UL NO. 405: My AI Bill Deep-Dive, AI Poisoning, an IR Prep Checklist, and Discovery++

Unsupervised Learning
is a Security, AI, and Meaning-focused podcast that looks at how best to
thrive as humans in a post-AI world. It combines original ideas, analysis,
and mental models to bring not just the news—but why it matters, and how
to respond.

Greetings!

Sorry for the delay this week; I was traveling to SoCal to give a talk, and
have caught something like a cold. But I’m back to 90% I think.

Lots of big news this week. Let’s jump in.

MY WORK

Upon the threat of near violence from readers, I’ve released the web version
of my tutorial for setting up ChatGPT as a voice assistant using Scarlett
Johansson or TARS’s voice from the movies.
READ THE TUTORIAL

An ExtWis summary of a brilliant conversation between David Perell and Riva
Tez about free-thinking, reading habits, and going against conventional
wisdom.
MORE

SECURITY NEWS

Couple of big stories this week…

Biden released his executive order on AI, and here are the main points and my first impressions:

• The primary vibe is twofold: ensuring safety (which they purposely
  mention first), and then maintaining US dominance in AI. It’s very clear
  that they wanted to put safety first

• They break it down further as focusing on safety and security, privacy,
  equity and civil rights, consumers and workers, innovation and
  competition, and advances American leadership

Here are my manual extractions of what all it covered:

1. Require companies to share safety info with the government

2. Require companies to develop safety systems internally

3. Keep AI from developing bioweapons (interesting that they called this
   out specifically)

4. Protect against deepfakes, basically, and provide standards for
   detecting them

5. Using AI to find and fix infrastructure vulnerabilities (love it)

6. Protect Americans’ privacy

7. Prevent landlords from using AI to discriminate

8. Address algorithmic discrimination

9. Use AI to create life-saving drugs

10. Use AI to advance education for all

11. Look into addressing job displacement concerns

12. Produce a report on AI’s impact on the labor market

13. Accelerate AI research through shared data resources

14. Help the little companies compete with the big companies in AI

15. Allow AI-specialized immigrants to stay in the country and work on
    AI

16. Expand international collaboration on AI (they mention the UK)

17. Help develop international standards

18. Help address global challenges using AI (climate change I’m sure)

19. Issue guidance on how the government will use AI internally

20. Help government agencies acquire AI tech

21. Accelerate the hiring of AI professionals in government

Basically, the thing is massive and wide-scoped. I’m pretty happy with
it, honestly, but much of it is basically a plan for making plans, so all the quality
rests in the details of the line items. I am encouraged, however, because Biden seems pretty locked onto the
topic.

THE FULL ORDER

WHITE HOUSE FACT SHEET
|
ATLANTIC COUNCIL ANALYSIS

—

🔥👀 The SEC has charged SolarWinds and its CISO, Timothy Brown, with fraud
and internal control failures. They’re accused of lying about about the
company’s cybersecurity before a cyberattack by Russian hackers in 2019. MORE
|
SEC DOCUMENT

💡
On one hand I worry about the government overreaching and charging
security executives with crimes for not protecting customer data, when
it’s pretty much impossible to do that right now. But if you look at this
case, they’re not saying you can’t get hacked; they’re saying you can’t
outright lie or be negligent about your security state in a way that
puts businesses at risk. I like that. So the question is simply whether that happened or
not.

Basically, if this is true, then I agree with the SEC taking action.

From the SEC statement

In a surprise to absolutely nobody, US Immigration and Customs
Enforcement (ICE) has been using an AI tool to sift through social media posts of visa
applicants. The tool, Giant Oak Search Technology (GOST), assigns a score from
1-100 to determine the person’s risk level. Stop being surprised by this
kind of thing; the only question is how safe and fair this tech is, not
whether or not it’ll be used. MORE

Sponsor

AWS Security Checklist

Rampant cloud usage requires an advanced security playbook.

Wiz put together these AWS security best practices from leading cloud security orgs. Benchmark your strategy and improve your security posture across your AWS footprint with:

• Techniques to enforce least privilege across all identities
  

• How to limit uncontrolled exposure of sensitive assets

• Playbooks to extend protection of Kubernetes clusters (EKS)
  

• Plus critical recommendations by resource type (IAM, S3, Cloudtrail)

All of these advanced best practices for AWS are compiled in this
checklist.

Get the free cheat sheet here.

👉www.wiz.io/lp/aws-security-best-practices-cheat-sheet👈

Download Now

   

Google has added a new bug bounty program and a $10 million fund. The bounty
program is designed to reward researchers who find vulnerabilities in
generative AI, addressing concerns like potential bias, hallucinations, and
model manipulation.
MORE

Artists are fighting back against AI with Nightshade, a new tool that ‘poisons’ AI models
with corrupted training data. Developed by researchers at the University
of Chicago, Nightshade alters pixels in images in a way that’s invisible
to the human eye but confuses AI models. This means that an AI model
trained on these ‘poisoned’ images will learn incorrect information, for
instance, seeing a dog as a cat. MORE | MORE | MORE 

1Password announced their own incident related to the Okta security issue
that affected a bunch of customers. The suspicious activity was detected on
September 29 and was immediately terminated, with no compromise of user data
or other sensitive systems.
MORE | MORE |
MORE
|
MORE
|
MORE

Ex-NSA employee, Jareh Sebastian Dalke, has admitted to
trying to share classified defense information with Russia. Dalke,
who worked as an Information Systems Security Designer for the NSA, had
top-secret clearance and used an encrypted email account to transmit
excerpts of three classified documents to someone he believed was a Russian
agent. In reality, the person was an undercover FBI employee.
MORE

Vulnerabilities:

• Atlassian, the Australian software company, is urging admins to patch
  their Confluence instances immediately due to a critical security flaw
  that could lead to significant data loss. But rather than loss as in
  letting people see the data, it’s loss as in the data can be deleted. MORE

• Apple has recently pushed out a critical security patch for all iPhones
  and iPads used before September last year. These are becoming far too
  frequent for my taste.
  MORE

• Three unpatched bugs in the NGINX ingress controller are posing a
  serious threat to Kubernetes clusters. These vulnerabilities, known as
  CVE-2023-5043, CVE-2023-5044, and CVE-2022-4886, can be exploited to
  steal credentials and other secrets. MORE

• Cisco’s found another zero-day in its IOS XE, just as the number of
  hacked devices seems to be dropping. The vulnerability, tagged as
  CVE-2023-20198, lets remote attackers create high-privilege accounts on
  targeted Cisco devices.
  MORE

• Critical security flaws were found in the OAuth implementation of
  popular online platforms like Grammarly, Vidio, and Bukalapak. These
  flaws could have let bad guys get access tokens and potentially take
  over user accounts.
  MORE

• CISA has updated its guidance on two vulnerabilities, CVE-2023-20198 and
  CVE-2023-20273, affecting Cisco’s IOS XE Software Web UI.
  MORE 

• Citrix is strongly urging admins to immediately patch a critical
  information disclosure bug, CVE-2023-4966, affecting NetScaler ADC and
  NetScaler Gateway.
  MORE

• VMware has patched a critical vulnerability in its vCenter Server that
  could have allowed remote code execution on vulnerable servers.
  MORE

• F5 has patched a critical vulnerability in their BIG-IP configuration
  utility, which was allowing unauthenticated remote code execution.
  MORE

• ServiceNow has quietly fixed a flaw that was exposing sensitive data,
  after a security researcher published a method that allowed
  unauthenticated attackers to steal an organization’s files.
  MORE

CrowdStrike has released an Incident Response Executive Preparation
Checklist, a template designed to help organizations prepare their
executives for cyber incidents.
MORE

A Chinese ship is being blamed for the damage to a subsea gas pipeline
running between Finland and Estonia. The pipeline was damaged earlier this
month, and Finnish authorities are still unsure if the damage was
intentional or accidental.
MORE

Microsoft has profiled a native English-speaking threat actor known as Octo
Tempest, a group that specializes in data extortion and ransomware attacks.
Octo Tempest has been on the rise since early 2022, targeting organizations
in various sectors and partnering with the ALPHV/BlackCat ransomware group.
MORE

A T-Mobile employee in South Carolina is facing a lawsuit for allegedly
stealing and sharing nude photos from customers’ phones on the dark web.
MORE

Gmail is introducing new requirements for bulk senders, i.e., those who
send over 5,000 messages to Gmail addresses in a day. The changes, set to
be enforced by February 2024, will require these senders to authenticate
their emails, enable easy unsubscription, and ensure they’re not flooding
inboxes with unwanted messages. MORE

TECHNOLOGY NEWS

ChatGPT majorly upleveled last week with basically a Voltron upgrade. The
latest update allows users to analyze documents, browse the web, and
generate images using text prompts all in one session. Previously, users
had to toggle each feature on independently and could only use one at a
time. The fact that you can now uplodad PDFs and interact with them on
ChatGPT is going to take out hundreds of companies that were based on that
feature alone. MORE

💡
This whole thing with ChatGPT now doing PDFs reminds me of the adage,
“What happens when Facebook implements your company in a weekend?”. That’s
what we’re facing with so many AI companies right now. We essentially have
features that are companies. And guess what? When someone else does that
feature better, or in a trusted platform, you often no longer have a
company.

People need to be very careful with what they call a company vs. a
project, and also companies need to be careful what they’re building their
“AI Infrastructure” on. Is it a true platform? Or is it a cool idea with a
website?

This is insane AI for replacing cold callers and customer service people. It can hold a 10-40 minute phone call and sounds just like a human.
It’s got infinite memory, perfect recall, and can autonomously perform
tasks across more than 5,000 applications. The best (and worst) part? It
doesn’t need training, management, or motivation. It doesn’t get sick.
Doesn’t require benefits. It’s always on, working 24/7. Like it or not,
this is what’s coming for us as average workers. DEMO 

OpenAI is setting up a new team to protect against AI risks. They’re calling
it “Preparedness”, and its main job is to track, evaluate, and forecast any
catastrophic risks that might come from AI.
MORE

Senate Majority Leader, Chuck Schumer, warns that while the US is still
ahead of China in AI, the gap is rapidly closing. He urges for more
action, saying “If we don’t do anything, China’s going to get ahead of
us”. I’m so glad there are at least some people in the government thinking
this way. MORE

Google reportedly $18 billion a year to remain the default search engine on
Apple devices. This not only secures Google’s prime spot on Macs, iPads, and
iPhones, but also (practically) prevents Apple from building its own search
engine. I’m not sure who’s getting screwed here, or screwing themselves.
MORE

Elon Musk is pushing ahead with his plan to transform X into a bank,
predicting that X’s payment system will launch by the end of 2024. Along
with FSD, I hear. Musk envisions this system encompassing someone’s entire
financial life, stating, “If it involves money, it’ll be on our platform.
Money or securities or whatever. So it’s not just like ‘send $20 to my
friend.’ I’m talking about, like, you won’t need a bank account.”
MORE |
MORE
|
MORE

HUMAN NEWS

A quarter of all U.S. healthcare visits are now handled by non-physicians
like nurse practitioners or physician assistants. Think that’s bad? Wait
until the AI Agents roll out. It’ll be one of those people managing dozens
or hundreds of bots, basically certifying their advice. And then a lonely
doctor certifying a practice of multiple of those.
MORE

💡
Experts are about to become like tour guides. The real star is the advice
coming from AI, but the expert will be there to curate it, make sure it
makes sense to you, and that you understand it. Of course that’s just an
intermediary step. A couple of years after that, the AI will be so good
that the AI avatar will replace that trusted intermediate.

And if my prediction about Digital Assistants was correct back in 2016,
you won’t even have to ask a service soon. You’ll just tell your DA that
you feel sick, or sad, and it’ll do the queries for you to the appropriate
medical APIs. Even better, it’ll know you’re feeling down before you tell
it.

GlaxoSmithKline has a deal with 23andMe to access their (see your)
genetic data to develop new drugs and treatments. Inevitable. Also good
for science, but you know all the people who opted out are saying ITYS. MORE

The Pentagon has announced that around 900 US troops are being sent to
the Middle East to boost force protection capabilities in the region. This
comes in response to a rise in attacks on American and coalition forces,
with at least 12 attacks in Iraq and four in Syria since October 17. MORE

A Chinese fighter jet buzzed a U.S. B-52 bomber, coming within just 10 feet
in a nighttime maneuver over the South China Sea. The U.S. military released
a video of the encounter, highlighting the close call.
MORE

The little-known Nukhba Special Forces, which is an elite unit of Hamas,
launched an attack on Israel on October 7, 2023, marking the start of the
2023 Israel-Hamas war. The unit is made up of naval commandos who are known
for their expertise in underwater operations and use a range of
sophisticated weaponry, including underwater explosives and guided missiles.
MORE

Germany is set to overtake Japan and become the world’s third-largest
economy. The weak yen is a big part of the rankings change, but I’m
surprised this is happening even though Germany was hit so hard by the war
in Ukraine.
MORE
|
MORE

The International Energy Agency (IEA) is predicting for the first time that
global emissions will peak by 2025. They also see the demand for oil, gas,
and coal hitting its highest point by 2030.
MORE

Anti-Jewish and anti-LGBTQ hate crimes saw a serious uptick in 2022,
according to the latest FBI data. The number of anti-Jewish hate crimes
jumped 36% from the previous year, while anti-LGBTQ bias crimes rose by 19%.
MORE

IDEAS & ANALYSIS

(This is political; skip to NOTES if you want to pass on it)

I’m going to write a full essay on this, but I’ll give a brief preview here.
I think the war in Israel, and the way much of the Left in the West has
responded to it, has just created a new culture war.
Or, to be more precise, it’s actually encompassed and magnified all the
previous culture wars going back to 2014 or so, and turned it into a new
monster. We have massive protests that seem to be celebrating Hamas, not
just the Palestinians, many of which include violent slogans and signage,
and we don’t see widespread condemnation from the Left. So what’s happening
is polarization, with people in the West across the US, Europe, and
elsewhere picking sides.
And the sides are (generally and sloppily) pro-West and anti-West. 

Here are some very imprecise and perhaps flawed associations:

Anti-West

Pro-Islam

Pro-Palestine

Anti-Jewish

Anti-Israel

Anti-US

Pro-BLM

Pro-Critical-race-theory

Anti-business

Anti-rich

Anti-police

Pro-protest

Pro-violence to enact change (not everyone, obviously)

Narrative: Despite all its success, the West still today represents colonialism,
oppression, and is the reason so many people are suffering on the
planet.

Pro-West

Pro-Israel

Pro-business

Pro-police

Pro-Jewish

Pro-Judeo-Christian

Pro-order

Pro-discussion

Narrative: Despite its flaws, the West still represents the best place in the
world for people of all types to come and pursue happiness and success,
and it should be celebrated rather than torn down.

Those lists themselves aren’t what’s so important. And obviously not
everyone fits into one or the other, and there are actually many columns,
not just two.

But in a world where we’re often forced into X or Y, what’s crucial is how
different groups of people in the US are slotting into one side or the other
as we head into the 2024 election. Normally there wouldn’t just be two
sides. Normally people would resist being forced to pick one. But right now
isn’t normal. Right now the pressure is so high I think tons of people are
going to literally “pick a side”.

So here’s the question. How are most people in these groups going to go?

• Middle-America whites

• Hispanic immigrants

• West-coast Techie Types

• American Jews

• Asian Americans

• African Americans

• Asian-Indian-Americans

• Blue-collar workers

• The top 10% in income/wealth?

All this to say, I think a whole lot of Americans are going to go Pro-West,
and guess who’s about to become their new spokesperson for the next 13
months?

Trump.

I think this war in Israel, and the response we’ve seen to it, is about to
galvanize the Pro-West side massively by pulling tons of center and
left-center people to the Pro-West side, which will be lead by him.

This deeply troubles me, since I think a second Trump presidency is an
extraordinary risk to civilization. The West absolutely needs a champion
right now, but I really wish it weren’t going to be him.

This is what I see happening, though—basically the Islamacists (defined as
extremist theocrats, not the majority of peaceful Muslims), US academia, the
general group of “down with America” types, and tons of young idealistic
people who have no idea what they’re talking about, are going to get
increasingly vocal, and likely violent as well.

And the other side is going to say, “See!?!? This is the same thing as
before with BLM and such! And this is why crime is rising. And this is why
Israel was attacked! And the attacks in Paris! And this and that!” Etc. All
this complexity and contradiction will get collapsed down into
overly-simplified sides.

So it’ll be:

1. Trump (The Savior of The West according to his fans)

   vs.

2. Biden (the Fragile Beacon of Subtlety and Nuance)

Who do you think is going to win that?

Basically, we’re fucked. Not just in the culture war that’s about to ensue,
but in the fact that this might very well get Trump re-elected.

P.S.: Since I know you want to know, I’m on the Pro-West, Pro-Jewish/Israel/Palestine/Secular/Humanist, Anti-Trump side. Meaning, not cleanly in the
two columns as they’ll likely play out, but mostly Pro-West.

NOTES

Elgato is launching a new tool called Prompter that attaches to your
camera or webcam and sits on top of a small monitor. So you basically have
an extra monitor where you put your Zoom window, and behind it is the
camera! So you’re making real eye contact instead of looking down or away.
Pre-ordered. MORE

DISCOVERY

My Dad is an awesome life-long musician and he’s getting ready to release
new material. I’ve been trying to help him figure out how to handle his
branding and such, which is hard for him because he’d rather just make
music.

I really love
this song of his, especially the middle part about rejecting the call to cynicism.
Just a wonderful song, and I especially love playing it with him live. Just
me and him. Him on guitar and singing while I support on the drums. ❣️ 

Anyway, let me know what you all think!

Children of the Night

Check out one of my favorite songs by my Dad.

—

• ⚒️Anti-ChatGPT — A tool that uses AI to detect if you’re being
  manipulated or otherwise influenced. GITHUB 

• ⚒️ Scapy — Scapy, but in your browser MORE

• ⚒️ Puncia — An AI-powered tool for hunting subdomains and exploits. |
  by ARPSyndicate | GITHUB

• ⚒️VulnersAI — AI Scoring for Vulnerabilities MORE

• ⚒️Promptchainer — Create visual prompt chain models like Llama2, GPT
  3.5/4 and Claude with an API interface.
  Like Yahoo! Pipes but for AI prompts.
  MORE

• ⚒️Talently.ai —
  Talently.ai provides a customizable number of interviews per month,
  tailored to your specific needs. MORE

• ⚒️SlickGPT gives ChatGPT a Slack-like interface so it looks like you’re
  interacting in a workspace. MORE

• ⚒️MonsterAPI — Democratizing AI with No-Code Fine-Tuning MORE

• ⚒️Copycat — A Chrome extension that takes copying to a new level,
  offering enhanced capabilities like copying a tab title, link text,
  image as HTML or Markdown, and even a native video as HTML. | by BlackGlory | GITHUB

• ⚒️SyncLabs — Sync any video to any audio in any language — no training
  required.
  MORE 

Why Read Books When You Can Use Chatbots to Talk to Them Instead? MORE

Rob Henderson, a doctoral candidate in psychology at Cambridge, explores
the concept of “luxury beliefs” in his recent talk at Nudgestock. These
are ideas and opinions that confer status on the upper class, while often
inflicting costs on the lower classes. MORE

U.S. GDP growth has surprised experts by growing 4.9% in the third
quarter, which is higher than the 4.7% we were expecting. It was powered
by stronger than nomral consumer spending. MORE

The number of publicly traded companies in the US has halved since 1996,
from 8,000 to less than 4,000. Why? In large part, due to the
private-equity industry. MORE

Heated Yoga as Depression Treatment MORE

Browser as Autobiography MORE

Grammarly can now write in your customized style. MORE 

Researchers found that people who incorporated elements of the hero’s
journey into their personal narratives reported more meaning in life, more
flourishing, and less depression. MORE 

MKBHD does a nice look at VR headsets vs. smart glasses. Worth a watch for
sure if you’re into AR/VR at all.
MORE

Revolutionizing User Surveys with GPT-4 MORE

Return To Office is all about power MORE

RECOMMENDATION OF THE WEEK

Other than voting, consider doing something drastic for the next 13 months.

Ignore political news and social media, and spend this next year
deep-diving into the list of classic books that you were always supposed
to read but never got a chance to.

100 Must-Read Classics

They broke boundaries and challenged conceptions. We asked you for your
must-read classics; from iconic bestsellers to lesser-known gems, these are
your essential recommendations.

www.penguin.co.uk/articles/2022/05/100-must-read-classic-books

If you are lucky enough to live in a place where the conflicts are not
directly threatening you, literally disconnect from the Zeitgeist (something
I heard from Riva Tal in her David Perell interview), and focus elsewhere.
It’ll lower your blood pressure and make you a nicer person.

Just an idea. I’m going to do this as much as possible myself, although
running this newsletter requires me to dip my foot in every week regardless.

APHORISM OF THE WEEK

❝  

You can safely assume you’ve created God in your own image when it turns
out he hates the same people you do.

  Anne Lamott  

Thank you for reading! And if you know someone who’d like UL, please share
it with them below!

Share UL with someone…

Best,