Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable 部落格

訂閱

網路安全概要: 隨著 OpenAI 執行長的發言在國會山莊造成轟動,一場關於 AI 的法規風暴正風起雲湧

As OpenAI Honcho Hits Capitol Hill, Regulatory Storm Clouds Form Over AI La La Land

Check out what OpenAI’s CEO told lawmakers in Congress about regulating AI. Meanwhile, an upcoming EU law could cramp ChatGPT’s style. Also, the public’s nail biting over AI is real. In addition, a new AI chatbot may soon answer your burning questions about the dark web. And much more!

Dive into six things that are top of mind for the week ending May 19.

1 – Mr. Altman goes to Washington

Lively discussions around how much government control there should be over artificial intelligence (AI) products continue globally – and cybersecurity teams should closely monitor which way the regulatory winds are blowing.

The latest high-profile debate happened this week in Washington D.C., where Sam Altman, CEO of ChatGPT-maker OpenAI, testified before the U.S. Senate Judiciary Committee’s Subcommittee on Privacy, Technology and the Law.

OpenAI CEO Sam Altman testified before Congress in May 2023

After detailing benefits of OpenAI’s generative AI products and their privacy and security features, Altman told lawmakers that regulation is key to prevent AI from being misused and abused, but also cautioned against excessive government oversight.

“OpenAI believes that regulation of AI is essential, and we’re eager to help policymakers as they determine how to facilitate regulation that balances incentivizing safety while ensuring that people are able to access the technology’s benefits,” he said.

So what did Altman recommend to the U.S. Congress as it mulls AI laws and regulations? Here’s a quick rundown:

  • A requirement that AI companies submit their products to not just internal but also external testing prior to releasing them, and that they publish the results
  • Flexibility from the U.S. government to adapt its AI rules because AI technology is complex and evolves rapidly
  • Collaboration and cooperation among governments globally as they draft laws and regulations

“We believe that government and industry together can manage the risks so that we can all enjoy the tremendous potential,” Altman said.

For more information, check out Altman’s prepared remarks; coverage from Gizmodo, Politico and The Guardian; and these videos:

Top Moments From ChatGPT Creator's Congressional Testimony (CNET)

OpenAI CEO Testifies Before Senate Judiciary Committee About Artificial Intelligence (Forbes)

2 – AI experts: Generative AI trips responsible AI programs

As organizations adopt generative AI technology, most of their responsible AI (RAI) programs are unprepared to address the risks involved. At least, that’s the opinion from the majority of AI experts consulted by MIT Sloan Management Review and Boston Consulting Group. 

Most RAI programs are unprepared to address the risks of new generative AI tools

AI experts say generative AI trips responsible AI programs

(Source: MIT Sloan Management Review, based on a poll of 19 AI experts.)

The panel of experts identified three main reasons for why organizations struggle with managing the risks of generative AI tools:

  • These tools are “qualitatively different” from other AI wares
  • These tools introduce new types of AI risks
  • RAI programs can’t keep up with generative AI advancements

Still, there’s hope, according to the MIT Sloan Management Review article titled “Are Responsible AI Programs Ready for Generative AI? Experts Are Doubtful.

“Many of our experts asserted that an approach that emphasizes the core RAI principles embedded in an organization’s DNA, coupled with an RAI program that is continually adapting to address new and evolving risks, can help,” reads the article, which outlines detailed recommendations.

For more information about responsible AI:

3 – Surveys: AI gives most in the U.S. the heebie jeebies

AI has many people in the U.S. concerned – even when the technology is used for cybersecurity defense purposes.

In an Ipsos online poll of 1,117 U.S. adults released this week, only 16% said they’re “very comfortable” about the use of AI for assessing cybersecurity threats. The rest rated themselves as “somewhat comfortable” (42%), “not very comfortable” (26%) and “not at all comfortable” (16%.)

AI gives most in the U.S. the heebie jeebies

Ipsos also found that almost half of respondents (46%) feel that AI tools are being developed too quickly, while 30% said they’re being developed at the right speed.

Meanwhile, a separate Reuters / Ipsos poll of 4,415 U.S. adults conducted online and also released this week found that:

  • 61% of respondents said that AI “poses risks to humanity,” compared with only 22% who disagreed and 17% who didn’t express an opinion
  • More than two-thirds of respondents are concerned about AI’s negative effects

Similar misgivings about the negative impact of AI also surfaced in another survey with a narrower scope. In an online poll of more than 400 readers of Boston.com, only 15% declared themselves “unconcerned” or optimistic about AI, while the rest felt a level of concern – 27% had “some concerns,” 40% described themselves as “fairly worried” and 18% said they were “close to panic.”

For more information about public perception of AI:

4 – The EU’s AI law could rock ChatGPT’s world

As we monitor the establishment of legal and regulatory guardrails around AI globally, a major development will be the enactment of the European Union’s AI law, whose approval process marches on.

Called the Artificial Intelligence Act, the law, among other things, will likely force some AI vendors like ChatGPT’s OpenAI to prove that their products’ training-data foundation doesn’t violate copyright law.

In an announcement last week, the European Parliament touted the latest progress for the AI law and outlined key recent additions and changes to its draft, including specific provisions aimed at generative AI products.

“Generative foundation models, like GPT, would have to comply with additional transparency requirements, like disclosing that the content was generated by AI, designing the model to prevent it from generating illegal content and publishing summaries of copyrighted data used for training,” reads the statement.

如需詳細資訊:

VIDEOS

AI regulation and privacy: How legislation could transform the AI industry (Yahoo Finance)

The EU's AI Act: A guide to understanding the ambitious plans to regulate artificial intelligence (Euronews Next)

5 – Hello DarkBERT, my new friend

Do you have questions about the dark web – that sinister, creepy side of the internet where lawlessness reigns? DarkBERT may soon be here to help.

The generative AI chatbot is the brainchild of a group of South Korean researchers who wanted to provide a large language model (LLM) that could assist with cybersecurity research into the dark web. They trained DarkBERT on this seamy part of the internet by crawling the Tor network.

“We show that DarkBERT outperforms existing language models with evaluations on dark web domain tasks, as well as introduce new datasets that can be used for such tasks. DarkBERT shows promise in its applicability on future research in the dark web domain and in the cyber threat industry,” the researchers wrote in their paper about the AI chatbot.

DarkBERT isn’t available yet to the public. Its creators plan to release it at some point, but they haven’t specified a date.

如需詳細資訊:

6 – CIS white paper tackles IoT security

The Center for Internet Security (CIS) has just published the white paper “Internet of Things: Embedded Security Guidance” with the goal of helping IoT vendors more easily build security into their products by design and by default.

CIS white paper tackles IoT security

CIS Chief Technology Officer Kathleen Moriarty, the white paper’s author, explains in a blog that the 74-page document provides prescriptive recommendations and vetted research from IoT experts, and that it can be used not only by IoT vendors but also by their customers.

“If you’re an organization, you can begin the conversation with your vendors on embedded IoT security requirements for your products. You can specifically use this document as an educational tool and potentially provide it as a guide for the vendor,” she wrote.

For more information about IoT security:

VIDEO

Do IoT Devices Make Your Network Unsecure? (Cyber Gray Matter)

相關文章

您可以使用的網路安全最新消息

輸入您的電子郵件,就不會錯過來自 Tenable 專家提供的及時警示與安全指引。

Tenable Vulnerability Management

享受現代、雲端型的弱點管理平台,能夠以無與倫比的準確性查看和追蹤所有資產。

您的 Tenable Vulnerability Management 試用版軟體也包含 Tenable Lumin 和 Tenable Web App Scanning。

Tenable Vulnerability Management

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。

100 項資產

選取您的訂閱選項:

立即購買

Tenable Vulnerability Management

享受現代、雲端型的弱點管理平台,能夠以無與倫比的準確性查看和追蹤所有資產。

您的 Tenable Vulnerability Management 試用版軟體也包含 Tenable Lumin 和 Tenable Web App Scanning。

Tenable Vulnerability Management

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。

100 項資產

選取您的訂閱選項:

立即購買

Tenable Vulnerability Management

享受現代、雲端型的弱點管理平台,能夠以無與倫比的準確性查看和追蹤所有資產。

您的 Tenable Vulnerability Management 試用版軟體也包含 Tenable Lumin 和 Tenable Web App Scanning。

Tenable Vulnerability Management

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。

100 項資產

選取您的訂閱選項:

立即購買

試用 Tenable Web App Scanning

享受完整存取我們專為新型應用程式所設計、屬於 Tenable One 曝險管理平台一部分的最新 Web 應用程式掃描產品。不需耗費大量人力或中斷重要 Web 應用程式,即可高度準確且安全地掃描您整個線上產品系列中是否含有任何弱點。 立即註冊。

您的 Tenable Web App Scanning 試用版軟體也包含 Tenable Vulnerability Management 和 Tenable Lumin。

購買 Tenable Web App Scanning

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。

5 個 FQDN

$3,578

立即購買

試用 Tenable Lumin

利用 Tenable Lumin 視覺化並探索您的曝險管理、追蹤經過一段時間後風險降低的情形以及與同業進行指標分析。

您的 Tenable Lumin 試用版軟體也包含 Tenable Vulnerability Management 和 Tenable Web App Scanning。

購買 Tenable Lumin

聯絡業務代表,瞭解 Tenable Lumin 如何協助您取得您整個環境的深入解析和管理網路風險。

免費試用 Tenable Nessus Professional

免費試用 7 天

Tenable Nessus 是目前市場上最全方位的弱點掃描器。

最新 - Tenable Nessus Expert
現已上市

Nessus Expert 新增了更多功能,包括外部攻擊破綻掃描和新增網域及掃描雲端基礎架構的能力。按這裡試用 Nessus Expert。

請填妥以下表單以繼續 Nessus Pro 試用。

購買 Tenable Nessus Professional

Tenable Nessus 是目前市場上最全方位的弱點掃描器。Tenable Nessus Professional 可協助將弱點掃描流程自動化,節省您執行合規工作的時間並讓您與 IT 團隊合作。

購買多年期授權,節省更多。新增 365 天全年無休 24 小時全天候可使用電話、社群及對談的進階支援。

選擇您的授權

購買多年期授權,節省更多。

增加支援與訓練

免費試用 Tenable Nessus Expert

免費試用 7 天

Nessus Expert 是專為現代攻擊破綻所打造,它能讓您從 IT 到雲端洞察更多資訊,並保護貴公司免於弱點危害。

您已經有 Tenable Nessus Professional 了嗎?
升級至 Nessus Expert,免費試用 7 天。

購買 Tenable Nessus Expert

Nessus Expert 是專為現代攻擊破綻所打造,它能讓您從 IT 到雲端洞察更多資訊,並保護貴公司免於弱點危害。

選擇您的授權

購買多年期授權省更多!

增加支援與訓練