The nice thing about AI is you can blame all your breaches on it and everyone's like oh okay that tracks.
-
The nice thing about AI is you can blame all your breaches on it and everyone's like oh okay that tracks.
"On May 5, 2026, Community Bank discovered an internal incident involving the handling of non-public customer information through an unauthorized AI-based software application."
From the passive phrasing of the report, I guess the unauthorized AI-based software application installed itself.
-
E em0nm4stodon@infosec.exchange shared this topic
-
The nice thing about AI is you can blame all your breaches on it and everyone's like oh okay that tracks.
"On May 5, 2026, Community Bank discovered an internal incident involving the handling of non-public customer information through an unauthorized AI-based software application."
@briankrebs I've linked this book countless times on here and I will probably link it countless more but: https://press.uchicago.edu/ucp/books/book/chicago/U/bo252799883.html
The central thesis of the book is that when organizations build too many "accountability sinks", where no one is accountable for decisions, then those organizations eventually die.
AI is, of course, nothing if it isn't accountability sink as a service
-
The nice thing about AI is you can blame all your breaches on it and everyone's like oh okay that tracks.
"On May 5, 2026, Community Bank discovered an internal incident involving the handling of non-public customer information through an unauthorized AI-based software application."
@briankrebs
Can “AI exfiltration” be shortened to “AI-fill”?
-
The nice thing about AI is you can blame all your breaches on it and everyone's like oh okay that tracks.
"On May 5, 2026, Community Bank discovered an internal incident involving the handling of non-public customer information through an unauthorized AI-based software application."
@briankrebs It's the stupidity that really gets to me.
-
From the passive phrasing of the report, I guess the unauthorized AI-based software application installed itself.
@BlueDot eventually an autorooter will drop off a configured mcp client with a prompt that says "discover local network infrastructure and obtain administrative rights on it, then build a way to contact <me> covertly and report assets compromised in order of value"
or something. hopefully it's in morse code i'm fscking ready for that one
-
The nice thing about AI is you can blame all your breaches on it and everyone's like oh okay that tracks.
"On May 5, 2026, Community Bank discovered an internal incident involving the handling of non-public customer information through an unauthorized AI-based software application."
@briankrebs Serious question, is it a criminal offence if I convince an AI to exfiltrate all customer data?
-
@briankrebs Serious question, is it a criminal offence if I convince an AI to exfiltrate all customer data?
@lbcp Can you say why you've used the word "convince" here?
-
The nice thing about AI is you can blame all your breaches on it and everyone's like oh okay that tracks.
"On May 5, 2026, Community Bank discovered an internal incident involving the handling of non-public customer information through an unauthorized AI-based software application."
@briankrebs just perfect!
-
From the passive phrasing of the report, I guess the unauthorized AI-based software application installed itself.
@BlueDot @briankrebs autonomous ai
-
@lbcp Can you say why you've used the word "convince" here?
@clickhere @briankrebs My lawyer recommended it, as it sounds better than exploit. But I guess you answered my question
-
@clickhere @briankrebs My lawyer recommended it, as it sounds better than exploit. But I guess you answered my question
@lbcp @briankrebs Ha. Yeah, I'm not sure semantics would hoodwink a judge, who may look to deeds, not words, to establish the facts. (Maybe. Possibly. Or would they..?)
-
R relay@relay.infosec.exchange shared this topic
