Suramya's Blog : Welcome to my crazy life…

August 27, 2024

MIT Researchers publish AI risk database exposing 700+ ways AI can be risky

Filed under: Artificial Intelligence,Computer Software,My Thoughts — Suramya @ 10:44 AM

AI (or rather what is call AI right now), is not really intelligent but it does have a lot of risks associated with using it. We all know about the Deep Fakes and the hallucinations etc but those are not the only risks of using generative AI. The researchers at MIT have cataloged the over 700 risks of using generative AI.

The risks posed by Artificial Intelligence (AI) are of considerable concern to academics, auditors, policymakers, AI companies, and the public. However, a lack of shared understanding of AI risks can impede our ability to comprehensively discuss, research, and react to them. This paper addresses this gap by creating an AI Risk Repository to serve as a common frame of reference.

This comprises a living database of 777 risks extracted from 43 taxonomies, which can be filtered based on two overarching taxonomies and easily accessed, modified, and updated via our website and online spreadsheets. We construct our Repository with a systematic review of taxonomies and other structured classifications of AI risk followed by an expert consultation. We develop our taxonomies of AI risk using a best-fit framework synthesis. Our high-level Causal Taxonomy of AI Risks classifies each risk by its causal factors (1) Entity: Human, AI; (2) Intentionality: Intentional, Unintentional; and (3) Timing: Pre-deployment; Post-deployment. Our mid-level Domain Taxonomy of AI Risks classifies risks into seven AI risk domains: (1) Discrimination & toxicity, (2) Privacy & security, (3) Misinformation, (4) Malicious actors & misuse, (5) Human-computer interaction, (6) Socioeconomic & environmental, and (7) AI system safety, failures, & limitations. These are further divided into 23 subdomains. The AI Risk Repository is, to our knowledge, the first attempt to rigorously curate, analyze, and extract AI risk frameworks into a publicly accessible, comprehensive, extensible, and categorized risk database. This creates a foundation for a more coordinated, coherent, and complete approach to defining, auditing, and managing the risks posed by AI systems.

They have published a paper on it: The AI Risk Repository: A Comprehensive Meta-Review, Database, and Taxonomy of Risks From Artificial Intelligence that you should check out. They have also made their entire database available to copy for free as well.

Check it out if you have some free time.

Source: Boingboing.net: MIT’s AI risk database exposes 700+ ways AI could ruin your life.

– Suramya

August 21, 2024

First three Post-Quantum Encryption Algorithms released by NIST

Filed under: Computer Security,My Thoughts,Quantum Computing — Suramya @ 8:30 PM

NIST has been reviewing algorithms as part the the PQC (Post Quantum Cryptography) Standardization process for over 8 years now and they have released the first three standards for post-quantum cryptography. These standards will allow systems to protect their data and communications with encryption that are not vulnerable to Quantum Computers. Current standards and tools rely on complex math problems that are difficult or impossible to solve using conventional computers but are vulnerable to a sufficiently capable quantum computer which would be able to process potential solutions very quickly.

The new standards are designed for two essential tasks for which encryption is typically used: general encryption, used to protect information exchanged across a public network; and digital signatures, used for identity authentication. NIST announced its selection of four algorithms — CRYSTALS-Kyber, CRYSTALS-Dilithium, Sphincs+ and FALCON — slated for standardization in 2022 and released draft versions of three of these standards in 2023. The fourth draft standard based on FALCON is planned for late 2024.

While there have been no substantive changes made to the standards since the draft versions, NIST has changed the algorithms’ names to specify the versions that appear in the three finalized standards, which are:

  • Federal Information Processing Standard (FIPS) 203, intended as the primary standard for general encryption. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation. The standard is based on the CRYSTALS-Kyber algorithm, which has been renamed ML-KEM, short for Module-Lattice-Based Key-Encapsulation Mechanism.
  • FIPS 204, intended as the primary standard for protecting digital signatures. The standard uses the CRYSTALS-Dilithium algorithm, which has been renamed ML-DSA, short for Module-Lattice-Based Digital Signature Algorithm.
  • FIPS 205, also designed for digital signatures. The standard employs the Sphincs+ algorithm, which has been renamed SLH-DSA, short for Stateless Hash-Based Digital Signature Algorithm. The standard is based on a different math approach than ML-DSA, and it is intended as a backup method in case ML-DSA proves vulnerable.

Similarly, when the draft FIPS 206 standard built around FALCON is released, the algorithm will be dubbed FN-DSA, short for FFT (fast-Fourier transform) over NTRU-Lattice-Based Digital Signature Algorithm.

This is a significant step in ensuring our data and systems are protected against threats that are on the horizon. The Register has a good article on this topic (NIST finalizes trio of post-quantum encryption standards) that I highly recommend you check out.

Sources:
* Mastodon.social
* Schneier.com: NIST Releases First Post-Quantum Encryption Algorithms

July 29, 2024

Detecting AI-Generated Videos using MISLnet

Filed under: Artificial Intelligence,My Thoughts — Suramya @ 11:43 PM

With new technology and ‘AI’ it is becoming easier and easier to create fake images that look realistic enough to fool the casual eye. The problem is that this can be used to promote lies or scams etc. So we need to be able to identify if a given image is AI generated or real. Unfortunately, this is something that is easier said than done because as soon as the detector comes up with a way to identify fake images, the generators make changes to fix the issue resulting in a on-going game of whack-a-mole. That being said, it is important that we can identify and there is a lot of fascinating work that is happening in this space.

In an actually useful implementation of AI, researchers have trained a system called MISLnet that searches for statistical traces left in synthetic images by their source generator. It looks for relationships between pixel color values that are present in images taken by a digital camera which are not there in the AI generated image. This allows the system to identify AI generated images with over 98% accuracy.

I read the paper Beyond Deepfake Images: Detecting AI-Generated Videos(PDF) and honestly a lot of it went over my head. But based on tests it seems that MISLnet does perform well in identifying AI generated images.

The new tool the research project is unleashing on deepfakes, called “MISLnet”, evolved from years of data derived from detecting fake images and video with tools that spot changes made to digital video or images. These may include the addition or movement of pixels between frames, manipulation of the speed of the clip, or the removal of frames.

Such tools work because a digital camera’s algorithmic processing creates relationships between pixel color values. Those relationships between values are very different in user-generated or images edited with apps like Photoshop.

But because AI-generated videos aren’t produced by a camera capturing a real scene or image, they don’t contain those telltale disparities between pixel values.

The Drexel team’s tools, including MISLnet, learn using a method called a constrained neural network, which can differentiate between normal and unusual values at the sub-pixel level of images or video clips, rather than searching for the common indicators of image manipulation like those mentioned above.

The tool specifically targets images taken with a digital camera. It does not take into consideration that the image might have been taken by an Analog camera or is a scan of a printed images. In both those scenarios the relationships between pixel color values that the tool uses to identify real images will not exist, potentially leading the tool to falsely classify the image as fake or AI generated.

That being said, this is pretty interesting research and I am looking forward to testing the tool once it is released for general use.

Source: Schneier on Security: New Research in Detecting AI-Generated Videos

– Suramya

June 20, 2024

Some thoughts on the current AI hype market

Filed under: Artificial Intelligence,My Thoughts — Suramya @ 11:22 PM

Found this hilarious but accurate write up on AI and how the current Hype is spoiling the industry: I Will Fucking Piledrive You If You Mention AI Again. It is a little rude, filled with profanity but accurately covers the current state of AI. It is filled with gems such as:

So it is with great regret that I announce that the next person to talk about rolling out AI is going to receive a complimentary chiropractic adjustment in the style of Dr. Bourne, i.e, I am going to fucking break your neck. I am truly, deeply, sorry.


Unless you are one of a tiny handful of businesses who know exactly what they’re going to use AI for, you do not need AI for anything – or rather, you do not need to do anything to reap the benefits. Artificial intelligence, as it exists and is useful now, is probably already baked into your businesses software supply chain. Your managed security provider is probably using some algorithms baked up in a lab software to detect anomalous traffic, and here’s a secret, they didn’t do much AI work either, they bought software from the tiny sector of the market that actually does need to do employ data scientists. I know you want to be the next Steve Jobs, and this requires you to get on stages and talk about your innovative prowess, but none of this will allow you to pull off a turtle neck, and even if it did, you would need to replace your sweaters with fullplate to survive my onslaught.

Consider the fact that most companies are unable to successfully develop and deploy the simplest of CRUD applications on time and under budget. This is a solved problem – with smart people who can collaborate and provide reasonable requirements, a competent team will knock this out of the park every single time, admittedly with some amount of frustration.

Most organizations cannot ship the most basic applications imaginable with any consistency, and you’re out here saying that the best way to remain competitive is to roll out experimental technology that is an order of magnitude more sophisticated than anything else your I.T department runs, which you have no experience hiring for, when the organization has never used a GPU for anything other than junior engineers playing video games with their camera off during standup

The current hype and insistence by companies to insert AI capabilities in everything whether it is needed or not is getting to the point where it is actively annoying and in some cases dangerous. The recent attempted release of Recall + Copilot by Microsoft is a good example of dangerous. Then we have companies releasing AI powered BIOS , that “interpret the PC user’s request, analyze their specific hardware, and parse through the LLM’s extensive knowledge base of BIOS and computer terminology to make the appropriate changes to the BIOS Setup. This breakthrough technology helps address a major hurdle for PC users that require or desire changes to their BIOS Setup for their personal computers but do not fully understand the meaning of the settings available to them.

I really don’t need AI in my mouse or use AI to create a perfect smoothie or the thousand other things folks are shoving AI into. ChatGPT can’t do simple addition or multipications and keeps making up stuff. Google’s AI Gemini recommends that people add glue to their pizza’s, it misidentified a poisonous mushroom as an edible one and there are many many more such cases out there (I have posted some examples earlier).

The problem is that folks (grifters to be honest) are selling AI as the cure all for all problems a company wants to solve. This is overshadowing the actual work being done in the field which is solving actual problems and use cases.

What we have right now is Machine Learning that has a good track record in predicting responses, but it is nothing close to being intelligent. A cat has more intelligence in it than the current ‘AI’. This is not to say that we won’t have AI systems in the future. I have been hearing the claim that AI is just around the corner for about 25 years now but we are not there yet.

June 18, 2024

Indian Startup Agnikul successfully launched worlds first fully 3D printed engine

Filed under: Astronomy / Space,Emerging Tech,My Thoughts — Suramya @ 5:27 PM

3D Printing is one of the few technologies from the last decade that has come close to accomplishing what it promised, some of the more Sci-fi style stuff is still in the works (Like 3D printing food) but for the most part it does what it promised unlike some of the other ‘ground-breaking’ tech like blockchain, NFT etc. etc. Folks have used 3D printing to print houses, sculptures, prosthetic eye and more.

On 30th May another major milestone was achieved proving the technology’s usefulness. An Indian Company called Agnikul tested its 3D printed Rocket by successfully launching it from the Satish Dhawan Space Center. The launch was a test of the engine block which was the world’s first rocket engine 3D printed as a single piece. The engine took just 72 hours to print and another two weeks to integrate with other systems. The rocket generated 6 kilonewtons of thrust during the test and flew 6.5 Kms into the air.

Now that the technology has been proven, the company is starting work on their commercial implementation of the engine called Agnibaan (Fire Arrow). Agnibaan will feature eight rockets and will be capable of carrying a 300-kilogram payload to an altitude of around 700 km. The configuration of the rocket will be modular allowing the team to configure it according to need.

In addition to being the worlds first 3D printed engine, Agnibaan was also India’s first launch from a privately owned launch pad. Thus far, all space launches were carried out from one of the two ISRO launch pads at Sriharikota. Agniaan on the other hand launched from a custom built launch pad called Dhanush (Bow). Dhanush is designed to support full mobility across all configurations of Agnibaan and is meant to be reusable.

With more private companies entering the market the Space Age has truly started in India.

Source: IEEE: Indian Startup 3D Prints Rocket Engine in Just 72 Hours

-Suramya

May 23, 2024

Windows 11 will feature builtin Spyware in the near future or Recall AI as Microsoft Calls it

Filed under: Artificial Intelligence,Computer Security,Computer Software,My Thoughts,Security Tools,Tech Related — Suramya @ 7:24 PM

Till recently if you wanted to spy on someone and see what they have been doing on the computer, you had to infect their computer by making them visit a dodgy site or get physical access and download a RAT (Remote Access Trojan) & install it on the target’s computer, configure the Antivirus to ignore it and put in a backdoor so that you can access the data remotely. Obviously this was a lot of work so looks like some cyber criminals reached out to Microsoft (MS) and asked for help. MS being a super helpful company, has added a functionality called ‘Windows Recall’ to it’s windows 11 Preview build to solve this. Recall takes a snapshot (literally) of the screen every few seconds and stores it in a searchable database ‘stored locally’. Basically it does exactly what spyware does without having to install anything new on your system. As per the company below is how the Recall works:

Recall uses Copilot+ PC advanced processing capabilities to take images of your active screen every few seconds. The snapshots are encrypted and saved on your PC’s hard drive. You can use Recall to locate the content you have viewed on your PC using search or on a timeline bar that allows you to scroll through your snapshots. Once you find the snapshot that you were looking for in Recall, it will be analysed and offer you options to interact with the content. What actions you can take depend on the content and the chat provider capabilities in Copilot in Windows. For example, you may highlight a block of text and decide to summarise it, translate it, or open it with a text editor like Word or Notepad. If you highlight an image, you will be able to edit it or use your chat provider in Copilot in Windows to find or create a similar image.

Recall will also enable you to open the snapshot in the original application in which it was created, and, as Recall is refined over time, it will open the actual source document, website or email in a screenshot. This functionality will be improved during Recall’s preview phase.

The best part is that according to their own announcement the snapshots will not hide passwords/account numbers etc. However, it does block you from recording DRM’d video you might be watching because protecting that is important not simple things like personal information etc.

Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry.

This is a gold mine for data thieves, abusers, industrial espionage, identity thieves and other cyber criminals. Once they have access to a PC they don’t need to do anything else except copy the data from the Recall DB to their own system and happily browse through the users personal data at their leisure.

I don’t think MS has thought about folks who use public computers such as the ones in an Internet Cafe or Hotels or Libraries. With this feature enabled all someone has to do is wait a few days then come back and copy incredibly private information that they can then sell/use. Privacy and Domestic Abuse experts are raising questions about this as well because sure as night follows day, abusers will use this to track what their victims are doing on a computer and that can go bad very quickly.

Even if the data is supposedly only on the local machine we don’t know when MS is going to force it to be uploaded to their servers using OneDrive or other similar setups. All the coverage I have seen for this functionality 99% of them have raised similar concerns about the security, privacy and quite frankly the need for this kind of surveillance.

Imagine what would a regieme like Taliban, China or other conservative/restrictive governments do with information they get from this system. You are dreaming if you think that they will not force MS to make this information available to them at the risk of losing access to that market if they don’t. Once you have the capability to do this, feature creep will happen for sure and we will end up in a Surveillance state.

The only Windows 11 system at my place is my wife’s laptop and you can be sure that I am going to disable this ‘feature’ as soon as it launches.

Source: Bleepingcomputer: Windows 11 Recall AI feature will record everything you do on your PC

– Suramya

May 17, 2024

Yeah, AI replacing us is not happening anytime soon

Filed under: Artificial Intelligence,My Thoughts — Suramya @ 10:49 AM

We are nowhere near having an actual AI, the current implementations we have are not even as intelligent as a cat or a dog forget humans. We do have amazing work being done on Machine Learning and Predictive software but nothing is even close to being intelligent. What we have right now is a scholastic parrot pretending to generate amazing information. To top it all, all the grifters are out in force scamming people by claiming AI is the cure for everything, the same way NFT’s and Blockchain were going to cure all the ills of the world.

I have been hearing claims that AI is ready to replace developers/low paid jobs etc for over 25 years now with similar results at the end of the day. Some of the examples I found over the past few weeks showcasing the amazing power of AI:


‘sun’ & ‘den’ are 4 character words as per AI


Would you like a Bananum?


The Entire Devin AI demo was faked. The developers lied about the entire thing and made a ton of money


Yup, we can totally say that an irrational number with never ending decimal places after 3 has the last 5 digits as ‘65359’

There are so many more of these examples I can share… Please don’t buy into the hype, look at the facts and make a decision.

– Suramya

May 16, 2024

Google claims to have created AI to detect scams in realtime by listening to all your calls

Filed under: Artificial Intelligence,Computer Software,My Thoughts,Tech Related — Suramya @ 6:58 PM

Scams are getting more and more common nowadays, with folks loosing a lot of money due to this. We absolutely need more ways to detect and warn people about scams but I don’t think this is the right approach. By ‘this’, I am talking about Google’s recent announcement at Google I/O to use Gemini Nano to alert users to potential scams during a phone call.

The feature, which will be built into a future version of Android, uses Gemini Nano, the smallest version of Google’s generative AI offering, which can be run entirely on-device. The system effectively listens for “conversation patterns commonly associated with scams” in real time. Google gives the example of someone pretending to be a “bank representative.” Common scammer tactics like password requests and gift cards will also trigger the system. These are all pretty well understood to be ways of extracting your money from you, but plenty of people in the world are still vulnerable to these sorts of scams. Once set off, it will pop up a notification that the user may be falling prey to unsavory characters.

In order for the functionality to work we would have to give Google full and complete access to all our phonecalls & audio during the call. I don’t know about you but I don’t want to give this kind of personal data over to a company that has already lied about the data they collect (referring to the recent lawsuit on their tracking the web-browsing habits of users in incognito mode that they settled last month).

– Suramya

Source: Slashdot: Google Will Use Gemini To Detect Scams During Calls

May 15, 2024

Leftover Yeast from Beer Brewing can be used to Recycle Metals from E-waste

Filed under: Emerging Tech,My Thoughts,Tech Related — Suramya @ 6:42 PM

Lots of People like beer and now they can pretend that the only reason that they are drinking beer is to help in recycling metals from e-waste. Basically in a new study published in Frontiers in Bioengineering and Biotechnology, researchers found that re­­­sidual yeast sludge generated after beer is brewed is very good at isolating and taking up specific metals from a solution of mixed metals.

This would mean that it can be used to extract metals from e-waste, which is currently a very inefficient process that requires a lot of energy and manual effort, plus it generates a lot of toxic gases which kind of negates the whole point of recycling.

The researchers rinsed, froze, dried and ground up 20 liters of residue with inactive yeast from a brewery. Next they added some of the yeast to solutions containing a laboratory-made mix of aluminum, copper, nickel and zinc, then added some to solutions with those same metals leached directly from scrapped printed circuit boards. The researchers adjusted the mixtures’ acidity and temperature to alter the charge of sugar molecules on the yeast organisms’ surfaces; particular metals are drawn to specific charges on the sugars, so this process controlled which metals the yeast attracted and bound. After each attempt, the scientists extracted the yeast and soaked it in an acid bath to remove the metals from it, leaving the yeast ready for another round.

The four tested metals are relatively inexpensive, and most e-waste recyclers currently prioritize recovering more valuable ones such as gold, silver and platinum. But the study’s metals are still beneficial and widely used—which “justifies the recycling process,” says Treavor Boyer, an environmental engineer at Arizona State University. Kerry Bloom, a biologist at the University of North Carolina at Chapel Hill, adds that the yeast’s low price and sheer abundance could make the technique relatively feasible at a large scale

Setting up a recycling plant near a brewery would make this a cost efficient way to recycle metals. In fact in the traditional recycling methods we focus on metals like gold, silver and platinum because it is not cost effective to recycle metals like zinc, aluminum etc. So the new method can increase the amount of metal recycled at a lower cost. However, the paper doesn’t say if they tested it on the more expensive metals or not. I doubt they did, because if they had it would have been a great advantage to move to the new process.

Obviously, the process is still experiemental and needs a lot more refining and work before it can be used in an industrial scale. But it is a great step forward.

Source: Scientificamerican.com: After Brewing Beer, Yeast Can Help Recycle Metals from E-waste

– Suramya

May 13, 2024

Please don’t use AI to cheat on your interview no matter how tempting it sounds

Filed under: Artificial Intelligence,Computer Software,My Thoughts,Tech Related — Suramya @ 9:17 AM

Interviews are hard and at times folks who are really good at work don’t do that well in interviews. This could be because of nervousness, anxiety or just bad timing/questions. However, that doesn’t mean that you should cheat in the interview because trust me, you will get caught. Having been in the industry for over 24 years, I have seen multiple instances where folks decided to cheat in the interview thinking they would get away with it but in the end all of them were caught and ended up getting blacklisted in the company. In some cases it can even lead to charges & cases being filed against you.

Now that AI is getting into everything, it was inevitable that it would enter the interview world as well as an cheating aid. Enter www.milio.ooo/. They don’t even attempt to hide the fact that this tool is meant to help candidates cheat in their interviews. From their website, right at the top “Job adverts cheat, so why can’t you?”. I mean it doesn’t get more blatant than that… As per the description on their site the software listens into the audio stream of the interview and then displays the answer on the screen for you to parrot out. A sample question and answer featured on the site is shown below:

What digital marketing tools and platforms are you familiar with? I have experience working with a variety of digital marketing tools and platforms, including: - Google Analytics: I have used Google Analytics extensively to track website traffic, user behavior, and conversion rates. I am comfortable setting up custom reports, analyzing data, and identifying opportunities for optimization. - HubSpot: I have experience using HubSpot for marketing automation, lead nurturing, and CRM integration. I have created email campaigns, landing pages, and workflows to drive engagement and conversions.
Sample answer to a question generated by the cheating software

The site doesn’t explain how it ensures that its responses actually match what is in your resume abd I doubt there is much of that happening here. In anycase, I do understand folks who are desperate can end up using tools like this one to get a job. But while it might look like a good bet in the short term it will get you in trouble in the long term. If the people trying to cheat actually put in the effort they put into cheating the system into actually learning the system they would be much better off.

Please remember that the folks who are taking the interviews (like me) have been doing this for a while and it is quite easy to figure out that someone is reading an answer off the screen. In the past we used to listen for keyboard sounds to figure out if someone was googling for answers but with this ‘AI’ listening that tell is no longer there. However, if this is on a video interview I can still figure out that you are reading off the screen by looking at you.

Also remember, most large companies do have face to face interviews as well and a final fit round before rolling out an offer letter. I have had an example in one of my previous companies where a person who had cleared all the phone interviews was in office for the final rounds and one of the interviewers asked them a basic clarification question and they were unable to answer, so the interviewer got suspicious and asked more probing questions. Finally the candidate admitted that someone else had taken the phone interview (this was before video calls/interviews) and they ended up getting blacklisted and obviously didn’t get a job. Even with video interviews, one of the candidates was recently caught lip-syncing the answers that someone else was giving.

This actually gave me an idea for a project (which I might or might not work on). Basically, a lot of times in meetings we talk about technologies or projects we are working on and sometimes I end up making a note for myself to look up something post the call because I wasn’t sure of what it does. It would be really cool to have an assistant/program running in the background that continuously gave information & links to additional information when people talk about projects or technologies or past discussions. I doubt it would be good enough to only give information I would need but it could be an interesting addition to make a person more productive. Basically the same technology used in this site but instead of interview answers actually giving links to more information along with summaries etc.

Long story short, please don’t cheat on interviews no matter what tech is powering the cheat tool.

– Suramya

« Newer PostsOlder Posts »

Powered by WordPress