Frustrating when I get on calls with a startup that makes incredibly extraordinary (nigh unbelievable) claims about their unique security implementation (esp.
-
Frustrating when I get on calls with a startup that makes incredibly extraordinary (nigh unbelievable) claims about their unique security implementation (esp. when it involves cryptography) and is tight-lipped about exactly how because "it's our trade secret"
"extraordinary claims require extraordinary evidence" and people don't seem to understand this.
it's like the people who are all "filesystems are where all the security weaknesses are; use my new database approach instead and it solves all risks"
also a tell: non-stop verbal spew of acronyms and compliance frameworks and protocols combined with "our approach resolves all these other completely unrelated problems from totally distinct disciplines, plus also we address all security issues with AI"
-
@darkuncle I appreciate how clarifying it is about the people I'm talking with. Rarely do you get such clear information about technical depth in a briefing.
@adamshostack it's like Schneier said -- anybody can create a cryptosystem that they themselves cannot defeat
-
Frustrating when I get on calls with a startup that makes incredibly extraordinary (nigh unbelievable) claims about their unique security implementation (esp. when it involves cryptography) and is tight-lipped about exactly how because "it's our trade secret"
"extraordinary claims require extraordinary evidence" and people don't seem to understand this.
@darkuncle If their claims were genuine, then, at the very least, they would be able to explain either the method, or show that a reputable organisation had verified it.
-
@darkuncle If their claims were genuine, then, at the very least, they would be able to explain either the method, or show that a reputable organisation had verified it.
@UkeleleEric lack of independent analysis and third-party validation always makes my spidey-sense tingle
-
it's like the people who are all "filesystems are where all the security weaknesses are; use my new database approach instead and it solves all risks"
also a tell: non-stop verbal spew of acronyms and compliance frameworks and protocols combined with "our approach resolves all these other completely unrelated problems from totally distinct disciplines, plus also we address all security issues with AI"
@darkuncle I used to listen to the Sawbones podcast a lot and one of their favorite sayings was “cure alls cure nothing”
-
it's like the people who are all "filesystems are where all the security weaknesses are; use my new database approach instead and it solves all risks"
also a tell: non-stop verbal spew of acronyms and compliance frameworks and protocols combined with "our approach resolves all these other completely unrelated problems from totally distinct disciplines, plus also we address all security issues with AI"
also: coming in asserting that orgs like Amazon Cryptography are doing it all wrong is ... like, you need to back that up with more than just assertions and throwing shade
-
also: coming in asserting that orgs like Amazon Cryptography are doing it all wrong is ... like, you need to back that up with more than just assertions and throwing shade
speaker has managed to say "ontological construct for AI security" multiple times along with "epistemic drift" and asserting "100% prevention of threats that Mythos can find"
"cryptographic anchoring for AI trust"
like ... I think they actually have some good stuff in here at a low level but it's almost buried in a flood of references, acronyms, protocols, and philosophy.
-
speaker has managed to say "ontological construct for AI security" multiple times along with "epistemic drift" and asserting "100% prevention of threats that Mythos can find"
"cryptographic anchoring for AI trust"
like ... I think they actually have some good stuff in here at a low level but it's almost buried in a flood of references, acronyms, protocols, and philosophy.
@darkuncle in my experience anyone who talks like that either does not in fact have anything good to say, or they do but don't know the subject well enough to explain things clearly. If they did they wouldn't try to obfuscate it.
-
speaker has managed to say "ontological construct for AI security" multiple times along with "epistemic drift" and asserting "100% prevention of threats that Mythos can find"
"cryptographic anchoring for AI trust"
like ... I think they actually have some good stuff in here at a low level but it's almost buried in a flood of references, acronyms, protocols, and philosophy.
@darkuncle to quote Delirium from Sandman:
"Well that's just a lot of words smooshed together."
-
speaker has managed to say "ontological construct for AI security" multiple times along with "epistemic drift" and asserting "100% prevention of threats that Mythos can find"
"cryptographic anchoring for AI trust"
like ... I think they actually have some good stuff in here at a low level but it's almost buried in a flood of references, acronyms, protocols, and philosophy.
@darkuncle as if, it were written by Mythos....
-
@darkuncle in my experience anyone who talks like that either does not in fact have anything good to say, or they do but don't know the subject well enough to explain things clearly. If they did they wouldn't try to obfuscate it.
@DrHyde yeah, that's kind of where I'm at: if you can't explain it to a non-technical person, you don't know it well enough or are hand waving away some gaps
-
speaker has managed to say "ontological construct for AI security" multiple times along with "epistemic drift" and asserting "100% prevention of threats that Mythos can find"
"cryptographic anchoring for AI trust"
like ... I think they actually have some good stuff in here at a low level but it's almost buried in a flood of references, acronyms, protocols, and philosophy.
@darkuncle Every cult develops a secret language to divide the in group from the outgroup.
-
@darkuncle to quote Delirium from Sandman:
"Well that's just a lot of words smooshed together."
@intrepidhero I mean, I consider myself fairly technical but this is approaching word salad
-
Frustrating when I get on calls with a startup that makes incredibly extraordinary (nigh unbelievable) claims about their unique security implementation (esp. when it involves cryptography) and is tight-lipped about exactly how because "it's our trade secret"
"extraordinary claims require extraordinary evidence" and people don't seem to understand this.
@darkuncle Also, security through obscurity is ....not.
It if really was that amazing, you could tell people *something* about it without endangering the security.
-
@bytebro paraphrasing roughly is one of my hobbies
-
-
R relay@relay.infosec.exchange shared this topic
