According to an analyst, there will be major data breaches and fines for application developers who use generative AI (GenAI) extensively next year. Forrester made the claims in its 2024 predictions for cybersecurity, risk and privacy and trust.
Alla Valente, a senior analyst, issued a warning about the excessive use of “TuringBots”, which are GenAI assistants that aid in code creation. She emphasized the importance for developers to thoroughly scan the generated code for vulnerabilities.
By infosecbulletin
/ Monday , December 23 2024
Splunk, a unified security and observability platform turn its focuses on Bangladeshi market. On Monday (23 December) Splunk's local partner...
Read More
By infosecbulletin
/ Sunday , December 22 2024
A major security flaw in Craft CMS, a popular PHP content management system, has been found, enabling unauthenticated remote code...
Read More
By infosecbulletin
/ Sunday , December 22 2024
Mastercard has completed its acquisition of Recorded Future, an AI-based threat intelligence provider. Mastercard has acquired the company for $2.65...
Read More
By infosecbulletin
/ Saturday , December 21 2024
CISA has released eight advisories on vulnerabilities in Industrial Control Systems (ICS). These vulnerabilities affect essential software and hardware in...
Read More
By infosecbulletin
/ Friday , December 20 2024
Bank Rakyat Indonesia (BRI), the largest state bank by assets, has assured customers that their data and funds are secure...
Read More
By infosecbulletin
/ Friday , December 20 2024
Cybersecurity researcher Jeremiah Fowler reported to Website Planet that he found a non-password-protected 1.2 TB dataset containing over 3 million...
Read More
By infosecbulletin
/ Friday , December 20 2024
Sophos has fixed three separate security vulnerabilities in Sophos Firewall. The vulnerabilities CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729 present major risks, such...
Read More
By infosecbulletin
/ Thursday , December 19 2024
A time-demanding workshop on "Cybersecurity Awareness and Needs Analysis" was held on Thursday (December 19) at Bangladesh Bank Training Academy...
Read More
By infosecbulletin
/ Thursday , December 19 2024
Kaspersky's Global Emergency Response Team (GERT) found that attackers are exploiting a patched SQL injection vulnerability (CVE-2023-48788) in Fortinet FortiClient...
Read More
By infosecbulletin
/ Wednesday , December 18 2024
The US government is considering banning a well-known brand of Chinese-made home internet routers TP-Link due to concerns that they...
Read More
ALSO READ:
40 countries to sign a agreement not to pay ransom
In a blog post, she mentioned that if there are no proper protections for TuringBot-generated code, Forrester predicts that by 2024, at least three data breaches will be attributed to insecure AI-generated code. These breaches could occur because of security flaws in the code or vulnerabilities in suggested AI dependencies.
Regulatory issues may arise for apps that use GenAI products like ChatGPT to provide information to users.
Valente predicted at least one would be fined for its handling of personally identifiable information (PII).
The person mentioned that OpenAI has the means to protect itself from regulators, but third-party apps on ChatGPT may not have the same resources.
Some apps introduce risks through their third-party tech providers, but lack the resources and expertise to handle them properly. In 2024, companies should identify apps that may increase their risk exposure and focus on managing third-party risks.
The European Data Protection Board has created a task force to coordinate enforcement action against ChatGPT. This action was taken after the Italian Data Protection Authority decided to suspend the use of the product in Italy.
In the US, the FTC is investigating OpenAI.
GenAI may also play a part in Valente’s third prediction: that 90% of data breaches in 2024 will feature a human element. According to Verizon, the figure is already at 74%.
GenAI poses a significant risk to security. It enhances social engineering and enables attackers to efficiently carry out convincing phishing attacks.
“This increase [in people-centric risk] will expose one of the touted silver bullets for mitigating human breaches: security awareness and training,” argued Valente.
In 2024, CISOs will focus more on adaptive human protection. This is because NIST will update its guidance on awareness and training, and there will be more human quantification vendors available.