One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8459485 |
| Date de publication | 2024-03-05 19:03:47 (vue: 2024-03-05 20:08:23) |
| Titre | Rester en avance sur les acteurs de la menace à l'ère de l'IA Staying ahead of threat actors in the age of AI |
| Texte | ## Snapshot Over the last year, the speed, scale, and sophistication of attacks has increased alongside the rapid development and adoption of AI. Defenders are only beginning to recognize and apply the power of generative AI to shift the cybersecurity balance in their favor and keep ahead of adversaries. At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified activity associated with known threat actors, including prompt-injections, attempted misuse of large language models (LLM), and fraud. Our analysis of the current use of LLM technology by threat actors revealed behaviors consistent with attackers using AI as another productivity tool on the offensive landscape. You can read OpenAI\'s blog on the research [here](https://openai.com/blog/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors). Microsoft and OpenAI have not yet observed particularly novel or unique AI-enabled attack or abuse techniques resulting from threat actors\' usage of AI. However, Microsoft and our partners continue to study this landscape closely. The objective of Microsoft\'s partnership with OpenAI, including the release of this research, is to ensure the safe and responsible use of AI technologies like ChatGPT, upholding the highest standards of ethical application to protect the community from potential misuse. As part of this commitment, we have taken measures to disrupt assets and accounts associated with threat actors, improve the protection of OpenAI LLM technology and users from attack or abuse, and shape the guardrails and safety mechanisms around our models. In addition, we are also deeply committed to using generative AI to disrupt threat actors and leverage the power of new tools, including [Microsoft Copilot for Security](https://www.microsoft.com/security/business/ai-machine-learning/microsoft-security-copilot), to elevate defenders everywhere. ## Activity Overview ### **A principled approach to detecting and blocking threat actors** The progress of technology creates a demand for strong cybersecurity and safety measures. For example, the White House\'s Executive Order on AI requires rigorous safety testing and government supervision for AI systems that have major impacts on national and economic security or public health and safety. Our actions enhancing the safeguards of our AI models and partnering with our ecosystem on the safe creation, implementation, and use of these models align with the Executive Order\'s request for comprehensive AI safety and security standards. In line with Microsoft\'s leadership across AI and cybersecurity, today we are announcing principles shaping Microsoft\'s policy and actions mitigating the risks associated with the use of our AI tools and APIs by nation-state advanced persistent threats (APTs), advanced persistent manipulators (APMs), and cybercriminal syndicates we track. These principles include: - **Identification and action against malicious threat actors\' use:** Upon detection of the use of any Microsoft AI application programming interfaces (APIs), services, or systems by an identified malicious threat actor, including nation-state APT or APM, or the cybercrime syndicates we track, Microsoft will take appropriate action to disrupt their activities, such as disabling the accounts used, terminating services, or limiting access to resources. - **Notification to other AI service providers:** When we detect a threat actor\'s use of another service provider\'s AI, AI APIs, services, and/or systems, Microsoft will promptly notify the service provider and share relevant data. This enables the service provider to independently verify our findings and take action in accordance with their own policies. - **Collaboration with other stakeholders:** Microsoft will collaborate with other stakeholders to regularly exchange information a |
| Envoyé | Oui |
| Condensat | ### **a **charcoal **collaboration **crimson **emerald **forest **identification **llm **notification **salmon **transparency:** 08:00 160 2017 2022 2023 2023/ 2024 26165 300 30190 about above abuse academic access access/microsoft accessed accessible accordance accounts acquire across action actionable actions active activities activity actor actors actors** addition adhered adoption advance advanced advantage adversarial adversaries adversary advised affairs affiliated after against against: age agencies agency ahead ai/ aid aided aimed aims align aligns all alongside also always analysis analyze and/or announced announcing anomaly another anticipates antivirus any apis apm apms app appear appendix appendix: application apply approach appropriate apt apt28 apt4 apts aquatic are arena around array artificial assessed assesses assessing assets assist assistance assisted associated atlas atlas™ att&ck® attack attacker attackers attacks attempt attempted attempting attending attractive attributes augment authentication automate automated azure balance based basic bear because been beginning behavior behaviors believe below best better blend bletchley blizzard blizzard** blocking blocks blog both broad broadening broader bronze build built but by=newest bypass:** campaigns can capabilities captcha cases certain change channels charcoal chatgpt china chinese chollima chromium circumvent classify closed closely closing code coding collaborate collaboration collected collective collectively com/ai/responsible com/blog/disrupting com/en com/legal/cognitive com/msftsecintel com/on com/podcasts/microsoft com/security/business/ai com/security/business/identity com/security/business/zero com/security/security com/showcase/microsoft come command commands commentary commitment commitments committed commodity common communication communications community companies complementary complex complexity comprehensive compromise compromised computing concealment concerns conduct conflict connected connections consisted consistent content context continually continue continues continuous contractors control controls controlx conventional copilot corps correlate could countering countermeasures counterparts countries course crafting:** create created creates creating creation crimson cryptographic curium current custom customers cve cyber cyberattacks cybercrime cybercriminal cybersecurity cyberthreats cyberwire data decade deceptive declaration declaration/the declining deeper deeply defender defenders defense defenses delete deliver demand demonstrated demonstrating deployment depth descriptions: detect detected detecting detection develop developing development development:** development; devices diagnostic different digital directed directory disable disabled disabling disrupt diverse domain domestic dormancy drafting duration during early economic ecosystem education effective effectiveness effort efforts elevate email emails emerald emerge emergent emerging employ employing enabled enables endorsed energy engagement engaging engine engineer engineering engineering:** enhance enhanced enhancing ensure entities entra entry equally equip era errors essential establish established ethical evade evaluating evasion:** events everywhere evolve evolving example exchange executing execution executive existing expand expansion experimental expert expertise experts explanation:** exploitation exploration exploratory exploring expose expressions extending extends extent extremely factor false fancy favor feature features feel feminism feminists file files find finding findings focus focused focusing following foreign forest framework france fraud frequently from full future gas gather gathering generate generating generation generative generic geopolitics global globally goals gov government governmental groups growth gru guard guardrails guidelines hands hardening harm has have health healthcare help here high higher highest highly history hole house how however https://aka https://atlas https://attack https://blogs https://learn https://opena |
| Tags | Ransomware Malware Tool Vulnerability Threat Studies Medical Technical |
| Stories | APT 28 ChatGPT APT 4 |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.