy Academy. And look, even though so much of cybersecurity is technical, we all know somebody that's been affected, whether it's through a scam, a data breach, city or state system that has been locked up due to threat actors. And it really does affect everybody. But, you know, in order to talk about this because it can be so technical, it can be a challenge. So Aspen's Policy Academy and Betsy have put together a cyber civic engagement plan that helps citizens talk about cybersecurity at the municipal level and really raise grassroots efforts to take multifactor authentication or other technical cybersecurity issues and talk about it at a civic level. Check it out. All right, and joining us on this week's interview segment for Safe Mode is Betsy Cooper, the founding director of Aspen Institute's Policy Academy. Betsy, really appreciate you hopping aboard.

C (10:00)

So excited to be here and chat with you today.

A (10:03)

So recently you unveiled a new, I don't, I don't know if you would necessarily call it product, let's say program that is looking at developing cybersecurity alongside, like civics almost. I would love to hear more about that and give an interview of this cyber civic engagement program and how it's structured.

C (10:26)

Awesome. Happy to share. And I literally just finished teaching the first segment, so it is very top of the mind. So cyber civic engagement is all about getting ordinary people in their communities to advocate for stronger cybersecurity change. So whether you're a subject matter expert who works in cybersecurity in your day job, or you're somebody who's recently been scammed or had a family member who's been scammed, my nanny was scammed. I've got plenty of family members who have been. So we're all living in this moment in which we're seeing the real world effects of poor cybersecurity. And yet cybersecurity is a collective action problem. And so people aren't really taking it seriously at the government level. And we need to get people in their communities across the country and beyond starting to try to fix that. So this program is really designed to help both give people some basic tips for things that you might want to ask your governments to do better and then equally importantly, teaching you how to go out and do that. So. So teaching you things like how to tell a story or how to make sure to give a recommendation, how to figure out what government office you want to approach in the first place, whether you should write someone or whether you should do a phone call or actually try to meet them in person. So we're trying to combine how do you actually get out there and talk to people and how do you do that in a way that will help make cybersecurity stronger for everyone?

A (11:49)

That's so interesting. It's a different spin on what you usually hear when you're talking to people that operate outside of the cybersecurity industry. Like you said, like you talk to your nanny that has been scammed or I've had people that have come to me as well have been like, well, what's going on here with, with this thing or that thing? Or like the text messages that we get that look like turnpike toll scams. I mean, it's not every. A lot of people do not have the knowledge of what goes into making sound judgments when it comes to cybersecurity. So I'm, I'm interested to know more of the mindset around how you combine. What would you say, like that technical know how, but combined to reaching out to the people that should have the technical know how, at least on the policy side, on the government side, because I haven't heard anybody ever talk about that. Oh, well, okay. If you are interested in figuring out how to better yourself and avoid scams or just be better at cybersecurity, you can actually turn to somebody in the either state and local government, federal government, somewhere along the government lines, there is somebody that knows what you're talking about. So I'm wondering how that sort of coalesced in your mind and the Aspen Institute's mind on. No, let's try to get the people that know nothing in. Not know nothing, but are limited in their cybersecurity knowledge, I guess I should say, in front of the policy people so they can have that conversation.

C (13:07)

Yeah, I mean, I think there's a difference between technical knowledge and knowledge of how this affects real people. And frankly, policymakers are more likely to respond to stories than they are to the technical knowledge in most cases. So if you take two people, one who goes in and starts talking about the details of vulnerability disclosure programs and bug bounty programs and starting to use a bunch of jargon about MFA and blah, blah, blah, the policymaker's probably going to go to sleep or be, you know, checking their phone. Right. If you go in and say, you know, my nanny was trying to get a Social Security card and she clicked on the first hit on Google and that took her to a scam website. She ended up paying $40, gave them a bunch of personal information and was never able to get her money back, that's going to get the policymaker's attention. So in our minds, I don't think the purpose of this here is necessarily like, have governments upskill ordinary people in their communities. It's actually the other way around. It's for ordinary people to tell communities why you should actually have multi factor authentication or why it's so unacceptable when a hack happens and a city's services are taken down for several days, as happened in St. Paul recently. You know, like, if people don't speak up about that, then governments aren't going to put this on their priority list. And so our goal is to give people the tools when they want to speak up to be able to do so more effectively.

A (14:33)

So how do these workshops work? Do you have people that are going out into the field? I use the field broadly because I don't know exactly what the institute is targeting. Or is this something where it's just like a program where you're doing outreach to other groups that then take the mantle and make sure that they can get the word out.

C (14:53)

Yeah. So it's sort of a phased approach. So we're starting right now with free and open to the public webinars. Anyone can join. We're hosting them monthly, so that's where we're starting. And we've already gotten, you know, close to 20,000 people aware of the program and starting to learn about it and engage. And so that's a great start. Then we would like to partner with organizations. So you can imagine organizations working with seniors or organizations working with veterans. Like groups that are more likely to be vulnerable to basic scams. Like those would be wonderful people to be able to learn to advocate. So we're starting to build those partnerships now. And then you can think about the program as a funnel. So if you're somebody who takes the webinar and you're really interested and want to do more and actually launch a project, if you make it to the end, you can fill out our feedback form and be entered in a contest for, for one on one coaching from our staff to actually help you with your policy project. And we're probably going to host some workshops later, you know, after the first few rounds to give people more of that coaching experience as well. And then eventually for the really passionate, we're going to do train the trainer workshops where we actually teach them to, to teach our materials so that they could go out and take these webinars out beyond. So it's not going to be just us teaching it. Hopefully we'll get some really excited people that we'll be able to bring on board to do more of that work as well. So the idea is you start with sort of the simplest type of training. You get passion, you bring in people with interesting stories and opportunities and you build from there.

A (16:26)

So how does the one on one policy coaching component work? And have you seen any results so far or what do you hope the results are from that?

C (16:35)

Yeah, so we've only today was the first public event. So until after.

A (16:42)

So future, future results coming.

C (16:44)

Future results. We did do a pilot session and so we did do a handful of one on one coaching opportunities. And in our programs more broadly, we do this all the time. So for instance, we've worked with individuals who have gone on to change the way older adults report being scammed. We've helped individuals at the Department of Defense change the department's Bug Bounty program. So we have a long history of doing this sort of coaching. And the way it normally works is we really work with someone to make sure they have a clearly defined problem, a specific solution and then we help them build the deliverables, whether that's practicing a verbal briefing or writing a memo or prepping for a meeting to help them be confident in going to make that ask of governments. And then we ask them to tell us how it goes. So we've got lots of past success stories in the cyberspace and we're really excited to see what comes out of this type of coaching once, once we get it rolling in the weeks to come.

A (17:40)

So with that coaching and all of the focus on policy advocacy, if somebody is looking to get into this, what's the most important first step that they can take to protecting their community online?

C (17:53)

I mean, the most important first step is to want to stand up in the first place. So I think a lot of us, you know, you can take some of, you know, my family and friends who have been scammed, you just sort of take it as, that's the cost of living in today's society. And I wish that weren't the case. I wish it were more that we were ready to stand up and to say something about these topics. So, so just by attending one of our webinars or reaching out to your community and sending them a note about this, you're already making a difference. Even if you don't feel like you're an expert and know exactly what to do, you can still make a huge difference just by like getting this on somebody's radar, that it's important. You don't have to be perfect, do that. So that's the first tip. But then going beyond that, some of the things that I would share would be be really clear upfront with what you want them to do. So first have a bottom line and say it in your first or second sentence rather than in your last sentence. I don't know if you've attended local community meetings, but at our community meetings, people get three minutes and usually they spend two and a half to 2:45 of those minutes, like talking about the big problem and getting set up. And then the 10 second bell rings and then like, I really want you to institute multi factor authentication in our community, saying, right, what if you began with, you know, I use our local garbage platform and it's accepting really insecure passwords, even though I have to give a lot of personal information. Please install multifactor authentication on this platform. Now somebody's getting to the topic. And then you can go into why multi factor is so important and all the other details. But you're getting to the topic as to why it's so important in the first place. And I think that's, you know, that's really going to help people. A second tip is tell your story. So, you know, when we started talking, I talked about my nanny. I've talked about family members who have experienced things like, make it personal. Talk about why this matters to you. You're probably not going to stand up and tell your city council you care about cybersecurity unless it matters to you in some meaningful way. So tell the story of how you've been scammed. Tell the story of how you've, your father, you know, was clicking on the wrong type of website and ended up paying thousands of dollars to somebody. Like, those are the things that are going to tug at the heartstrings and make people understand why it's so important and then make a clear recommendation. So a lot of times we get up and we tell government officials, I really hate what you're doing. But we don't actually tell them what we want them to do instead.

A (20:14)

Right.

C (20:15)

So, you know, like, it is far more effective to say, I think that we need to have a more secure platform, you know, for, you know, submitting our payment information than it is to just say, we need stronger cybersecurity or even, I don't like what you're doing on cybersecurity. And so that's where a little bit of education really matters. But I think the, you know, so teaching people why it's important to have strong passwords or why it's important, you know, not to use public WI fi or to make that available, like. But then once you know that information, you can ask your city to do the same thing. So why don't we install a password on our public WI fi so that at our libraries, only community members can use it and we won't have as much likelihood of getting scammed. Like, so it doesn't take a ton of knowledge to enable you to identify difficulties or at a minimum, just to stand up and say, I care about cybersecurity and I want you to take it more seriously. Even that can matter, too.

A (21:12)

So I know that it's not just the institute that is doing this work. You've partnered with some really interesting people. Can you talk to me about the role that the Take 9 campaign is playing and why, how they really help bring this to a national audience that can be used coast to coast?

C (21:30)

Totally. So the Take 9 campaign, for those who aren't familiar, is an initiative launched by Craig Newmark and run by Aspen Digital with a number of partners that really focuses on helping people pause, take nine seconds before they do something that might cause them harm in the cyberspace. So clicking on that link for that Social Security page and then gives a bunch of the tips that I've already mentioned, like using multifactor authentication, strong passwords, not using public wi fi, etc. So first in our training programs, we introduce a bunch of those tips as things people should do for themselves and then we translate them to governments and, and to what governments should be seeking to do. And in our mind, that's two things. One, governments should be taking the same precautions we are. So if you're being asked for a really short password on a government website, we should ask the government to make that password stronger. And then second, governments should be enforcing to try to discourage scammers and make it less easy for scammers to do this work. So when my nanny got scammed, of course she went to Google, googled Social Security card and got a scam website as the first hit. Why is that okay? Why do we think that's acceptable? So we need to be working, you know, from the community level up to the federal level, trying to make sure that people know it's not okay that the first thing we click on is a total scam and we pay the penalty and the scammers and the company that gave us that information don't. So, so those are two things that I think governments should really be working on to do so with Take nine. Then they are also helping us advertise the program so that we don't just reach people who are already interested in policy academy work, we reach people more broadly. So, so that we can get to people. You know, they've run billboard campaigns and they've run, you know, ads in subways. And we hope that by funneling people to Take Nine, those people, the most highly engaged, excited, the ones that want to know, what more can I do? We'll be able to then build on that and do more through programs like ours. So, so hopefully we're just beginning and growing that partnership.

A (23:36)

So where is the technology sweet spot here? Because like you just said, I doubt you're going to see this program spur people to get in front of, you know, community or state organizations and argue about a vulnerability disclosure program or say, I think it's really important that we don't, you know, hard code our AWS keys in, in cloud instances or something like that.

C (23:59)

Probably not.

A (23:59)

So I, I'm just, while that is important, I mean, this sounds like there is a novice level to this But I'm wondering if you've talked about or if you found the sweet spot of like where is the technological level that we can speak to and really make a difference without overwhelming people's technological acumen.

C (24:19)

Yeah. So I think it can be both. So if you're a cybersecurity expert listening to this podcast and you want to talk about a vulnerability disclosure program in your community, I think the same tips that we're giving to ordinary people would apply. And that sounds like a great one on one coaching opportunity. So come, come join one of our programs. But the average person to scale this will not have that technical expertise. And so we are definitely targeting sort of Cybersecurity 101 level tips. And that's why the Pause Take 9 partnership is so valuable because they're providing those tips. So I think passwords are one of the key spaces to think about. I also think that post incident when people have experienced real harm from a hack, as they did in St. Paul, any of anyone in St. Paul out there, come talk to me, would love to get involved in helping your community talk about recovery. But so those are sort of like, you know, it's either low hanging fruit, like stuff that is kind of blatantly obvious, like the password you're able to put 1, 2, 3, 4 and is your password, or you've experienced something in your community and you're talking less about a specific technology failure than you are about how not having strong cybersecurity affect your life. Those are I think the sweet spots where we can really start to build momentum. And then a subset of people, let's talk about vulnerability disclosure. But for most people it's going to be about, hey, I didn't get my food stamps because the city platform was down for a week and so I wasn't able to access food that is going to get people's attention.

A (25:52)

So I'm wondering, like you said this, this has just started, but how do you look at the program expanding or adapting as new technologies come online? Like whether or not even just new technologies come online, but as new technologies get adopted by more and more people that they understand how they work and how they impact their lives, but aren't necessarily something that you've thought about at, at this point, I'm wondering how that works. Technology is always changing and the conversations that we are going to have day to day in our communities are going to change three, five years down the road. So I'm wondering how do you adapt to the new technologies that, that come into the mainstream?

C (26:37)

Yeah, I mean, the one I'm thinking most about is of course AI and how AI is going to affect phishing scams in particular. So if you take like what most people have done as their basic cybersecurity training when they go into their job, it's like you get a sample email with a bunch of typos and weird links and, you know, not really in native speaking English. And that's the sign of a phishing scam. Well, guess what, with AI, they can make an absolutely perfect looking email that actually offers you something that you want. And I've seen examples recently where for instance, phishing scams have personalized to each individual person an organization that they think that you might want to join and then they offer to set up a relationship for you or something like that. Like that's going to make it even harder for us to identify those sorts of things. So I think, you know, the tips will change. Like the individual tips that we give to people. I think pausing and Take nine still applies there, but we're going to be looking for different things when we're pausing in an age of AI scams. And it's going to be harder to, to see the technological visual things. You're going to instead have to just think, why would a random person be reaching out about my being a member of a Harvard University affiliates program? Why wouldn't it be someone with a Harvard email address? You know, like those are the sorts of things that we're going to have to be prepared for. And so I think we're going to change our tips to accommodate those as the way phishing scams look change. So will our tips. And I also think that we're going to encourage people to really stand up and talk about the cybersecurity effects of those technologies. Like AI can do wonderful things in many phases of our lives, but if it leads the Internet to entirely break down because nobody can know whether anything is real in the cybersecurity space, then we're not going to be able to, you know, actually conduct business or learn things in that space. So, so I definitely think we're going to have to take into account those technologies as well. We build out the program.

A (28:41)

So if somebody's interested in finding out more information, where do they find it?

C (28:45)

Send them to aspen policy academy.org so again, that's aspen policy academy.org it's right on the homepage. You can also sign up for any number of webinars and programs. So in addition to this, we run regular programs both for cybersecurity professionals and more broadly, how to write an op ed, how to communicate for policy, how to submit a public comment so you can sign up for our baseball program on cyber civic engagement or get even more involved as you go.

A (29:12)

Great Betsy. Really interesting program and really appreciate you hopping aboard to discuss it with us.

C (29:18)

Thanks so much Greg. Great to chat with you.

A (29:20)

Thank you. Thanks for listening to Safe Mode, a weekly podcast on cyber security and digital privacy, brought to you by cyberscoop. If you enjoyed this episode, please leave a rating and a review and share it with your friends, your co workers, your CISOs, your sysadmins, your mom, your dad, anybody that wants to know more about cyber security. To find out more information or to contact me, please look for all of our social media handles or visit cyberscoop.com thanks for listening. Check us out next week.