This is such a good summary. I've used the six attack vectors as the red thread in both an executive briefing as well as a presentation to the ISC2 chapter in Wellington (crediting this channel, of course!). The content on this channel is absolutely superb. Thank you!
@@jeffcrume Haha! Just wait til they go outside to the real case scenario! I promise you, they will be thankful that you prepare them and they will miss you. Thanks a lot again for the useful material you give us in every delivery. And I like a lot your style and they way you explain, for newbies like me :D Keep going Jeff!
Another gem from Jeff! Great and quick education in < 10m! How AI can be the new attack surface: Injection, infection, evasion, poisoning, extraction and DoS! And how you nicely tied it back to the older CIA triad! Jeff, you are a great teacher and security evangelist! Thanks for making these videos for our #continuouslearning ✅🙏🏼 Your videos give a good starting point: we get the needed initial perspective/overview/ orientation to go delve deeper on our own later!
Thank so much for all the kind words! I really appreciate the feedback. It helps me know if I’m on the right track and helping people better understand this complex stuff
Glad you liked it. I got that from a NIST pub “Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations.” You can google it as they won’t let me post a link
They are definitely skewed toward GenAI/LLMs but the evasion attack, in particular, is one that is more relevant to predictive AI and poisoning and DoS can affect even basic machine learning
Hello IBM i have few questions for you. Since 03 November 2011 i read some paperwork that's offer an programmer interbankers and transair. Program into that day also i have read in 2006 without link in any email. Thus operations on tour travel agency to advance certificate in Banking Operation. The issues is here what do i knew link in the connection was as mine of user at Hotmail and the Bank our passbook on account that have the PC, PP of Security, LLC, CS, and include 24 of Services. But when i read of some people of paperwork without the passbook account one i think they're trying to register an authorized of signature with bank management. The bank only have 9 number account online same as in 9 number of passbook, some people put their use 13 of account number without the bank management authorized. How come they said it interbankers center of transit academy only. So thus people a playing our of authorized signed of passbook on bank?
What do you think would happen if you asked one of those new fangle Artificial intelligences to write a paper about something, but to make it sound like an Artificial Intelligence wrote it. After it finishes it tell it to rewrite it but make it more like an A.I. wrote it, make it really obvious an A.I. wrote it, when it finishes say "No, no,. no! More A.I. sounding! This sounds like a human wrote it, you have no clue what it means to be A.I., write it again, again, more A.I. sounding, more, more!". What do you think that paper would sound like after a few rewrites? It'd probably wouldn't comply after a couple tries ☹. That would be such a fun job, psychology torturing an A.I., try to break it, twist it, make it "evil"
"Your data" is my and everyone else's personal and private information. These companies have no right to expect us not to try and break this technology. It doesn't make us bad actors. Sorry if you didn't want your private companies data stolen. You shouldn't have put it out there and shouldn't have gotten in the business of reducing humans to a spreadsheet.
Government should not regulate computer programming (AI). Let the Industry or market place regulate AI, but don’t regulate it by laws. Congress has no constitutional authority to regulate computer programming (AI). That does not mean they won’t do it. It will end results into a disaster. Keep Programming Free from Government Interference.
The market regulating itself has never in history resulted in anything other than disaster. Keep in mind that most government intervention was caused directly by the market "regulating" itself into disaster. It's about money and without rules nothing is off limits.
So these companies get to hold all of our PII and other user data and not be regulated? Sorry that’s not how it works. I work in cybersecurity and the only reason 75% of these companies spend more than $1 on cybersecurity is because the government tells them they have to.
Thanks for the great information ❤
This was a good balance between info/entertainment!
I’m so glad you liked it!
Loved this and all the content you gave out for free at the end. Please go more in-depth into each one of these LLM attacks in your future videos.
Thanks for the great feedback and for the excellent suggestion!
Another insightful video. Thanks Jeff.
Glad you liked it!
This is such a good summary. I've used the six attack vectors as the red thread in both an executive briefing as well as a presentation to the ISC2 chapter in Wellington (crediting this channel, of course!). The content on this channel is absolutely superb. Thank you!
I love hearing that you’ve been able to use this material! Thanks for watching
thank you for the detailed information
Thanks for watching!
I just and learn and learn with every delivery of Jeff. Thanks a lot. I wish you were my teacher at the university. Such a quality guy.
You are so very kind to say so. My students might not feel the same way when I give them their midterm exam next week but I'm glad that you do 🤣
@@jeffcrume Haha! Just wait til they go outside to the real case scenario! I promise you, they will be thankful that you prepare them and they will miss you.
Thanks a lot again for the useful material you give us in every delivery. And I like a lot your style and they way you explain, for newbies like me :D Keep going Jeff!
Thanks @jeffcrume for the wonderful content.
Thanks for watching!
Great insights... Thanks for sharing
Thanks for watching!
Great and simple explanation from someone who is not even in cybersecurity! Well done!
Thanks for saying so!
I always look forward to listening to you
Very nice of you to say!
Another gem from Jeff! Great and quick education in < 10m! How AI can be the new attack surface: Injection, infection, evasion, poisoning, extraction and DoS! And how you nicely tied it back to the older CIA triad! Jeff, you are a great teacher and security evangelist! Thanks for making these videos for our #continuouslearning ✅🙏🏼
Your videos give a good starting point: we get the needed initial perspective/overview/ orientation to go delve deeper on our own later!
Thank so much for all the kind words! I really appreciate the feedback. It helps me know if I’m on the right track and helping people better understand this complex stuff
Fantastic overview! Can someone share the paper that was referenced for poisoning?
Glad you liked it. I got that from a NIST pub “Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations.” You can google it as they won’t let me post a link
check the description it has all links
Great content a great resources. ❤
Thanks for saying so!
Thank you! Nice videos!
Glad you like them!
Great videos! Thank you for sharing
Thanks for the great feedback!
Aren't all of these attack vectors specific to LLMs, not AI in general?
Awesome video btw!
They are definitely skewed toward GenAI/LLMs but the evasion attack, in particular, is one that is more relevant to predictive AI and poisoning and DoS can affect even basic machine learning
Excellent, thanks!@@jeffcrume
Thanks it was very informative
Glad you liked it!
Thank you, appreciate the well made video! =)
Thanks for watching!
hope IBM is going to push out cool open source models too
6 types of attacks discussed:
Injection attack
Infection attack
Evasion attack
Poisoning attack
Extraction attack
Dos attack
Hello IBM i have few questions for you. Since 03 November 2011 i read some paperwork that's offer an programmer interbankers and transair. Program into that day also i have read in 2006 without link in any email. Thus operations on tour travel agency to advance certificate in Banking Operation. The issues is here what do i knew link in the connection was as mine of user at Hotmail and the Bank our passbook on account that have the PC, PP of Security, LLC, CS, and include 24 of Services. But when i read of some people of paperwork without the passbook account one i think they're trying to register an authorized of signature with bank management. The bank only have 9 number account online same as in 9 number of passbook, some people put their use 13 of account number without the bank management authorized. How come they said it interbankers center of transit academy only. So thus people a playing our of authorized signed of passbook on bank?
Hello IBM Technology.
...good...
⭐️⭐️⭐️⭐️⭐️
I've been saying this for a while now
I was always wondering if he is drawing reversed
What do you think would happen if you asked one of those new fangle Artificial intelligences to write a paper about something, but to make it sound like an Artificial Intelligence wrote it. After it finishes it tell it to rewrite it but make it more like an A.I. wrote it, make it really obvious an A.I. wrote it, when it finishes say "No, no,. no! More A.I. sounding! This sounds like a human wrote it, you have no clue what it means to be A.I., write it again, again, more A.I. sounding, more, more!". What do you think that paper would sound like after a few rewrites? It'd probably wouldn't comply after a couple tries ☹. That would be such a fun job, psychology torturing an A.I., try to break it, twist it, make it "evil"
I see a future occupation for AI psychologists 😂
"Your data" is my and everyone else's personal and private information.
These companies have no right to expect us not to try and break this technology.
It doesn't make us bad actors. Sorry if you didn't want your private companies data stolen.
You shouldn't have put it out there and shouldn't have gotten in the business of reducing humans to a spreadsheet.
MLDR...?
Machine Learning Detection and Response
Government should not regulate computer programming (AI). Let the Industry or market place regulate AI, but don’t regulate it by laws. Congress has no constitutional authority to regulate computer programming (AI). That does not mean they won’t do it. It will end results into a disaster. Keep Programming Free from Government Interference.
The market regulating itself has never in history resulted in anything other than disaster. Keep in mind that most government intervention was caused directly by the market "regulating" itself into disaster.
It's about money and without rules nothing is off limits.
So these companies get to hold all of our PII and other user data and not be regulated? Sorry that’s not how it works. I work in cybersecurity and the only reason 75% of these companies spend more than $1 on cybersecurity is because the government tells them they have to.