Thursday, October 9, 2025

Predictions for AI security

This is interesting even if it follows what we've seen for all security technologies since, well, forever:

Basically whoever can see the most about the target, and can hold that picture in their mind the best, will be best at finding the vulnerabilities the fastest and taking advantage of them. Or, as the defender, applying patches or mitigations the fastest.

And if you’re on the inside you know what the applications do. You know what’s important and what isn’t. And you can use all that internal knowledge to fix things—hopefully before the baddies take advantage.

summary and prediction

  1. Attackers will have the advantage for 3-5 years. For less-advanced defender teams, this will take much longer.
  2. After that point, AI/SPQA will have the additional internal context to give Defenders the advantage.  

 So basically it will be a shooting gallery for now with sanity restored later.  I'm somewhat optimistic of AI as a back-end tool (i.e. no user input) to run a set of interesting but more or less canned queries.  User input sanitization issues basically disappear at that point.

(via

Wednesday, October 8, 2025

Remember about all that Voice mail spam?

I posted about it a while back.   Lawrence has been following this and has an update linking it to China:

Well, as suspected, it was China’s.

This was in fact my first thought: Smells like a State Actor.

Having thought about it, I suspect it is linked to the PRC, but "outsourced" to US-based Bad Guys.  This seems a business (selling infrastructure to send out floods of voice mail spam).  It looks like the guys who ran this also let people swat folks they didn't like.  In fact, this is how they got caught because one of the victims was a Congressman.

And so a lack of Opsec led to compromise of the whole system.  Cry me a river.

And Lawrence has a great suggestion:

If theses SIM farms are active, there should be ways for telecomms to algorithmically search for mobile call hotspots where too many calls issue from too small an area. Let’s hope they’re doing that and working with various U.S. three letter agencies to shut them down right now. 

Endorsed. 

Tuesday, October 7, 2025

Dad Joke CCCLXIII

The guy who invented the Ferris Wheel never met the man who invented the Merry-go-round.  They ran in different circles. 

Monday, October 6, 2025

I'm back

The Queen Of The World and I are back from our Son-In-Law's retirement from the US Navy.


25 years, ending as a Senior Chief.  He would have made Master Chief but would have had to have another sea duty, and Abby finally put her foot down.  I don't know that I blame her. 

I must say based on the other Senior and Master Chiefs I met there that these senior NCOs are absolutely the backbone of the fleet.

Bravo Zulu, Steve! 

Wednesday, October 1, 2025

G'mar tov

The Day of Atonement is a day for reflection.  This is good for all of us, Tribe or not. 

To our Jewish readers, Shanna tovah

Tuesday, September 30, 2025

Dad Joke CCCLXII

Tuna sends in another one.  It looks like he's doing all my blogging now:

I was rejected for a job at the sunscreen factory. They said to just reapply every 4 hours.

Monday, September 29, 2025

Attacking AI via prompt manipulation

This is actually pretty clever:

The attack involves hiding prompt instructions in a pdf file—white text on a white background—that tell the LLM to collect confidential data and then send it to the attackers.

...

The fundamental problem is that the LLM can’t differentiate between authorized commands and untrusted data. So when it encounters that malicious pdf, it just executes the embedded commands. And since it has (1) access to private data, and (2) the ability to communicate externally, it can fulfill the attacker’s requests. I’ll repeat myself:

This kind of thing should make everybody stop and really think before deploying any AI agents. We simply don’t know to defend against these attacks. We have zero agentic AI systems that are secure against these attacks. Any AI that is working in an adversarial environment­—and by this I mean that it may encounter untrusted training data or input­—is vulnerable to prompt injection. It’s an existential problem that, near as I can tell, most people developing these technologies are just pretending isn’t there.

Essentially, this means that AI is simply not fit for purpose.  And clearly, it's not even a little bit "intelligent", security-wise.  

Thursday, September 25, 2025

Where all your phone spam comes from

Lawrence points to an interesting "datacenter":

This seems like a story that should have gotten a lot more attention than it has. “Secret Service Dismantles Weaponized SIM Farms Designed To ‘Shut Down’ NYC Cell Networks.”
Hours before President Donald Trump’s address to the United Nations General Assembly, the U.S. Secret Service announced that it had dismantled a massive, decentralized SIM farm network, just 35 miles from New York City, hidden inside five abandoned apartment buildings. The telecommunications stealth weapon was capable of paralyzing regional cell networks through denial-of-service attacks.

My first instinct was that this was a State Actor prepping some sort of cyber attack.  Now I think it's a Phone Spam datacenter:

SIM farms allow “bulk messaging at a speed and volume that would be impossible for an individual user,” one telecoms industry source, who asked not to be named due to the sensitivity of the Secret Service’s investigation, told WIRED. “The technology behind these farms makes them highly flexible—SIMs can be rotated to bypass detection systems, traffic can be geographically masked, and accounts can be made to look like they’re coming from genuine users.” 

Bastards.  95% of all the calls I get are along the lines of "You have been pre-approved ...".  I don't even answer a call where I don't recognize the number anymore.