UL NO. 416: Tracking AI Agent Activity, 400 SF Cameras, AI Sleeper Agents…

Benign AI's "Many Eyes", OpenAI's Pentagon partnership, AI voice scams, Zuckerberg all-in on AGI, and more…

Author

Daniel Miessler
January 22, 2024

Unsupervised Learning is a Security, AI, and Meaning-focused newsletter and podcast that looks at how best to thrive as humans. It combines original ideas and analysis to bring you not just the news—but why it matters, and how to respond.

TOC

INTRO

How are you?

Tons of stuff going on this week as plans for the year start to solidify.

  • A number of paid talks are starting to fill in, with the earliest in February and the latest so far in October. Absolutely love the combination of getting the ideas out there, getting to travel domestically and internationally, and getting paid for it!

  • I put out the bundle of loot for attendees of my AUGMENTED AI course on Friday.

  • I uploaded a ton to my still unannounced project, and activity on it is already going strong. Cannot wait to fully launch this thing!

🔥I have a buddy looking for a Security SE position. Remote, US-based. He’s a total and absolute gem. He’s one of my mentors and the best SE I’ve ever seen in any field. He not only learns any product instantly, but he deeply understands the tech, the customer problem, and sales, so he is insanely gifted at connecting what the customer needs to the product or service in question. Send me a quick note if you or someone you know is looking for a superstar SE. He will get snatched up quickly. EMAIL HIM DIRECTLY

Ok, let’s go…

MY WORK

A Conversation with Jason Kikta from Automox

In this sponsored episode of Unsupervised Learning, we talked to Jason Kikta. Jason is the CISO and Senior VP of Product at Automox, and our conversation covered: - Endpoint Management - IT and Security Overlap - Patching Strategies - Cloud-Based Solutions - Configuration Drift - Policy Articulation - Automation and AI - IT Operations Challenges - Future Product Features - and other topics.

omny.fm/shows/unsupervised-learning/a-conversation-with-jason-kikta-from-automox

Dark Visitors is a project that tracks AI agents doing various shenanigans on the internet and offering the ability to block them via robots.txt. HT to @securibee | by Dark Visitors | MORE

Super cool research on AI Sleeper Agents. Basically, agents that act cool normally but wait for a particular stimuli or moment to become vulnerable or take some other action. MORE | THE PAPER

From the paper (click for PDF)

💡You know how open source was supposed to provide “many eyes” and keep us safe? Well, benign AI agents will actually make that a reality. Auditing code. Crawling content for malware traps. Sending strange input to systems to try to trigger sleeper behavior, etc. The solution to malicious AI is, unfortunately, going to be benign AI tasked with finding it.

OpenAI is now partnering with the Pentagon for some projects, reversing its stance on military use of its AI. They are working on ‘a number of projects including cybersecurity capabilities’ (Bloomberg), but they’re maintaining their ‘no-weapons development’ policy. MORE | MORE

Sponsor

2024 State of IT Operations Report

We surveyed 500 U.S.-based IT professionals to dig into where the biggest efficiency challenges are for ITOps teams in 2024. We learned how generative AI and workflow automation tools increase IT agility, reduce costs, and enhance teams’ ability to simplify IT management. Download the report now to see what’s working for high-agility ITOps teams, where low-agility teams are struggling, and how your team stacks up.

Scammers are now using AI to fake the voices of relatives in emergency scams, tricking people into acting fast without adequate time to scrutinize. The FBI has logged over 195 complaints about these "grandparent scams," with victims losing nearly $1.9 million from January to September 2023. Tell your loved ones about these! MORE

China has been getting Nvidia chips despite a US ban that was meant to stop that from happening. They’ve been going through smaller suppliers, circumventing restrictions imposed in 2022 and 2023. MORE

San Francisco is going heavy on surveillance, evidently. They just installed 400 license plate readers across the city as part of the Flock Safety camera system. The police chief says it will help track down criminals, citing that 70% of crimes involve vehicles. I’m honestly for this kind of thing, despite the fact that it’ll have downsides. I just want there to be proper use and oversight. MORE

Advisories

🚨Ivanti Directive Issued — U.S. federal agencies have been ordered to patch a critical Ivanti software vulnerability. | CRITICAL | MORE

⚠️ Cybercriminals are exploiting TeamViewer to launch ransomware attacks by leveraging leaked LockBit builder tools. Huntress Labs' analysis of compromised endpoints revealed that attackers gained access through TeamViewer, attempting to deploy ransomware via a DOS batch file. MORE

Incidents

⚠️ UK Councils Cyberattack — Three UK councils are grappling with a cyber incident that's knocked public systems offline. | SEVERITY: HIGH | RESPONSE: Systems isolated, no customer data breach found yet. MORE

🚨 Chinese Espionage Campaign — Chinese hackers have been exploiting a VMware vulnerability for two years undetected. | CRITICAL | CVE-2023-34048 MORE

Vulnerabilities

🪳 GitHub Key Rotation — GitHub just rotated critical keys due to a high-severity vulnerability that exposed credentials. | HIGH | CVE-2024-0200 | CVSS Score: 7.2 MORE

🪳 Critical Vulnerabilities Patched — VMware and Atlassian have released patches for newly disclosed critical vulnerabilities. | CRITICAL | CVE-2023-22527, CVE-2023-34063 | CVSS Scores: 10, 9.9 MORE

TECHNOLOGY

A recent study by Boston Consulting Group shows that consultants using ChatGPT-4 significantly outperformed their AI-less peers in various tasks. The experiment involved 758 consultants and found that those using AI completed 12.2% more tasks, did so 25.1% faster, and produced 40% higher quality results. MORE

💡These are beginner numbers because this is all just starting. I think the big change in hiring in tech—and companies in general—starting in the next 2-5 years will be letting go of the bottom 75% of performers (or just not rehiring them after attrition), and competing for the top 25%.

And within that group, the competition will be fierce for the top 1-10% who are gods with AI. Why? Because when they’re augmented by even just Copilot or ChatGPT they’ll be superhuman. But as agent frameworks start to take over, they won’t be a Human + AI pair. They’ll be a Human + AI Team pair. And that AI team might be hundreds or thousands of people behind a single person.

In other words, the competition for jobs, starting in the next few years will be against a top 10% performer who’s backed by a farm of AI Agents, which gives them the output of 10-1000X that of a non-augmented, normal employee. It’s no competition. And this is who companies will still be hiring. Everyone else, moving along the scale of competence over time, will be increasingly unemployable.

Thousands of AI Authors on the Future of AI. Super cool project that surveyed thousands of published authors on what they thought was coming in AI, and when. I think they were far too conservative, which I think is due to their academic bias. In other words, they seem too safe and sane to creatively imagine how fast this stuff could actually move. Which is also why so many academics were blindsided by November 2022. Still, I think the paper set up the questions pretty well, and it’s still interesting to see that many opinions in one place. MORE

From the paper (click for PDF)

💡The hardcore academic “ML” types are the people I’ve seen be the most wrong about AI and where it’s going. At least in my opinion; jury’s still out of course. The problem is the disconnect between the culture of academia and the insanity that is GenAI. Academics are high in rigor and caution, which is awesome for some things, but it’s a hindrance if you’re trying to think big and crazy. And big and crazy is what’s needed to play in the current game.

My recommendation is to think carefully about where you are, and where the people you follow are, on the scale of Creativity←→Rigor.

Don’t listen much to people who are like “AGI is 10+ years away, if ever.” Or, “What we have isn’t even real AI.” Or, “You can’t trust AI because it literally just makes stuff up.” People saying such things in an absolute sort of way are likely to either be low in OCEAN Openness and/or an academic.

Don’t bring math to a poetry contest, and don’t bring pessimism to an art contest.

Mark Zuckerberg has pivoted again. He was all about metaverse, and then he kind of went the AR way with Lex on his podcast, and now he’s all in on open-sourced AGI. He’s doing a massive acquisition of Nvidia's H100 GPUs, expecting to own over 340,000 by year's end. 2024 is going to be ridiculous. MORE

Google's Circle to Search simplifies finding info on your phone by letting you circle an item on-screen to instantly search for it. Can’t wait for Apple and everyone else to copy this. Super cool. MORE

Shining black light in public places (FAR-UV) could help prevent the spread of airborne diseases, potentially reducing the likelihood and impact of pandemics. Studies show that far-UV light can kill 99.9% of coronaviruses and other pathogens in the air, offering a passive defense against a wide range of respiratory viruses. MORE

Wenquai slashed their AI costs dramatically by optimizing Mixtral with GPT-4. They managed to reduce their daily AI expenses from a steep $100 to less than a dollar. MORE

Apple finally passed Samsung in global smartphone sales last year. Despite a general market decline, Apple's shipments rose by 3.7 percent, while Samsung's dropped significantly by over 13 percent, contributing to Apple's lead. This is my surprised face. MORE

HUMANS

The FDA just cleared DermaSensor, the first AI device that can detect all major skin cancers, aiming to improve early diagnosis. The device, which uses elastic scattering spectroscopy to analyze skin lesions, showed a 96% true positive rate for detecting skin cancers in a clinical trial. MORE

The self-checkout trend is hitting a wall as stores like Walmart and Target scale back or ditch the machines after facing increased theft and higher labor costs. Dollar General's CEO admitted they've over-relied on the tech, and now plan to boost staff numbers at checkouts. MORE

💡I find it fascinating how sometimes tech and various movements try to jump too far ahead, too quickly, and then get pulled back. Sometimes only for a second, and sometimes for a long time. Work from home. Self-checkout. AI?

South Korea just rolled out a new visa for digital nomads, aiming to attract remote workers and boost its economy. The visa allows foreign residents to stay for up to two years, provided they earn over $65,860 annually and have comprehensive health insurance. MORE

Germany is doing something similar. They made it easier to get citizenship, aiming to attract global talent to fill job shortages. The new law reduces the residency requirement for naturalization from eight to five years and opens dual citizenship to all, not just EU and Swiss nationals. MORE

IDEAS & ANALYSIS

Everyone Should be a Thinker
One of my core beliefs is that it’s a stain on humanity that only certain people are considered to have thoughts worth sharing. I know this is just because we’re a young species, and it takes time to advance as creatures, and as a civilization. I get that. But it’s weird how civilizational retardation like this is considered normal while you’re living in it.

If you ask the average person what they think about the most important things in the world, like how to self-govern, free will, moral responsibility, the nature of reality, etc., they’ll blush and smile and make some sort of self-deprecating gesture. “That’s for the smart people to think about.” They think it’s for special people, like public intellectuals, people who write books or go on TV. It’s a travesty.

Human civilization will reach some modicum of advancement when it’s expected that every human on the planet is educated and empowered enough to not only have their own thoughts, but to believe those thoughts to be worthy of sharing. The fact that the percentage of people who believe that today is likely some obscene fraction of 1% should embarrass us all.

NOTES

I’ll be camping for the Apple Vision Pro at the Burlingame store on February 1st. I normally camp in the summer, so February will be a different experience for sure. If you’re insane like me, come say what’s up.

Loving this Classical album, Pamart: PLANET GOLD, and I’m sadly not much of a Classical person. MORE

DISCOVERY

🔥Moving from a Knowledge Economy to an Allocation Economy. MORE

You won’t be judged on how much you know, but instead on how well you can allocate and manage the resources to get work done. 

Dan Shipper

🛠️Galah: an LLM-powered web honeypot using the OpenAI API | by Adel Karimi | MORE

🐞 Pfuzz — A Unix-style web fuzzer for finding security vulnerabilities. | MORE

🛠️ LAST - Scans code for security issues using OpenAI from the command line. | by Latio Tech | MORE

🔍 aifs — An AI filesystem tool for easy local semantic search. | by KillianLucas | MORE

Culture Change at Google (The Employee Isn’t First Anymore) MORE

Navigating American healthcare might not require insurance, as paying cash can sometimes be cheaper and more flexible. MORE

How People Left Twitter, and How It’s Going MORE

Powerful DALLE-3 Art Prompts MORE

Midjourney V6 Caricatures | by Allen T | MORE

🛠️ TweetFeed's return for the latest Indicators of Compromise shared by the infosec community by Daniel López | MORE

A Search for More ChatGPT/GOT-3.5/GPT-4 “Unspeakable” Glitch Tokens by MORE

Top Hacker News Books of 2023 MORE

RECOMMENDATION OF THE WEEK

Here’s a cool heuristic for gauging your own happiness.

Pay close attention to how the success of your friends makes you feel. Not intellectually, but viscerally. Immediately. Within 1 second of seeing evidence that they’re crushing it.

If it makes you smile uncontrollably, fist pump, and want to text them and hype them up, that means you’re healthy. Congrats.

If it stings, gives you a sinking feeling, or makes you angry…I recommend you talk to a therapist. This will destroy not just your relationships, but your life in general. It’s actual poison.

APHORISM OF THE WEEK

The language of friendship is not words, but meanings.

Henry David Thoreau

Thank you for reading.

UL is a personal and strange combination of security, tech, AI, and lots of deeply human content. And because it’s so diverse, it’s harder for it to go as viral as something more niche.

So if you know someone weird like us, please share it with them. 🫶 

Yours,