TOP OF THE DAY – The Bletchley Park process could be a building block for global cooperation on AI safety
(Joshua P. Meltzer, Paul Triolo – Brookings – 7 October 2024) Considerable progress has been made on international governance of artificial intelligence (AI). This includes work under the G7 Hiroshima Process, at the Organization for Economic Co-operation and Development (OECD), the Global Partnership on AI (GPAI), international standards bodies, and in various U.N. bodies. Meanwhile, bilateral engagement on AI, including the U.S.-EU Trade and Technology Council, is in a holding pattern pending the outcome of the U.S. presidential elections. A more recent entrant into this global AI governance space has been the so-called Bletchley Park process that comprises development and global networking of AI safety institutes (AISIs) in a number of countries. The Bletchley Park process was kicked off by a meeting at Bletchley Park in November 2023. The Bletchley Park meeting was spearheaded by the United Kingdom and United States and attended by China and a small number of other countries. It aims to develop a framework for how governments and companies developing AI can assess AI safety. A follow-up meeting in Seoul in May 2024 provided momentum to this process, and the key players are now gearing up for a February 2025 AI Action Summit in Paris that will be critical to demonstrating ongoing high-level commitment to the process and for determining whether the process can deliver on AI safety. Recently, the U.S. has announced that it will host a global AI safety summit in November with the goal of kick-starting technical collaboration among the various AISIs ahead of the Paris AI Action Summit. While progress to date has been significant, major challenges to reaching agreement on a networked approach to AI safety remain. The following takes a closer look at where the Bletchley Park process now stands in the run-up to Paris 2025. – The Bletchley Park process could be a building block for global cooperation on AI safety (brookings.edu)
Governance
(Stewart Scott – Lawfare – 9 October 2024) Nobody seems to know how to tell whether the National Cybersecurity Strategy is effective. In response to criticism from the Government Accountability Office (GAO) that the strategy did not provide outcome measures for assessing the success of its cybersecurity initiatives, the Office of the National Cyber Director (ONCD) said something striking: “[S]uch measures do not currently exist in the cybersecurity field in general.” In short, ONCD agreed that it, along with the GAO and other interested parties, would love to know whether the National Cybersecurity Strategy is working but claimed that no method for such evaluation exists. – Counting the Costs in Cybersecurity | Lawfare (lawfaremedia.org)
(Alexandra Kelley – NextGov – 8 October 2024) Leaders in the federal healthcare space revealed ongoing and future artificial intelligence use cases and policy at NVIDIA’s AI Summit in Washington, D.C. on Tuesday, emphasizing the benefits predictive softwares can have on health outcomes. Much like other federal agencies, HHS is aiming to help spur and harness ongoing innovation with AI tools while applying appropriate guardrails, especially when leveraging these tools alongside sensitive clinical data, according to Micky Tripathi, the national coordinator for health IT and acting chief artificial intelligence officer at the U.S. Department of Health and Human Services. – HHS looks to balance use of clinical data in AI with safety, bias considerations – Nextgov/FCW
Geostrategies
(Natasha Lomas – TechCrunch – 10 October 2024) Advances in DNA sequencing and the vast amounts of genomic data being produced by next-generation sequencing (NGS) technology have created a startup opportunity to build software for biologists so they can more easily analyze this big data and take the next leap. It could help when it comes to developing new vaccines, cancer treatments and so on. For the last four years, MiLaboratories, a San Francisco-based startup with an R&D facility in Bilbao, Spain, has been building a computational biology platform to make it easier for biologists to process, analyze and aggregate their data. It incorporates features like data visualization and generative AI to boost usability. – MiLaboratories gets $10M for a platform play to accelerate genomic research | TechCrunch
(Aria Alamalhodaei – TechCrunch – 9 October 2024) Northwood Space, the startup founded by former Disney star Bridgit Mendler, nailed a key test last week when its ground station unit successfully connected with orbiting Planet Labs satellites. Operating from Planet’s ground station in Maddock, North Dakota, the team successfully showed the startup’s novel phased-array antenna system can transmit data to and from satellites on orbit. This first test focused on telemetry and tasking of the satellites, and achieved bidirectional links over five satellite passes. – Bridgit Mendler’s Northwood makes ground station connection with Planet Labs in key test | TechCrunch
(Romain Dillet – TechCrunch – 9 October 2024) In 2016, when Alan originally launched its health insurance product in France, it was the first new health insurance company in the country in 30 years. Now, as Alan announces its expansion to Canada, the startup is about to break a new record: There hasn’t been a new health insurance company in Canada since 1957. In many ways, Alan treats health insurance as software-as-a-service. It’s a subscription-first product that can be optimized with technology. For instance, Alan has built its own claim management system. Its flagship product is health insurance that complements the national healthcare system in France. French companies must provide health insurance to all their employees when they join. – European unicorn Alan becomes Canada’s first new health insurance company in almost 70 years | TechCrunch
(Brian Heater – TechCrunch – 9 October 2024) Amazon announced on Wednesday the upcoming addition of new AI-powered package retrieval technology to its electric vehicle fleet. The vision-based tech is designed help drivers prioritize packages. Vision-Assisted Package Retrieval (VAPR) works by highlighting packages with either a green circle or red light, denoting which are designated for delivery at the current stop. The company says such technology will save drivers from having to stop the van and shuffle to find the relevant packages each time. – Amazon’s new AI-powered vision tech tells drivers which packages to deliver | TechCrunch
(Aisha Malik – TechCrunch – 9 October 2024) Amazon Pharmacy is expanding its same-day delivery service to 20 more U.S. cities next year, the company announced on Wednesday. Amazon says the expansion will more than double the number of cities where customers can get same-day delivery of their medications. As part of the expansion, Amazon is opening up new pharmacies that will include Amazon Same-Day Delivery sites to enable faster medication delivery in the 20 new cities. – Amazon Pharmacy to expand its same-day delivery service to 20 more US cities | TechCrunch
(Rebecca Bellan – TechCrunch – 9 October 2024) Baidu, the Google of China, will roll out its driverless ride-hailing service overseas as it seeks to compete with the dearth of autonomous vehicle companies at home. The Beijing-based company seeks to deploy its Apollo Go robotaxi service in Hong Kong, Singapore, and the Middle East, sources familiar with the matter told The Wall Street Journal. A source familiar with the matter confirmed its expansion outside of China, but couldn’t say which markets. – Baidu to expand Apollo Go robotaxi service outside of China | TechCrunch
(Ivan Mehta – TechCrunch – 9 October 2024) Meta is bringing its AI chatbot Meta AI to six countries today, including Brazil, the U.K., the Philippines, Bolivia, Guatemala, and Paraguay, Mark Zuckerberg said today in an announcement on his WhatsApp channel. The company said that apart from these countries, the company plans to release Meta AI in more countries in a gradual rollout, including the Middle East. After this rollout, Meta AI will be available in 43 countries and more than a dozen languages. The upcoming roll-out includes regions such as Algeria, Egypt, Indonesia, Iraq, Jordan, Libya, Malaysia, Morocco, Saudi Arabia, Sudan, Thailand, Tunisia, United Arab Emirates, Vietnam, and Yemen. Meta AI will also start supporting Arabic, Indonesian, Thai, and Vietnamese languages by the end of this release cycle. – Meta AI launches in six countries including Brazil and UK | TechCrunch
Security
(Associated Press/SecurityWeek – 9 October 2024) Marriott International has agreed to pay $52 million and make changes to bolster its data security to resolve state and federal claims related to major data breaches that affected more than 300 million of its customers worldwide. The Federal Trade Commission and a group of attorneys general from 49 states and the District of Columbia announced the terms of separate settlements with Marriott on Wednesday. The FTC and the states ran parallel investigations into three data breaches, which took place between 2014 and 2020. – Marriott Agrees to Pay $52 million, Beef up Data Security to Resolve Probes Over Data Breaches – SecurityWeek
(Associated Press/SecurityWeek – 9 October 2024) A cyberattack continues to affect the largest regulated water and wastewater utility company in the United States, renewing a focus on the importance of protecting critical infrastructure sites. New Jersey-based American Water paused billing to customers as it announced the cyberattack on Monday. It said it became aware of the unauthorized activity on Thursday and immediately took protective steps, including shutting down certain systems. Water services have been unaffected as protections remained in place Wednesday. – American Water Cyberattack Renews Focus on Protecting Critical Infrastructure – SecurityWeek
(Ionut Arghire – SecurityWeek – 9 October 2024) Google today announced the launch of the Global Signal Exchange (GSE), a new project aimed at fostering the sharing of online fraud and scam signals. The internet giant says it is already blocking millions of attempted scams daily across its products and services, with the GSE expected to improve those protections courtesy of a partnership with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF). – New Google Project Aims to Become Global Clearinghouse for Scam, Fraud Data – SecurityWeek
(Connie Loizos – TechCrunch – 9 October 2024) The Internet Archive, the nonprofit organization that digitizes and archives materials like web pages, came under attack Wednesday. Several users – including over at The Verge – confronted a pop-up when visiting the site, reading, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!” – The Internet Archive slammed by DDoS attack and data breach | TechCrunch
(Alessandro Mascellino – Infosecurity Magazine – 9 October 2024) A privacy flaw in Apple’s new iPhone mirroring feature, introduced with macOS 15.0 Sequoia and iOS 18, has been identified. This bug, discovered by cybersecurity experts at Sevco, enables personal apps on an iPhone to be listed in a company’s software inventory when the feature is used on work computers, creating a significant privacy concern for employees. – Over 240 Million US Breach Victims Recorded in Q3 – Infosecurity Magazine (infosecurity-magazine.com)
(Alessandro Mascellino – Infosecurity Magazine – 9 October 2024) A privacy flaw in Apple’s new iPhone mirroring feature, introduced with macOS 15.0 Sequoia and iOS 18, has been identified. This bug, discovered by cybersecurity experts at Sevco, enables personal apps on an iPhone to be listed in a company’s software inventory when the feature is used on work computers, creating a significant privacy concern for employees. – Apple’s iPhone Mirroring Flaw Exposes Employee Privacy Risks – Infosecurity Magazine (infosecurity-magazine.com)
(Alessandro Mascellino – Infosecurity Magazine – 9 October 2024) A new version of the BeaverTail malware targeting tech job seekers through fake recruiters has been identified. The attack, discovered by Unit 42 and part of the ongoing CL-STA-240 Contagious Interview campaign, exploits job search platforms like LinkedIn and X (formerly Twitter), with attackers posing as employers to infect devices with malware. Initially reported in November 2023, the campaign has since evolved, with new malware versions surfacing. – New BeaverTail Malware Targets Job Seekers via Fake Recruiters – Infosecurity Magazine (infosecurity-magazine.com)
(Beth Maundrill – Infosecurity Magazine – 9 October 2024) A new generation of QR code phishing (quishing) attacks have been uncovered by threat analyists at Barracuda. Research by the email protection firm highlighted new techniques that have been designed to evade traditional security defenses by including QR codes built from text-based ASCII/Unicode characters rather than the standard static image. This tactic is designed to evade optical character recognition (OCR)-based defenses. In an email, it will look like a traditional QR code. To a typical OCR detection system, it appears meaningless. – New Generation of Malicious QR Codes Uncovered by Researchers – Infosecurity Magazine (infosecurity-magazine.com)
(James Coker – Infosecurity Magazine – 9 October 2024) The UK government has launched a new competition designed to encourage young people to pursue careers in cybersecurity. The UK Cyber Team Competition is open to 18–25-year-olds, who will undertake hands-on cyber exercises designed to push their technical expertise and problem-solving abilities. – UK Launches New Competition to Spur Cybersecurity Careers – Infosecurity Magazine (infosecurity-magazine.com)
Defense, Intelligence, and War
(Patrick Tucker – Defense One – 10 October 2024) Small drones have been changing modern warfare at least since 2015, when Russia and Ukraine began to use them to great effect for rapid targeting. The latest addition is a strike-and-intelligence quadcopter that its builder hopes will do more things with a lot less operator attention. The point of the Bolt-M, revealed by Anduril today, is to make fewer demands on the operator and offer more information than, easy-to-produce first-person-view strike drones, the type that Ukraine is producing by the hundreds of thousands. The U.S. Army, too, is looking at FPV drones for infantry platoons. But they require special training to use and come with a lot of operational limits. The Bolt-M, according to an Anduril statement, works “without requiring specialized operators.” The company has a contract from the U.S. Marine Corps’ Organic Precision Fires – Light, or OPF-L, program to develop a strike variant. – New AI-powered strike drone shows how quickly battlefield autonomy is evolving – Defense One
(Michael Mieses, Noelle Kerr, Nakissa Jahanbani – Lawfare – 9 October 2024) In late June and early July, Iranian hackers stole information from Donald Trump’s presidential campaign and sent it to Biden campaign officials, according to the Office of the Director of National Intelligence, the FBI, and the Cybersecurity and Infrastructure Security Agency (CISA). This was far from a one-off. Recently, Tehran has increased its asymmetrical advantage by harnessing cyber capabilities through the internet and social media, a trend that extends back even further. Over the past few decades, Iran has been quietly building its cyber capability in the shadow of great powers. – Artificial Intelligence Is Accelerating Iranian Cyber Operations | Lawfare (lawfaremedia.org)
(Audrey Decker – Defense One – 9 October 2024) The space industry is waiting for the Space Force and intelligence community to come to an agreement over buying commercial satellite imagery and related analysis—a fight, some say, that is preventing troops from making the fullest use of orbital capabilities. Currently, the National Reconnaissance Office is in charge of buying intelligence, surveillance, and reconnaissance imagery from commercial space providers, and the National Geospatial-Intelligence Agency in charge of purchasing analytic products. But in the five years since the Space Force was created, the young service has increasingly pushed for funds and leeway to work directly with commercial firms, arguing that it can more quickly get important information to combatant commands. – Industry ‘hamstrung’ by Space Force-intel community’s turf war – Defense One
(Taras Kuzio – The Jamestown Foundation – 8 October 2024) Russia’s war in Ukraine has become the world’s first drone, digital, and cyber war, and resilience, innovation, adaptation, and quick learning has allowed Ukraine to keep one step ahead of Russia. Ukraine is fighting a people’s war, and its military-industrial complex has significantly grown during the war. Wars are won in laboratories and factories as much as on the battlefield. Ukraine’s drone tactics have allowed it to combat Russian aggression in numerous ways, including destroying one-third of its Black Sea Fleet, targeting weapons storage within Russia, and combatting Russian drone strikes on Ukrainian cities. – Ukraine Leads World in Drone Innovation and Production – Jamestown