Cloud

Researchers Discover Flaws In Five End-to-End Encrypted Cloud Services (scworld.com) 33

SC World reports: Several major end-to-end encrypted cloud storage services contain cryptographic flaws that could lead to loss of confidentiality, file tampering, file injection and more, researchers from ETH Zurich said in a paper published this month.

The five cloud services studied offer end-to-end encryption (E2EE), intended to ensure files can not be read or edited by anyone other than the uploader, meaning not even the cloud storage provider can access the files. However, ETH Zurich researchers Jonas Hofmann and Kien Tuong Truong, who presented their findings at the ACM Conference on Computer and Communications Security (CCS) last week, found serious flaws in four out of the five services that could effectively bypass the security benefits provided by E2EE by enabling an attacker who managed to compromise a cloud server to access, tamper with or inject files.

The E2EE cloud storage services studied were Sync, pCloud, Seafile, Icedrive and Tresorit, which have a collective total of about 22 million users. Tresorit had the fewest vulnerabilities, which could enable some metadata tampering and use of non-authentic keys when sharing files. The other four services were found to have more severe flaws posing a greater risk to file confidentiality and integrity.

BleepingComputer reports that Sync is "fast-tracking fixes," while Seafile "promised to patch the protocol downgrade problem on a future upgrade." And SC World does note that all 10 of the tested exploits "would require the attacker to have already gained control of a server with the ability to read, modify and inject data.

"The authors wrote that they consider this to be a realistic threat model for E2EE services, as these services are meant to protect files even if such a compromise was to occur."

Thanks to Slashdot reader spatwei for sharing the article.
Bug

Apple Will Pay Security Researchers Up To $1 Million To Hack Its Private AI Cloud 6

An anonymous reader quotes a report from TechCrunch: Ahead of the debut of Apple's private AI cloud next week, dubbed Private Cloud Compute, the technology giant says it will pay security researchers up to $1 million to find vulnerabilities that can compromise the security of its private AI cloud. In a post on Apple's security blog, the company said it would pay up to the maximum $1 million bounty to anyone who reports exploits capable of remotely running malicious code on its Private Cloud Compute servers. Apple said it would also award researchers up to $250,000 for privately reporting exploits capable of extracting users' sensitive information or the prompts that customers submit to the company's private cloud.

Apple said it would "consider any security issue that has a significant impact" outside of a published category, including up to $150,000 for exploits capable of accessing sensitive user information from a privileged network position. "We award maximum amounts for vulnerabilities that compromise user data and inference request data outside the [private cloud compute] trust boundary," Apple said.
You can learn more about Apple's Private Cloud Computer service in their blog post. Its source code and documentation is available here.
Math

Former Nvidia Engineer Discovers 41-Million-Digit Prime (tomshardware.com) 29

Former Nvidia engineer Luke Durant, working with the Great Internet Mersenne Prime Search (GIMPS), recently discovered the largest known prime number: (2^136,279,841)-1 or M136279841 (where the number following the letter M represents the exponent). The achievement was detailed on Mersenne.org. Tom's Hardware reports: This is the largest prime number we've seen so far, with the last one, M82589933, being discovered six years prior. What makes this discovery particularly fascinating is that this is the first GIMPS discovery that used the power of data center GPUs. Mihai Preda was the first one to harness GPU muscle in 2017, says the GIMPS website, when he "wrote the GpuOwl program to test Mersenne numbers for primarilty, making his software available to all GIMPS users." When Luke joined GIMPS in 2023, they built the infrastructure needed to deploy Preda's software across several GPU servers available in the cloud.

While it took a year of testing, Luke's efforts finally bore fruit when an A100 GPU in Dublin, Ireland gave the M136279841 result last October 11. This was then corroborated by an Nvidia H100 located in San Antonio, Texas, which confirmed its primality with the Lucas-Lehmer test.

AI

Anthropic's AI Model Gains Computer Control in New Upgrade (anthropic.com) 8

Anthropic has released an upgraded version of its AI model Claude 3.5 Sonnet and announced a new model, Claude 3.5 Haiku, alongside a public beta feature enabling AI to operate computers like humans. The enhanced Sonnet model improved its coding capabilities, scoring 49% on the SWEbench Verified benchmark, surpassing OpenAI and other competitors. The Haiku model matches the performance of Anthropic's previous flagship Claude 3 Opus while maintaining lower costs and faster speeds.

The computer use feature, available through Anthropic's API and cloud partners, allows Claude to perform tasks like navigating web browsers, filling forms, and manipulating data. Early adopters include Asana, DoorDash, and Replit, though Anthropic -- backed by investors including Google and Amazon -- acknowledges the feature remains experimental and error-prone. Claude 3.5 Haiku will launch later this month, initially supporting text-only inputs with image capabilities to follow.
Businesses

Basecamp-Maker 37Signals Says Its 'Cloud Exit' Will Save It $10 Million Over 5 Years (arstechnica.com) 83

An anonymous reader quotes a report from Ars Technica: 37Signals is not a company that makes its policy or management decisions quietly. The productivity software company was an avowedly Mac-centric shop until Apple's move to kill home screen web apps (or Progressive Web Apps, or PWAs) led the firm and its very-public-facing co-founder, David Heinemeier Hansson, to declare a "Return to Windows," followed by a stew of Windows/Mac/Linux. The company waged a public battle with Apple over its App Store subscription policies, and the resulting outcry helped nudge Apple a bit. 37Signals has maintained an active blog for years, its co-founders and employees have written numerous business advice books, and its blog and social media posts regularly hit the front pages of Hacker News.

So when 37Signals decided to pull its seven cloud-based apps off Amazon Web Services in the fall of 2022, it didn't do so quietly or without details. Back then, Hansson described his firm as paying "an at times almost absurd premium" for defense against "wild swings or towering peaks in usage." In early 2023, Hansson wrote that 37Signals expected to save $7 million over five years by buying more than $600,000 worth of Dell server gear and hosting its own apps.

Late last week, Hansson had an update: it's more like $10 million (and, he told the BBC, more like $800,000 in gear). By squeezing more hardware into existing racks and power allowances, estimating seven years' life for that hardware, and eventually transferring its 10 petabytes of S3 storage into a dual-DC Pure Storage flash array, 37Signals expects to save money, run faster, and have more storage available. "The motto of the 2010s and early 2020s -- all-cloud, everything, all the time -- seems to finally have peaked," Hansson writes. "And thank heavens for that!" He adds the caveat that companies with "enormous fluctuations in load," and those in early or uncertain stages, still have a place in the cloud.

AI

Is the Microsoft-OpenAI 'Bromance' Beginning to Fray? (seattletimes.com) 30

Though Sam Altman once called OpenAI's partnership with Microsoft "the best bromance in tech," now "ties between the companies have started to fray" reports the New York Times — citing interviews with 19 people "familiar with the relationship". [Alternate URL here.]

Among other things, Satya Nadella "has said privately that Altman's firing in November shocked and concerned him, according to five people with knowledge of his comments. Since then, Microsoft has started to hedge its bet on OpenAI," and reconsidered new investments beyond its initial $13 billion — even as OpenAI expects to lose $5 billion this year That tension demonstrates a key challenge for AI startups: They are dependent on the world's tech giants for money and computing power because those big companies control the massive cloud computing systems the small outfits need to develop AI... Over the past year, OpenAI has been trying to renegotiate the deal to help it secure more computing power and reduce crushing expenses while Microsoft executives have grown concerned that their AI work is too dependent on OpenAI... [I]n March, Microsoft paid at least $650 million to hire most of the staff from Inflection, an OpenAI competitor...

In June, Microsoft agreed to an exception in [OpenAI's] contract, six people with knowledge of the change said. That allowed OpenAI to sign a roughly $10 billion computing deal with Oracle for additional computing resources, according to two people familiar with the deal. Oracle is providing computers packed with chips suited to building AI, while Microsoft provides the software that drives the hardware... While it was looking for computer power alternatives, OpenAI also raced to broaden its investors, according to two people familiar with the company's plan. Part of the plan was to secure strategic investments from organizations that could bolster OpenAI's prospects in ways beyond throwing around money. Those organizations included Apple, chipmaker Nvidia, and MGX, a tech investment firm controlled by the United Arab Emirates... Earlier this month, OpenAI closed a $6.6 billion funding round led by Thrive Capital, with additional participation from Nvidia, MGX and others. Apple did not invest, but Microsoft also participated in the funding round.

OpenAI expected to spend at least $5.4 billion in computing costs through the end of 2024, according to documents reviewed by The New York Times. That amount was expected to skyrocket over the next five years as OpenAI expanded, soaring to an estimated $37.5 billion in annual computing costs by 2029, the documents showed... Still, OpenAI employees complain that Microsoft is not providing enough computing power, according to three people familiar with the relationship. And some have complained that if another company beat it to the creation of AI that matches the human brain, Microsoft will be to blame because it hasn't given OpenAI the computing power it needs, according to two people familiar with the complaints.

Oddly, that could be the key to getting out from under its contract with Microsoft. The contract contains a clause that says that if OpenAI builds artificial general intelligence, or AGI — roughly speaking, a machine that matches the power of the human brain — Microsoft loses access to OpenAI's technologies.

Security

Microsoft's Honeypots Lure Phishers at Scale - to Spy on Them and Waste Their Time (bleepingcomputer.com) 21

A principal security software engineer at Microsoft described how they use their Azure cloud platform "to hunt phishers at scale," in a talk at the information security conference BSides Exeter.

Calling himself Microsoft's "Head of Deception." Ross Bevington described how they'd created a "hybrid high interaction honeypot" on the now retired code.microsoft.com "to collect threat intelligence on actors ranging from both less skilled cybercriminals to nation state groups targeting Microsoft infrastructure," according to a report by BleepingComputer: With the collected data, Microsoft can map malicious infrastructure, gain a deeper understanding of sophisticated phishing operations, disrupt campaigns at scale, identify cybercriminals, and significantly slow down their activity... Bevington and his team fight phishing by leveraging deception techniques using entire Microsoft tenant environments as honeypots with custom domain names, thousands of user accounts, and activity like internal communications and file-sharing...

In his BSides Exeter presentation, the researcher says that the active approach consists in visiting active phishing sites identified by Defender and typing in the credentials from the honeypot tenants. Since the credentials are not protected by two-factor authentication and the tenants are populated with realistic-looking information, attackers have an easy way in and start wasting time looking for signs of a trap. Microsoft says it monitors roughly 25,000 phishing sites every day, feeding about 20% of them with the honeypot credentials; the rest are blocked by CAPTCHA or other anti-bot mechanisms.

Once the attackers log into the fake tenants, which happens in 5% of the cases, it turns on detailed logging to track every action they take, thus learning the threat actors' tactics, techniques, and procedures. Intelligence collected includes IP addresses, browsers, location, behavioral patterns, whether they use VPNs or VPSs, and what phishing kits they rely on... The deception technology currently wastes an attacker 30 days before they realize they breached a fake environment. All along, Microsoft collects actionable data that can be used by other security teams to create more complex profiles and better defenses.

Science

MIT Researchers Build Solar-Powered Low-Cost Drinking Water Desalination System (mit.edu) 54

MIT engineers have built a solar-powered desalination system that "ramps up its desalting process and automatically adjusts to any sudden variation in sunlight, for example by dialing down in response to a passing cloud or revving up as the skies clear."

While traditional reverse osmosis systems typically require steady power levels, "the MIT system requires no extra batteries for energy storage, nor a supplemental power supply, such as from the grid." And their results were pretty impressive: The engineers tested a community-scale prototype on groundwater wells in New Mexico over six months, working in variable weather conditions and water types. The system harnessed on average over 94 percent of the electrical energy generated from the system's solar panels to produce up to 5,000 liters of water per day despite large swings in weather and available sunlight... "Being able to make drinking water with renewables, without requiring battery storage, is a massive grand challenge," says Amos Winter, the Germeshausen Professor of Mechanical Engineering and director of the K. Lisa Yang Global Engineering and Research Center at MIT. "And we've done it."

The system is geared toward desalinating brackish groundwater — a salty source of water that is found in underground reservoirs and is more prevalent than fresh groundwater resources. The researchers see brackish groundwater as a huge untapped source of potential drinking water, particularly as reserves of fresh water are stressed in parts of the world. They envision that the new renewable, battery-free system could provide much-needed drinking water at low costs, especially for inland communities where access to seawater and grid power are limited...

The researchers' report details the new system in a paper appearing in Nature Water. The study's co-authors are Bessette, Winter, and staff engineer Shane Pratt... "Our focus now is on testing, maximizing reliability, and building out a product line that can provide desalinated water using renewables to multiple markets around the world," Pratt adds. The team will be launching a company based on their technology in the coming months.

This research was supported in part by the National Science Foundation, the Julia Burke Foundation, and the MIT Morningside Academy of Design. This work was additionally supported in-kind by Veolia Water Technologies and Solutions and Xylem Goulds.

Thanks to long-time Slashdot reader schwit1 for sharing the news.
AMD

Spectre Flaws Still Haunt Intel, AMD as Researchers Found Fresh Attack Method (theregister.com) 33

"Six years after the Spectre transient execution processor design flaws were disclosed, efforts to patch the problem continue to fall short," writes the Register: Johannes Wikner and Kaveh Razavi of Swiss University ETH Zurich on Friday published details about a cross-process Spectre attack that derandomizes Address Space Layout Randomization and leaks the hash of the root password from the Set User ID (suid) process on recent Intel processors. The researchers claim they successfully conducted such an attack.... [Read their upcomong paper here.] The indirect branch predictor barrier (IBPB) was intended as a defense against Spectre v2 (CVE-2017-5715) attacks on x86 Intel and AMD chips. IBPB is designed to prevent forwarding of previously learned indirect branch target predictions for speculative execution. Evidently, the barrier wasn't implemented properly.

"We found a microcode bug in the recent Intel microarchitectures — like Golden Cove and Raptor Cove, found in the 12th, 13th and 14th generations of Intel Core processors, and the 5th and 6th generations of Xeon processors — which retains branch predictions such that they may still be used after IBPB should have invalidated them," explained Wikner. "Such post-barrier speculation allows an attacker to bypass security boundaries imposed by process contexts and virtual machines." Wikner and Razavi also managed to leak arbitrary kernel memory from an unprivileged process on AMD silicon built with its Zen 2 architecture.

Videos of the Intel and AMD attacks have been posted, with all the cinematic dynamism one might expect from command line interaction.

Intel chips — including Intel Core 12th, 13th, and 14th generation and Xeon 5th and 6th — may be vulnerable. On AMD Zen 1(+) and Zen 2 hardware, the issue potentially affects Linux users. The relevant details were disclosed in June 2024, but Intel and AMD found the problem independently. Intel fixed the issue in a microcode patch (INTEL-SA-00982) released in March, 2024. Nonetheless, some Intel hardware may not have received that microcode update. In their technical summary, Wikner and Razavi observe: "This microcode update was, however, not available in Ubuntu repositories at the time of writing this paper." It appears Ubuntu has subsequently dealt with the issue.

AMD issued its own advisory in November 2022, in security bulletin AMD-SB-1040. The firm notes that hypervisor and/or operating system vendors have work to do on their own mitigations. "Because AMD's issue was previously known and tracked under AMD-SB-1040, AMD considers the issue a software bug," the researchers explain. "We are currently working with the Linux kernel maintainers to merge our proposed software patch."

BleepingComputer adds that the ETH Zurich team "is working with Linux kernel maintainers to develop a patch for AMD processors, which will be available here when ready."
Microsoft

Microsoft Says It Lost Weeks of Security Logs For Its Customers' Cloud Products (techcrunch.com) 35

Microsoft has notified customers that it's missing more than two weeks of security logs for some of its cloud products, leaving network defenders without critical data for detecting possible intrusions. From a report: According to a notification sent to affected customers, Microsoft said that "a bug in one of Microsoft's internal monitoring agents resulted in a malfunction in some of the agents when uploading log data to our internal logging platform" between September 2 and September 19.

The notification said that the logging outage was not caused by a security incident, and "only affected the collection of log events." Business Insider first reported the loss of log data earlier in October. Details of the notification have not been widely reported. As noted by security researcher Kevin Beaumont, the notifications that Microsoft sent to affected companies are likely accessible only to a handful of users with tenant admin rights. Logging helps to keep track of events within a product, such as information about users signing in and failed attempts, which can help network defenders identify suspected intrusions. Missing logs could make it more difficult to identify unauthorized access to the customers' networks during that two-week window.

AI

Cheap AI 'Video Scraping' Can Now Extract Data From Any Screen Recording (arstechnica.com) 25

An anonymous reader quotes a report from Ars Technica: Recently, AI researcher Simon Willison wanted to add up his charges from using a cloud service, but the payment values and dates he needed were scattered among a dozen separate emails. Inputting them manually would have been tedious, so he turned to a technique he calls "video scraping," which involves feeding a screen recording video into an AI model, similar to ChatGPT, for data extraction purposes. What he discovered seems simple on its surface, but the quality of the result has deeper implications for the future of AI assistants, which may soon be able to see and interact with what we're doing on our computer screens.

"The other day I found myself needing to add up some numeric values that were scattered across twelve different emails," Willison wrote in a detailed post on his blog. He recorded a 35-second video scrolling through the relevant emails, then fed that video into Google's AI Studio tool, which allows people to experiment with several versions of Google's Gemini 1.5 Pro and Gemini 1.5 Flash AI models. Willison then asked Gemini to pull the price data from the video and arrange it into a special data format called JSON (JavaScript Object Notation) that included dates and dollar amounts. The AI model successfully extracted the data, which Willison then formatted as CSV (comma-separated values) table for spreadsheet use. After double-checking for errors as part of his experiment, the accuracy of the results -- and what the video analysis cost to run -- surprised him.

"The cost [of running the video model] is so low that I had to re-run my calculations three times to make sure I hadn't made a mistake," he wrote. Willison says the entire video analysis process ostensibly cost less than one-tenth of a cent, using just 11,018 tokens on the Gemini 1.5 Flash 002 model. In the end, he actually paid nothing because Google AI Studio is currently free for some types of use.

Crime

US Charges Duo Behind 'Anonymous Sudan' For Over 35,000 DDoS Attacks (hackread.com) 33

An anonymous reader quotes a report from Hackread: The United States Department of Justice (DoJ) has indicted two Sudanese nationals for their alleged role in operating the hacktivist group Anonymous Sudan. The group claimed fame for conducting "tens of thousands" of large-scale and crippling Distributed Denial of Service attacks (DDoS attacks) targeting critical infrastructure, corporate networks, and government agencies globally. Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, stand accused of conspiracy to damage protected computers. Ahmed Salah faces additional charges for damaging protected computers. The duo is believed to have controlled Anonymous Sudan, which, since early 2023, launched attacks on high-profile entities such as ChatGPT, UAE's Flydubai Airline, London Internet Exchange, Microsoft, and the Israeli BAZAN Group.

The group and its clients also utilized the Distributed Cloud Attack Tool (DCAT) to conduct over 35,000 DDoS attacks. These attacks targeted sensitive government and critical infrastructure in the U.S. and globally, including the Department of Justice, Department of Defense, FBI, State Department, and Cedars-Sinai Medical Center in Los Angeles. The attacks, which sometimes lasted days, reportedly caused major damage, often crippling websites and networks. For instance, the attack on Cedars-Sinai Medical Center forced the redirection of incoming patients for eight hours, causing over $10 million in damages to U.S. victims.

Social Networks

Bluesky Is Now Courting Threads Users (thurrott.com) 12

Bluesky, the decentralized social network cofounded by Jack Dorsey, created a Threads account to court users frustrated by Meta's moderation issues. Thurrott reports: This week, the Bluesky team also used Threads to share some tips on how to get started on Bluesky, how to get more engagement, and more. The company also emphasized its decentralized structure and more extensive customization options, with the app recently introducing a new theme font, adjustable font sizing, and the ability to pin posts on top of profiles.

Bluesky also couldn't resist to engage in some strange trolling this week. "We're not like the other girls ... we're not owned by a billionaire," the team wrote on Threads yesterday. Of course, this the post that got the most engagement on the Bluesky Threads account with close to 500 comments as of this writing.

AMD

AMD Launches AI Chip To Rival Nvidia's Blackwell (cnbc.com) 30

AMD is launching a new chip to rival Nvidia's upcoming Blackwell chips, which Nvidia called the "world's most powerful chip" for AI when unveiled earlier this year. CNBC reports: The Instinct MI325X, as the chip is called, will start production before the end of 2024, AMD said Thursday during an event announcing the new product. If AMD's AI chips are seen by developers and cloud giants as a close substitute for Nvidia's products, it could put pricing pressure on Nvidia, which has enjoyed roughly 75% gross margins while its GPUs have been in high demand over the past year. In the past few years, Nvidia has dominated the majority of the data center GPU market, but AMD is historically in second place. Now, AMD is aiming to take share from its Silicon Valley rival or at least to capture a big chunk of the market, which it says will be worth $500 billion by 2028.

AMD didn't reveal new major cloud or internet customers for its Instinct GPUs at the event, but the company has previously disclosed that both Meta and Microsoft buy its AI GPUs and that OpenAI uses them for some applications. The company also did not disclose pricing for the Instinct MI325X, which is typically sold as part of a complete server. With the launch of the MI325X, AMD is accelerating its product schedule to release new chips on an annual schedule to better compete with Nvidia and take advantage of the boom in AI chips. The new AI chip is the successor to the MI300X, which started shipping late last year. AMD's 2025 chip will be called MI350, and its 2026 chip will be called MI400, the company said.

Security

Windows 11's New Passkey Design Includes Cloud Syncing, 1Password Integration (theverge.com) 19

Microsoft is enhancing passkey support in Windows 11 with a redesigned Windows Hello experience that allows users to sync passkeys to their Microsoft account or third-party providers like 1Password and Bitwarden. The Verge reports: A new API for third-party password and passkey managers means developers can plug directly into the Windows 11 experience, so you can use the same passkey from your mobile device to authenticate on your PC. Right now it's possible in some apps to do this through QR codes and other ways to authenticate from a mobile device, but Microsoft's full support means the passkeys experience on Windows is about to get a lot better.

Microsoft is also redesigning the Windows Hello prompt, including the ability to setup syncing of passkeys to your Microsoft account or saving them elsewhere. Once you've completed a one-time setup process you can use facial recognition, fingerprint, or PIN to authenticate with a passkey across multiple Windows 11 devices.
Windows Insiders will get access to these new passkey features "in the coming months."
Businesses

Foxconn Building Nvidia Superchip Facility In Mexico (reuters.com) 38

Foxconn has chosen Mexico for the site of the world's largest manufacturing facility for Nvidia's GB200 superchips. These chips are a "key component of the U.S. firm's next-generation Blackwell family computing platform," notes Reuters. From the report: "We're building the largest GB200 production facility on the planet," said Benjamin Ting, Foxconn senior vice president for the cloud enterprise solutions business group. Nvidia said in August that it had started shipping Blackwell samples to its partners and customers after tweaking its design, and expected several billion dollars in revenue from these chips in the fourth quarter. Ting said the partnership between his company and Nvidia was very important and everyone was asking for Nvidia's Blackwell platform. "The demand is awfully huge," Ting said at the company's annual tech day in Taipei, standing next to Nvidia's vice president for AI and robotics, Deepu Talla.

Speaking to reporters later, Foxconn Chairman Young Liu said the plant was being built in Mexico, and that the capacity there would be "very, very enormous". He did not elaborate. Foxconn already has a large manufacturing presence in Mexico and has invested more than $500 million to date in the state of Chihuahua. Liu said the company's supply chain was ready for the AI revolution, adding its manufacturing capabilities include the "advanced liquid cooling and heat dissipation technologies necessary to complement the GB200 server's infrastructure."

Hardware

Global Semiconductor Sales Up 20.6% To Record $53.1 Billion (theregister.com) 3

Global semiconductor sales recorded a 20.6% year-on-year increase in August to $53.1 billion, according to the Semiconductor Industry Association (SIA). The Register reports: The Americas led the way, with sales up 43.9 percent to $15.4 billion over last year to notch up what may be the highest on record for August, the SIA said. This comes on the back of swelling demand from sectors such as AI, cloud computing, and automotive. Over in Asia-Pacific sales grew year-on-year by 17.1 percent to $10.95 billion, according to the World Semiconductor Trade Statistics organization, which compiles these stats for the SIA. China was up 19.2 percent to $13 billion and Japan grew two percent to $4 billion.

Europe was the outlier, recording a nine percent drop to $4.7 billion. No reason was given for this decline. However, on a worldwide basis, all continents returned positive month-on-month numbers in August for the first time since October 2023, indicating that the semiconductor industry is on a path to recovery.

AI

A Single Cloud Compromise Can Feed an Army of AI Sex Bots (krebsonsecurity.com) 28

An anonymous reader quotes a report from KrebsOnSecurity: Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape. Researchers at security firm Permiso Security say attacks against generative artificial intelligence (AI) infrastructure like Bedrock from Amazon Web Services (AWS) have increased markedly over the last six months, particularly when someone in the organization accidentally exposes their cloud credentials or key online, such as in a code repository like GitHub.

Investigating the abuse of AWS accounts for several organizations, Permiso found attackers had seized on stolen AWS credentials to interact with the large language models (LLMs) available on Bedrock. But they also soon discovered none of these AWS users had enabled logging (it is off by default), and thus they lacked any visibility into what attackers were doing with that access. So Permiso researchers decided to leak their own test AWS key on GitHub, while turning on logging so that they could see exactly what an attacker might ask for, and what the responses might be. Within minutes, their bait key was scooped up and used in a service that offers AI-powered sex chats online.

"After reviewing the prompts and responses it became clear that the attacker was hosting an AI roleplaying service that leverages common jailbreak techniques to get the models to accept and respond with content that would normally be blocked," Permiso researchers wrote in a report released today. "Almost all of the roleplaying was of a sexual nature, with some of the content straying into darker topics such as child sexual abuse," they continued. "Over the course of two days we saw over 75,000 successful model invocations, almost all of a sexual nature."

Microsoft

Microsoft Exec Tells Staff There Won't Be an Amazon-style Return-to-Office Mandate Unless Productivity Drops (yahoo.com) 56

Microsoft won't impose a new return-to-office mandate unless management concludes that productivity has dropped, a high-level exec has reportedly told workers. From a report: The software and cloud-computing giant currently allows employees to work remotely, with many new hires promised the flexibility of working from home at least half the week. But that isn't written in stone. According to two anonymous sources that spoke with Business Insider, executive vice president Scott Guthrie recently told staff at his Microsoft's Cloud and AI group, which includes Azure, that a policy change isn't on the cards at present -- so long as workers stay productive.

While no statement has been provided as of press time, Microsoft told Business Insiderthat the company's work policies have not changed. Amazon CEO Andy Jassy's bombshell decree has roiled tech employees across the sector, many of whom dread a return to hours wasted in traffic jams on the long daily commute.

Businesses

AI Chipmaker Cerebras Files For IPO To Take On Nvidia (cnbc.com) 24

Cerebras Systems, an AI chip startup, filed (PDF) for an IPO and plans to trade under the ticker "CBRS" on Nasdaq. CNBC reports: Cerebras competes with Nvidia, whose graphics processing units are the industry's choice for training and running AI models. Cerebras says on its website that its WSE-3 chip comes with more cores and memory than Nvidia's popular H100. It's also a physically larger chip. In addition to selling chips, Cerebras offers cloud-based services that rely on its own computing clusters. [...] In addition to Nvidia, Cerebras cites AMD, Intel, Microsoft and Google as competitors, "as well as internally developed custom application-specific integrated circuits and a variety of private companies." Taiwan Semiconductor Manufacturing Company makes the Cerebras chips. Cerebrus warned investors that any possible supply chain disruptions may hurt the company.

Cerebras was founded in 2016 and is based in Sunnyvale, California. Andrew Feldman, the startup's co-founder and CEO, sold server startup SeaMicro to AMD for $355 million in 2012. The company said in 2021 that it was valued at over $4 billion in a $250 million funding round.In May, G42 committed to purchasing $1.43 billion in orders from Cerebras before March 2025, according to the filing. G42 currently owns under 5% of Cerebras' Class A shares, and the firm has an option to purchase more depending on how much Cerebras product it buys.

Slashdot Top Deals