I’ve said from the beginning that the biggest risk with AI isn’t that it writes bad code. It’s that people are starting to trust it to make decisions it has no business making.
New research drives that point home.
Researchers have uncovered a new attack called HalluSquatting, and it exploits one of AI’s most well-known weaknesses: it would rather make something up than admit it doesn’t know the answer.
That behavior, which we’ve all come to know as hallucination, is no longer just an annoyance. It can now be turned into a weapon.
Here’s how it works. [Read more…]
For years, companies drilled one thing into employees’ heads: don’t trust weird emails. Problem is, attackers adapted. Instead of fighting against people’s skepticism around email, they moved to platforms employees already trust without thinking twice about it. One of the biggest targets right now is Microsoft Teams
A new attack called Pixnapping can steal sensitive data from Android devices, without needing a single permission. The exploit targets visual data on-screen, including two-factor authentication codes, private messages, and location histories. It works by quietly measuring how long it takes to render specific pixels. If that sounds like science fiction, it’s not. Researchers have already tested it on Pixel and Samsung devices with unsettling results.
Security researchers have identified two major exploits in the Secure Boot system, both capable of sidestepping one of the most important protections on modern PCs. Microsoft has issued a patch for one of them. The other remains untouched, even as it offers attackers a nearly universal method to bypass security during the startup process.