π€New CSET Blog
How is AI starting to impact the software vulnerability lifecycle?
@chrisrohlf.bsky.social breaks down the automation of the discovery, patching, and exploitation phases. cset.georgetown.edu/article/ai-a...
Over 15 years ago cyber teams covertly altered centrifuge spin rates at Natanz to degrade the uranium enrichment process and silently damage nuclear weapons development β¦ yet the best AI doomers can come up with is βsteal the model weightsβ?
or injecting semantic collisions into tokenizer produced vocabularies to subtly degrade / bias multilingual pretraining pipelines?
AI + cyber articles have an extreme lack of imagination. Where are the tabletop exercises for nation state APTs silently tampering with SentencePiece tokenizer implementations introducing backdoors into normalization logic β¦
Clearly these people never read the Matasano blogβ¦
Open source, and the influence it brings over tech ecosystems, is a soft power we should never take for granted.
The BIS guidance clearly spells out how usage of the Huawei Ascend 910 series anywhere in the world may violate existing US export controls.
www.bis.gov/media/docume...
An interesting, and possibly intentional, side effect of interpreting the BIS rule in this way is that it deters most capable companies and individuals from contributing any development or support of Huaweiβs Ascend CANN stack within open source AI compilers.
Playing with OpenAI's o3-mini-high tonight. Here is the model analyzing a slightly modified crackaddr.c
These reasoning models are a game changer for non-agentic based AI driven code analysis
chatgpt.com/share/679d79...
We sat down with Nicholas Carlini and talked about his work attacking the mathematical underpinnings of LLMs, including remote oracle attacks that extract weights from closed foundation models. Crypto-type exploits that are not about cryptography:
securitycryptographywhatever.com/2025/01/28/c...
But can it generate nausea inducing Preziβs?
Deterrence by denial has largely failed as a USG strategy at least in the cyber realm. While I agree wholeheartedly that secure by design is the way, USG lacks the authorities to make it happen by incentive or liability.
An interesting replication benchmark and data point to support the self reinforcing AI flywheel might be to measure how accurately and efficiently an AI model could autonomously retool from CUDA to CANN and achieve model training parity. This is somewhat analogous to self hosting compilers.
* How does the number of Ascend chips affect the remainder of the setup including power requirements, interconnect and memory bandwidth limitations etc?
* Assuming you can achieve hardware compute parity in the pretraining cluster, what is the performance delta between those ported CANN kernels and CUDA for this model architecture and how does it affect compute hours required?
* What is the level of effort required to port CUDA based kernels and associated configuration and monitoring tooling to CANN?
* Given lower yields for Huawei Ascend 910B/C and the fact its almost 3x slower (at FP16) than H800 theoretical max TFLOP(s) it seems it would take around +/- 6000 Ascend 910B's to match the theoretical compute.
he Deepseek v3 paper is impressive and the discussion surrounding it is fascinating. I find these results raise more questions for me than they answer. Here are a few random questions and thoughts I have after reading through the paper:
Not sure how much I'll use this platform but here are some recent short pieces I recently wrote on AI and Cyber
AI Replication
struct.github.io/ai_replicati...
AI+Cyber & the Security Dilemma
struct.github.io/ai_security_...
LLM Emergent Abilities & Weird Machines
struct.github.io/emergent_abi...
