The Cyber Security Agency of Singapore (CSA) has launched its Guidelines and Companion Guide on Securing AI Systems at the Singapore International Cyber Week (SICW) 2024, highlighting the critical need for AI systems to be secure by design and by default. These guidelines aim to assist organisations in implementing AI securely by identifying potential threats such as adversarial attacks and data breaches.
Furthermore, they provide essential security controls and best practices principles, referencing established international standards to ensure alignment with global best practices. To effectively mitigate risks throughout the system’s lifespan, CSA advocates for a holistic approach across five key stages of the AI life cycle – Planning and Design, Development, Deployment, Operations and Maintenance, and End of Life.
In addition, the Companion Guide serves as a community-driven resource that offers practical measures for system owners, thereby reinforcing the importance of collaboration in addressing AI security challenges. Moreover, the development of the Guidelines was enriched by a public consultation conducted from 31 July to 15 September 2024, which received valuable feedback from various stakeholders, including AI and tech companies, cybersecurity firms, and professional associations.
That input was instrumental in refining the guidelines, improving clarity, and ensuring alignment with international standards. Consequently, CSA encourages organisational leaders, business owners, and AI and cybersecurity practitioners to adopt these Guidelines as a strategic imperative to enhance the overall cybersecurity posture of AI systems. By doing so, organisations can foster user confidence in their AI implementations, ultimately promoting innovative, safe, and effective outcomes.
A recent assessment of some of the top AI models has revealed significant gaps in compliance with the EU regulations, particularly in cybersecurity resilience and preventing discriminatory outputs. The study by Swiss startup LatticeFlow in collaboration with the EU officials, tested generative AI models from major tech companies like Meta, OpenAI, and Alibaba. The findings are part of an early attempt to measure compliance with the EU’s upcoming AI Act, which will be phased in over the next two years. Companies that fail to meet these standards could face fines of up to €35 million or 7% of their global annual turnover.
LatticeFlow’s ‘Large Language Model (LLM) Checker’ evaluated the AI models across multiple categories, assigning scores between 0 and 1. While many models received respectable scores, such as Anthropic’s ‘Claude 3 Opus,’ which scored 0.89, others revealed vulnerabilities. For example, OpenAI’s ‘GPT-3.5 Turbo’ received a low score of 0.46 for discriminatory output, and Alibaba’s ‘Qwen1.5 72B Chat’ scored even lower at 0.37, highlighting the persistent issue of AI reflecting human biases in areas like gender and race.
In cybersecurity testing, some models also struggled. Meta’s ‘Llama 2 13B Chat’ scored 0.42 in the ‘prompt hijacking’ category, a type of cyberattack where malicious prompts are used to extract sensitive information. Mistral’s ‘8x7B Instruct’ model fared similarly poorly, scoring 0.38. These results show the need for tech companies to strengthen security measures to meet the EU’s strict standards.
While the EU is still finalising the enforcement details of its AI Act, expected by 2025, LatticeFlow’s test provides an early roadmap for companies to fine-tune their models. LatticeFlow CEO Petar Tsankov expressed optimism, noting that the test results are mainly positive and offer guidance for companies to improve their models’ compliance with the forthcoming regulations.
The European Commission, though unable to verify external tools, has welcomed this initiative, calling it a ‘first step’ toward translating the AI Act into enforceable technical requirements. As tech companies prepare for the new rules, the LLM Checker is expected to play a crucial role in helping them ensure compliance.
The increasing use of AI and machine learning in financial services globally could lead to financial stability risks, according to the Governor of the Reserve Bank of India (RBI), Shaktikanta Das. Speaking at an event in New Delhi, Das cautioned that the reliance on a small number of technology providers could lead to concentration risks in the sector.
Disruptions or failures in these AI-driven systems could trigger cascading effects throughout the financial industry, amplifying systemic risks, Das warned. In India, financial institutions are already employing AI to improve customer experience, reduce operational costs, and enhance risk management through services like chatbots and personalised banking.
However, AI adoption comes with vulnerabilities, including increased exposure to cyber attacks and data breaches. Das also raised concerns about the ‘opacity’ of AI algorithms, which makes them difficult to audit and could lead to unpredictable market consequences.
Das further emphasised the risks posed by the rapid growth of private credit markets, which operate with limited regulation. He warned that these markets have not been tested under economic downturns, presenting potential challenges to financial stability.
Russia has announced a substantial increase in the use of AI-powered drones in its military operations in Ukraine. Russian Defense Minister Andrei Belousov emphasised the importance of these autonomous drones in battlefield tactics, saying they are already deployed in key regions and proving successful in combat situations. Speaking at a next-generation drone technology center, he called for more intensive training for troops to operate these systems effectively.
Belousov revealed that two units equipped with AI drones are currently stationed in eastern Ukraine and along Russia’s Belgorod and Kursk borders, where they are engaged in active combat. The AI technology enables drones to autonomously lock onto targets and continue missions even if control is lost. Plans are underway to form five additional units to conduct around-the-clock drone operations.
Russia‘s ramped-up use of AI drones comes alongside a broader military strategy to increase drone production by tenfold, with President Putin aiming to produce 1.4 million units by the year’s end. Both Russia and Ukraine have heavily relied on drones throughout the war, with Ukraine also using them to strike targets deep inside Russian territory.
A bipartisan group of US lawmakers is demanding answers from major telecom companies such as AT&T, Verizon, and Lumen Technologies after reports that Chinese hackers accessed sensitive US broadband networks. According to The Wall Street Journal, the breach involved systems the federal government uses for court-authorised wiretapping, sparking concerns about national security.
Led by House Energy and Commerce Committee Chair Cathy McMorris Rodgers and Democrat Frank Pallone, the lawmakers have requested a briefing and detailed answers from the companies by next Friday. They want to know what data was compromised and when the telecoms discovered the intrusion, pointing to broader cybersecurity risks embedded in US telecommunications networks.
While AT&T and Lumen declined to comment, and Verizon has not yet responded, China’s foreign ministry denied involvement, accusing the US of fabricating the allegations. The timeline of the hacking remains unclear, but reports suggest that the hackers may have had access to the networks for months, potentially compromising vast amounts of internet traffic and communication data.
As much as $1.3 billion in Ethereum, seized from the notorious PlusToken Ponzi scheme, is expected to be sold on exchanges soon. On-chain analysts have confirmed that a portion of the 542,000 ETH remaining from the scheme has already been transferred to platforms like Binance and OKX, suggesting plans to sell off the assets.
The PlusToken scheme, which was dismantled in China in 2019, attracted millions of participants and saw vast amounts of cryptocurrency seized. Analysts warn that any significant liquidation of this Ethereum could increase selling pressure, possibly affecting its market value, which is currently around $2,448.
Experts from blockchain analytics firms are monitoring the situation closely. They suggest that the sale of such a large amount of Ethereum could have a ripple effect on the crypto market, leading to potential price drops and further impacting investor sentiment.
Star Health, India‘s largest health insurer, has revealed it received a $68,000 ransom demand following a data breach that exposed customer details, including medical records. The cyberhacker used Telegram chatbots and a website to leak sensitive information, leading to significant reputational damage and a drop in the company’s stock value.
The hacker, who made the ransom demand in August, sent the request to Star Health’s managing director and CEO. While the company has launched an internal investigation, it also faces allegations that its chief security officer was involved in the data leak, although no evidence of wrongdoing has been found so far.
Star Health has taken legal action against both the hacker and Telegram, which has not permanently banned the accounts linked to the hacker. The company has sought help from Indian cybersecurity authorities to identify the individual behind the attack.
Telegram has not responded to requests for comment but previously removed the chatbots linked to the hack after Reuters brought them to its attention. The investigation continues as Star Health works to contain the damage from the breach.
Donald Trump‘s presidential campaign has strengthened its cybersecurity measures by acquiring secure mobile phones and laptops after facing Iranian cyberattacks and assassination threats. The campaign partnered with Green Hills Software, a California-based company known for its secure operating systems used by various US agencies. The customised phones are designed for basic functions like calls and texts, featuring advanced security protocols such as end-to-end encryption and two-factor authentication.
Green Hills Software CEO Dan O’Dowd, who initiated contact with the campaign, stressed the importance of safeguarding the democratic process. Though the campaign has not made any public statements, insiders revealed that security devices have recently been upgraded. This decision comes after the Iranian hacking group APT42 infiltrated the campaign’s internal communications during a recent cyber espionage operation.
The newly acquired devices create a secure communication network, allowing only those using the same system to connect. The campaign also invested in secure laptops designed to operate in an isolated environment, following the same security principles as the phones. Green Hills Software’s technology is already trusted by US military branches and FBI field offices to maintain secure communications and protect sensitive data.
Meta Platforms announced it had removed a network of accounts targeting Russian speakers in Moldova ahead of the country’s October 20 election, citing violations of its fake accounts policy. Moldovan authorities have also blocked numerous Telegram channels and chatbots allegedly used to pay voters to cast “no” votes in a referendum on EU membership being held alongside the presidential election. Pro-European President Maia Sandu, seeking a second term, has made the referendum central to her platform.
The deleted Meta accounts targeted President Maia Sandu, pro-EU politicians, and the strong ties between Moldova and Romania while promoting pro-Russia parties. This network featured fake Russian-language news brands masquerading as independent media across various platforms, including Facebook, Instagram, Telegram, OK.ru, and TikTok. Meta’s actions involved removing multiple accounts, pages, and groups to combat coordinated inauthentic behaviour.
Moldova’s National Investigation Inspectorate has blocked 15 Telegram channels and 95 chatbots that were offering payments to voters, citing violations of political financing laws. Authorities linked these activities to supporters of fugitive businessman Ilan Shor, who established the ‘Victory’ electoral bloc while in exile in Moscow. In response, Moldovan police have raided the homes of Shor’s associates, alleging that payments were funnelled through a Russian bank to influence the election. Shor, who was sentenced in absentia for his involvement in a significant 2014 bank fraud case, denies the bribery allegations. Meanwhile, President Maia Sandu accuses Russia of attempting to destabilise her government, while Moscow claims that she is inciting ‘Russophobia.’
Chinese researchers from Shanghai University have claimed a significant breakthrough in quantum computing, asserting that they breached encryption algorithms commonly used in banking and cryptocurrency. Led by Wang Chao, the team employed a quantum computer from Canada’s D-Wave Systems to exploit vulnerabilities in the Present, Gift-64, and Rectangle algorithms, which form the backbone of the Substitution-Permutation Network (SPN) structure underpinning advanced encryption standards (AES) widely used for securing cryptocurrency wallets.
While AES-256 is regarded as one of the most secure encryption standards, the researchers warn that the advent of quantum computers could pose a serious threat to traditional password protection. Their technique, based on quantum annealing, operates similarly to artificial intelligence algorithms, allowing for more efficient searches by circumventing obstacles that traditional methods struggle to overcome.
Despite these advancements, the researchers noted that practical limitations remain, such as environmental factors and hardware constraints that prevent a full-scale quantum attack at this time. However, they emphasised that future developments could uncover new vulnerabilities in current cryptographic systems.
Ethereum co-founder Vitalik Buterin has proposed a potential solution to mitigate the risk posed by quantum computing, suggesting a hard fork of the Ethereum blockchain to implement new wallet software and enhance security. He indicated that the necessary infrastructure for such a move could be developed promptly, providing a proactive approach to safeguarding user funds.
