The risk matrix presented below serves as a structured, multi-dimensional lens through which to assess cybersecurity risks in AI systems. Each of the 67 risks is classified by risk description, threat context, mitigating controls, cyber relevance, control type (preventative or operational). It serves as a threat model and is based on IBM AI Risk Atlas Risk… Continue reading Cyber Risks in AI
Retrieval-Augmented Generation (RAG)
Retrieval-augmented generation (RAG) is a hybrid AI approach that combines retrieval-based methods with generative models to improve the quality and accuracy of generated content. This approach benefits tasks requiring factual accuracy and natural language generation, such as question-answering, summarization, or generating content based on specific knowledge. How RAG Works: RAG integrates two core components: Retrieval… Continue reading Retrieval-Augmented Generation (RAG)
23andMe Data Leak – October 2023
The 23andMe data leak was first reported in October 20231. Approximately 6.9 million 23andMe customers had their data compromised after an anonymous hacker accessed user-profiles and posted them for sale on the internet earlier that year. The breach exposed sensitive information, including health data, and raised concerns about privacy and security. The company confirmed the… Continue reading 23andMe Data Leak – October 2023
MOVEit Data Breach – August 24, 2023
The MOVEit Data Breach was reported on August 24, 2023. This breach affected millions of consumers and organizations, including the U.S. Department of Energy, British Airways, and pension funds, among others Incident: The MOVEit data breach occurred, impacting millions of consumers and organizations. Affected Parties: Organizations using MOVEit, including financial services companies, government agencies, and others. Date Reported:… Continue reading MOVEit Data Breach – August 24, 2023
Cues from OMB Zero Trust Architecture memo
Towards the end of January 2022, the Office of Management and Budget (OMB) released its memorandum on moving government agencies to a zero-trust model. Enterprises that align themselves to industries regulated by the federal agencies can take a cue from it to improve their security posture. The memo considers the recent ransomware attacks on various… Continue reading Cues from OMB Zero Trust Architecture memo