UL NO. 458: Ollama Vulnerabilities, Rating AI Using AI, The Mantis Hack-back Framework

SECURITY |
AI |
PURPOSE
UNSUPERVISED LEARNING
is a newsletter about upgrading to thrive in a world full of AI.
It’s original ideas, analysis, mental models, frameworks, and tooling to
prepare you for the world that’s coming.

TOC

• SECURITY

• AI / TECH

• HUMANS

• IDEAS

• DISCOVERY

• RECOMMENDATION OF THE WEEK

• APHORISM OF THE WEEK

Hey there!

• I created the first Fabric Stitch, called
  rate_ai_result (DIRECT LINK). It rates the quality of AI #1 using the judgement of AI #2! And the
  result is an assessment of how smart AI 1 was on the following scale:

A rate_ai_result output example

You can get rate_ai_result here.
MORE

• Going forward I’ll be sending this newsletter from
  newsletter@unsupervised-learning.com
  instead of
  daniel@danielmiessler.com, so please add newsletter@unsupervised-learning.com
  to your contact list to avoid future newsletters going to spam.

• I’m entering the fiber world! I’ve upgraded to 5Gbit fiber for
  internet, and it’s making me want to upgrade the house to be able to
  handle it too. Which means 10Gbit switches and ethernet ports on devices
  (where possible). So now I need to figure out how to replace my CAT6 in
  the walls with fiber as well, which will be a comfortable
  100Gbit.

Over CAT6 to my Mac Studio M2 that comes with 10Gbit Ethernet

• Had a great sponsored conversation with
  Jason Haddix with Flare! We talked about a lot of things, but especially what special sauce
  makes
  Flare
  so attractive as a platform for Jason. Watch it on YouTube!

A Conversation with Jason Haddix from Flare

Sponsor

The Security Leader’s Guide to Proactive Vulnerability Management

Cyber threats are inter-connected. Vulnerabilities are gateways in your
attack surface that can be exploited to deploy ransomware, infostealers,
and other cyber threats.

Learn how you can build a strong vulnerability management program (VMP) and reduce your attack surface with this comprehensive guide, featuring:

Roadmaps, battle-tested lessons learned, and strategies implemented by
Flashpoint customers.

Measuring your VMP’s effectiveness with metrics like Mean Time to
Detect (MTTD) and Mean Time to Remediation (MTTR).

How to manage risk exposure
by combining powerful vulnerability intelligence with industry-leading
threat intelligence.

Download the report from Flashpoint to learn more.

go.flashpoint.io/guide-to-proactive-vulnerability-management

Get the Guide

   

SECURITY

Six critical flaws have been found in the Ollama AI framework,
potentially allowing denial-of-service, model theft, and poisoning
attacks. MORE

Remember: Friends don’t let friends publish their Ollama APIs online
without authorization/filtering.

The FBI is warning about a rise in hacked police emails being used to send
fake subpoenas and emergency data requests (EDRs) to U.S. tech companies.
MORE 

Pretty nasty general attack type here.

Basically, you find low-security organizations that have high trust, and
then you compromise them and make requests with them as the origin.

Think access to data, special permissions, restricted authorization to do
something, etc. Seems like government and law firms are likely targets
here.

Google’s AI security assessment tool, Big Sleep, found a zero-day
vulnerability in the SQLite database engine.
This is the first time we’ve seen AI find something that more standard
testing has missed in the past.
MORE

Sponsor

Dropzone AI Named a Gartner Cool Vendor!

Discover why Gartner named Dropzone AI a Cool Vendor for the Modern SOC.
Join our monthly webinar
on November 20th to see how our AI-driven platform empowers SOC teams to work smarter and respond faster. Don’t miss insights that could redefine your approach to security!

content.dropzone.ai/monthly-demo-webinar

Save Your Spot!

   

The FBI is asking the public for help in identifying Chinese hackers in
groups like APT31 and APT41.
MORE 

CrowdStrike has launched new AI Red Team Services to identify
vulnerabilities in AI systems and provide guidance on how to fix them.
MORE 

Synology is telling users to patch a critical zero-click RCE bug,
CVE-2024-10443, affecting millions of DiskStation and BeePhotos NAS devices.
Remember: Friends don’t let friends put NAS on the internet.
MORE 

Nokia is investigating a potential breach after a hacker, IntelBroker,
claimed to have stolen their source code from a third-party vendor. The
hacker says the data includes SSH keys, source code, RSA keys, and more,
accessed via default credentials on a SonarQube server.
MORE 

Canada has ordered TikTok Technology Canada to shut down, citing national
security risks.
The decision doesn’t block Canadians from using TikTok, but shuts
down the company’s Canadian business operations.
MORE 

Researchers from George Mason University have introduced
Mantis, a framework that uses prompt injections to hack-back
against prompt injection. By exploiting the vulnerabilities of large
language models, Mantis can misdirect or even compromise
attackers’ systems.
MORE 

The U.S. is tightening rules on foreign real estate deals near military
bases, adding 60 more installations to the list under CFIUS scrutiny. This
follows the forced closure of a Chinese-owned crypto mine near F.E. Warren
Air Force Base, which raised national security concerns.
MORE 

Continue reading online to avoid the email cutoff

AI / TECH

Robotic dogs are now patrolling Mar-a-Lago to help protect President-elect
Donald Trump. These “high-tech hounds” are part of the ASTRO program,
equipped with surveillance tech and sensors to detect bombs and chemical
threats.
MORE 

I think 2025 and 2026 are going to be some serious utopia / dystopia
years. Lots of sci-fi happening in reality.

Nvidia surpassed Apple to become the world’s largest company by market cap,
hitting $3.43 trillion.
MORE 

OpenAI has introduced a new feature called “Predicted Outputs” that lets you
send expected content to speed up API responses. If your prediction is
spot-on, there’s no extra cost, but if it diverges, you’ll pay for the
additional tokens.
MORE

Waymo has launched its robotaxi service across an 80-square-mile area in
and around Los Angeles. Hey, no fair. What happened to the greater Bay
Area! MORE 

Apple’s adding a new feature to the Find My app in iOS 18.2 that lets you
share a lost AirTag’s location with an airline or a trusted person. Apple
wins by doing thousands of these small improvements that add up over the
years. Then they get sued because everyone likes them better than
competitors.
MORE 

Apple’s Vision Pro visionOS 2.2 adds wide and ultrawide display options for
a laptop or desktop display. It’s completely nuts. Super clear,
high-resolution, and I’ve spent over an hour working on it. Plus you can
position visionOS apps around it too.
MORE
|
VIDEO OF IT IN ACTION

TSMC is set to open its Fab 21 in Arizona this December, which will be huge
for the on-shoring movement in the US.
MORE 

TSMC is halting the supply of advanced AI processors to its Chinese clients
starting November 11, following an investigation showing chips were ending
up in Huawei devices.
MORE

HUMANS

The dollar is at its highest in two years, and the stock market has been
going crazy since Trump won the election. Investors are betting on “Trump
trades,” expecting tariffs and tax cuts to boost stocks, inflation, and slow
interest rate cuts. And Bitcoin is near $90,000. Wow.
MORE 

I predicted Trump would win, and that investors would go batshit. But I
didn’t anticipate this much movement even before he took office.

Andreessen Horowitz is backing AI-powered parenting tools, with partner
Justine Moore highlighting a new wave of “parenting co-pilots” using LLMs
and agents.
MORE 

My buddy is participating in a real-life bug bounty. Actually a treasure
hunt. It’s detailed in this book that was just released. He’s been traveling to this remote island with other bounty hunters
(cyber) to search for a treasure worth like half a million dollars. MORE 

Genetic discrimination is becoming a real thing (as we knew it would).
Insurers use DNA data to deny coverage or hike prices. Bill, a healthy
60-year-old, was denied long-term-care insurance after revealing a genetic
mutation linked to ALS, despite not having the disease. MORE 

Companies are already moving production out of China as Trump plans massive
tariffs. Steve Madden is cutting its China-made products by 40%-45% and
shifting to Vietnam and Cambodia. Stanley Black & Decker is reworking
its supply chain but says US production is unlikely. Meanwhile, HM
Manufacturing and Cruz are eyeing increased US production to meet demand and
avoid tariffs.
MORE 

Seems like the tariffs might work as prods for companies to do what they
wanted to do anyway (move out of China), but they have to be done
carefully to avoid massively increasing inflation. Will be interesting to
see how broad and fast they’re applied.

NASA’s Juno spacecraft just completed its 66th flyby of Jupiter, sending
back stunning raw images that community editors have turned into
incredible photos.
MORE 

Deanna Dikeman’s “Leaving and Waving” is a brilliant and touching photo
series capturing her parents waving goodbye over the years. The project
spans from 1991 to 2017, documenting these heartfelt moments as she drove
away from their home. MORE 

A new study from Ben-Gurion University shows that controlling blood sugar
can slow brain aging.
MORE 

Astrobiologist Sara Imari Walker explores the complex question of what life
truly is in her book, “Life as No One Knows It: The Physics of Life’s Emergence”

A possible UL Bookclub candidate!

She argues that modern science has yet to develop a theory that fully
integrates life into the universe’s description, challenging the boundaries
between disciplines like biology, chemistry, and physics.
MORE 

A mom in Georgia was jailed after her 11-year-old son walked alone to
town, despite her belief in a “Free-Range” upbringing. I’d love for the
libertarian mindset to come to parenting, too. Seems pretty easy to tell
the difference between neglect and free-range. MORE

The average age of U.S. homebuyers has jumped to 56, up from 49 last
year.
MORE 

Oliver Sacks explores the meaning of life through love and despair in his
letters, emphasizing that meaning is something we create, not find.
MORE 

IDEAS

Crypto is Back, but as Gambling and Money Stores
I think crypto
is back not so much as an idea right now, but as a “screw the system”
gambling/alternative bank type thing. This ends badly for most involved,
with a few people getting super rich. We’ve seen the movie already. Maybe
Solana is an exception (like a really fast Ethereum, basically). I
personally won’t be playing much other than as a game. My big bets are on
NVIDIA and TESLA. With Apple and Costco as my secondaries.

“I sense the good in him.”
Unlike most smart people I know, I
think Elon and Andreessen and Thiel and those types are actually still good
people. I think Elon’s been really nasty online, and I’m worried we could be
losing him to extremist thinking. I’m worried about it. For sure. But I
don’t think his fundamentals have changed. I think he’s triggered and
lashing out, and that he’ll come back. That’s my belief. Or my hope. Can’t
tell which sometimes. Maybe they’re the same. Talked with Sam Harris about
it after his latest podcast, The Reckoning, and he thinks I’m wrong.
So if all my smart friends think I’m wrong, and I am the only one who
sees this, I’m either seeing something they aren’t,
or I’m confusing hope with reality. I think it’s the former, and I’m
willing to make a prediction on this. I like predictions now—in the spirit
of Superforecasters. So my prediction is that over the next 4 years
we’re going to see Elon, a number of these Silicon Valley types, and
yes—even Trump—take stances and create policies that are very Liberal in
purpose. Meaning, they’re trying to lift everyone, not just the elite. In
other words, we’re going to see significant compassion and the lifting of
everyone in their rhetoric and work. If I’m wrong, I’m wrong. I fully
acknowledge there’s a significant chance it goes the opposite way. And if
that happens I’ll be opposing them just like my other friends in the center
and on the left. But if I’m right, then I ask you to encourage the good in
them (and people like them). I ask you to help me pull them back from the
chasm.

DISCOVERY

Security Is a Useless Controls Problem MORE

ChainForge — ChainForge is an open-source visual programming
tool for prompt engineering that lets you run evaluations against prompts
using a boxes-and-lines interface reminiscent of Yahoo Pipes.
MORE 

How do you run away from an army of these?
MORE

ToolGit — A set of scripts that add new sub-commands to Git,
enhancing its functionality.
MORE 

An AI cluster using Mac Minis and Exolabs.
MORE

How I ship projects at big tech companies MORE 

Diagrams — A tool for creating diagrams as code, making it
easier to visualize complex systems and architectures.
MORE 

Everything I’ve learned so far about running local LLMs
MORE

Packy McCormick encourages readers to spend less time doomscrolling and more
time reading books.
MORE 

Draw.Audio — A new musical sketchpad using the Web Audio API
lets you create music directly in your browser.
MORE 

RECOMMENDATION OF THE WEEK

The CEO of Anthropic thinks AGI is coming within a couple of years. Sam
Altman thinks it’ll be 2025 or 2026.

Start getting ready.

• Know your life mission

• Know your goals

• Fill in and practice
  your most important sentence.

• Start building your TELOS file

• Get really good with your AI tools (fabric, chatgpt, etc.)

• Get your website up

• Commit to reading 50 books in 2025

• Start writing—even if you think you don’t have anything to say

APHORISM OF THE WEEK

❝  

If you were offered 1 million dollars not to wake up tomorrow, you wouldn’t
take it. Which means waking up tomorrow is worth more than a million
dollars.

Treat it that way.

Thank you for reading. Please forward to a friend and/or share on socials to
help support the work.

Daniel