The 34th RSAC Conference has just finished, and it was a big one, with 44,000 attendees (a new record), 730 speakers, 650 exhibitors, and 400 members of the media. It’s the largest security conference of the year, so naturally, PCMag was there, attending the many sessions, events, and experiences that represent the current state of cybersecurity.
Here’s a summary of what we learned during this dizzying week with the world’s best security mavens.
1. Artificial Intelligence: Can’t Live With It, Can’t Uninvent It
The conference was abuzz with sessions all about AI. Can we safely hand off important tasks to agentic AI apps that act without direct human supervision? How do we manage and authenticate non-human identities such as AI bots, apps, and smart devices? Will AI make your job obsolete? We couldn’t begin to attend every AI-focused session, but we hit some high points.
At this point, we’re all familiar with generative AI systems like ChatGPT. These systems rely on terabytes of input data to provide useful responses. We’ve seen in past RSAC presentations that specific engineered prompts (created using AI) can trigger responses that break an AI’s internal rules, causing it to offer information that should be suppressed. It’s also possible to force an AI to give answers that are just plain wrong. At an off-site demonstration, Erez Yalon, head of security research at Checkmarx, an enterprise security company, first spun up a shopping list program using a simple English-language prompt, then demonstrated just how easy it is to force a large language model to spew incorrect and dangerous results simply by poisoning its inputs.
Using an AI chatbot like ChatGPT gives you the impression that you’re interacting with a living, thinking entity. Young people, in particular, believe AI is conscious already, or will be soon. Author and security expert Ira Winkler blasted that myth in a session provocatively titled, “AI Is Just Math: Get Over It!” Winkler’s advice: If you want to understand so-called AI and get a job that won’t be made obsolete, consider an advanced degree in math.
One of the more pernicious uses of AI is the creation of real-time deepfakes that can fool you into thinking you’re conversing with an actual person. I met one-on-one with Sandy Kronenberg, CEO of Netarx, a company that has created an AI deepfake detector with the unlikely name of “the Flurp.” Big companies can deploy the Flurp for a fairly low price, and consumers can use it for free.
2. Scams Abound—How Can We Stay Safe?
Our older population didn’t grow up in the current environment where everything is online, but they can’t avoid the modern online world. From making medical appointments to viewing videos of grandchildren, everything is online, including fraudsters and scammers. With a background in TV news and investigative journalism, Kerry Tomlinson presented her thoughts on protecting vulnerable seniors from online attacks and teaching them strategies for managing their own protection. In particular, she pointed up physical changes that occur as we age, and strategies for providing help with those changes in mind.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Of course, everyone of every age can be scammed, and there was no shortage of presentations related to detecting and avoiding such attacks. Ayelet Biger-Levin, CEO of RangersAI, focused on techniques that everyone can use to foil scammers, laying out six important defenses. Similarly, Jennifer Minella, principal security advisor at Viszen Security, a cybersecurity consulting company, offered some useful tips to protect your home network and the devices on it from intruders or snoops, regardless of your level of tech savviness.
With all this talk about scammers, you might feel like a loser if you fall for one. Oz Alashe, the CEO of CybSafe, and Dr. Jason Nurse, who researches cybersecurity at the University of Kent, want to change your mind about that. Their presentation took a deep dive into the normal, human, psychological factors that make us vulnerable.
3. Is the Government Here to Help?
Whatever your attitude toward government agencies in general, you can’t deny that DARPA (Defense Advanced Research Projects Agency) has made some major contributions to your high-tech life. For starters, its earlier project, ARPANET, laid the groundwork for what we now call the internet. Among its vast number of research projects, DARPA is running what it calls AIxCC—the Artificial Intelligence Cyber Challenge. This two-year campaign will finish at the DEF CON conference right after Black Hat this summer. To bring this somewhat arcane competition down to earth, DARPA presented its AIxCC Experience at the Conference. We took a virtual tour of the imaginary city of Northbridge as part of this experience. It was, without a doubt, the flashiest, most Vegas-like component of the entire conference, while still conveying immersive detail about just why our infrastructure needs protection.
Recommended by Our Editors
Speaking of government actions, North Korean hackers are still busily attempting to infiltrate companies around the world by applying for remote worker jobs. The Justice Department has indicted some of these spies, and the FBI continues to try to root them out. A panel including Adam Meyers of CrowdStrike, Greg Schloemer of Microsoft, and FBI agent Elizabeth Pelker reviewed existing legal actions and discussed the ongoing struggle to keep DPRK spies out of American companies. Meyers closed with the suggestion that companies can help fend off infiltration attempts by asking prospective employees, “How fat is Kim Jong Un?”
The government makes laws, and lawyers argue their cases based on those laws. But has our government kept up with the legal implications of AI, deepfakes, and other cutting-edge technologies? A panel of tech-savvy lawyers regaled RSAC attendees with details of seven specific areas in which the law and cybersecurity are colliding. We can’t wait to see the courtroom dramas based on these legal matters.
4. A Vision for the Web’s Future
Much of what occurs at the RSAC Conference is focused on what’s happening in the security world right now, or what will happen in the next quarter or two. We sat down with security luminary Bruce Schneier to talk about the future of the World Wide Web, and it’s a future where your privacy comes first. We can thank Sir Tim Berners-Lee, creator of the web, for the privacy-first technology that underpins this vision for a kinder, gentler, more private internet.
Black Hat 2024 (Credit: Kim Key)
Next Stop: Black Hat
And just like that, the excitement of the RSAC Conference is over, at least until next year. Attendees left with new ideas and inspirations, and with new industry connections. If you’re inspired to learn more, check out our full RSAC coverage. And don’t forget, Black Hat is just a few months away.
About Neil J. Rubenking
Lead Analyst for Security
