Security & Privacy
Drones flying into jails in England and Wales are national security threat, says prisons watchdog
Drones have become a "threat to national security", the prisons watchdog has said, after a surge in the amount of weapons and drugs flown into high-security jails. Charlie Taylor, the chief inspector of prisons, called for urgent action from Whitehall and the police after inquiries found that terrorism suspects and criminal gangs could escape or attack guards because safety had been "seriously compromised". His demands follow inspections at two category A prisons holding some of England and Wales's most dangerous inmates. HMP Manchester and HMP Long Lartin in Worcestershire had thriving illicit economies selling drugs, mobile phones and weapons, and basic anti-drone security measures such as protective netting and CCTV had been allowed to fall into disrepair, inspectors found. In a report released on Tuesday, Taylor said the police and prison service had "in effect ceded the airspace above two high-security prisons to organised crime gangs" despite knowing they were holding "extremely dangerous prisoners".
'Just the start': X's new AI software driving online racist abuse, experts warn
A rise in online racism driven by fake images is "just the start of a coming problem" after the latest release of X's AI software, online abuse experts have warned. Concerns were raised after computer-generated images created using Grok, X's generative artificial intelligence chatbot, flooded the social media site in December last year. Signify, an organisation that works with prominent groups and clubs in sports to track and report online hate, said it has seen an increase in reports of abuse since Grok's latest update, and believes the introduction of photorealistic AI will make it far more prevalent. "It is a problem now, but it's really just the start of a coming problem. It is going to get so much worse and we're just at the start, I expect over the next 12 months it will become incredibly serious."
SecAlign: Defending Against Prompt Injection with Preference Optimization
Chen, Sizhe, Zharmagambetov, Arman, Mahloujifar, Saeed, Chaudhuri, Kamalika, Wagner, David, Guo, Chuan
Large language models (LLMs) are becoming increasingly prevalent in modern software systems, interfacing between the user and the Internet to assist with tasks that require advanced language understanding. To accomplish these tasks, the LLM often uses external data sources such as user documents, web retrieval, results from API calls, etc. This opens up new avenues for attackers to manipulate the LLM via prompt injection. Adversarial prompts can be injected into external data sources to override the system's intended instruction and instead execute a malicious instruction. To mitigate this vulnerability, we propose a new defense called SecAlign based on the technique of preference optimization. Our defense first constructs a preference dataset with prompt-injected inputs, secure outputs (ones that respond to the legitimate instruction), and insecure outputs (ones that respond to the injection). We then perform preference optimization on this dataset to teach the LLM to prefer the secure output over the insecure one. This provides the first known method that reduces the success rates of various prompt injections to around 0%, even against attacks much more sophisticated than ones seen during training. This indicates our defense generalizes well against unknown and yet-to-come attacks. Also, our defended models are still practical with similar utility to the one before our defensive training. Our code is at https://github.com/facebookresearch/SecAlign
AI as Humanity's Salieri: Quantifying Linguistic Creativity of Language Models via Systematic Attribution of Machine Text against Web Text
Lu, Ximing, Sclar, Melanie, Hallinan, Skyler, Mireshghallah, Niloofar, Liu, Jiacheng, Han, Seungju, Ettinger, Allyson, Jiang, Liwei, Chandu, Khyathi, Dziri, Nouha, Choi, Yejin
Creativity has long been considered one of the most difficult aspect of human intelligence for AI to mimic. However, the rise of Large Language Models (LLMs), like ChatGPT, has raised questions about whether AI can match or even surpass human creativity. We present CREATIVITY INDEX as the first step to quantify the linguistic creativity of a text by reconstructing it from existing text snippets on the web. CREATIVITY INDEX is motivated by the hypothesis that the seemingly remarkable creativity of LLMs may be attributable in large part to the creativity of human-written texts on the web. To compute CREATIVITY INDEX efficiently, we introduce DJ SEARCH, a novel dynamic programming algorithm that can search verbatim and near-verbatim matches of text snippets from a given document against the web. Experiments reveal that the CREATIVITY INDEX of professional human authors is on average 66.2% higher than that of LLMs, and that alignment reduces the CREATIVITY INDEX of LLMs by an average of 30.1%. In addition, we find that distinguished authors like Hemingway exhibit measurably higher CREATIVITY INDEX compared to other human writers. Finally, we demonstrate that CREATIVITY INDEX can be used as a surprisingly effective criterion for zero-shot machine text detection, surpassing the strongest existing zero-shot system, DetectGPT, by a significant margin of 30.2%, and even outperforming the strongest supervised system, GhostBuster, in five out of six domains.
How AI will transform cybersecurity in 2025 - and supercharge cybercrime
The cybersecurity landscape of 2024 was marked by devastating ransomware attacks, artificial intelligence (AI)-powered social engineering, and state-sponsored cyber operations that caused billions in damages. As 2025 kicks off, the convergence of AI, geopolitical instability, and evolving attack surfaces presents an even more complex threat environment. Security professionals are bracing for what could be the most challenging year yet in cyber defense as threat actors leverage increasingly sophisticated tools and tactics. Based on current threat intelligence and emerging attack patterns, here are five significant cybersecurity predictions that will likely shape 2025. Ransomware is no longer just about extortion -- it's becoming a tool for systemic disruption.
Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location
Some of the world's most popular apps are likely being co-opted by rogue members of the advertising industry to harvest sensitive location data on a massive scale, with that data ending up with a location data company whose subsidiary has previously sold global location data to US law enforcement. The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush and dating apps like Tinder to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection is occurring through the advertising ecosystem--not code developed by the app creators themselves--this data collection is likely happening without users' or even app developers' knowledge. This article was created in partnership with 404 Media, a journalist-owned publication covering how technology impacts humans. "For the first time publicly, we seem to have proof that one of the largest data brokers selling to both commercial and government clients appears to be acquiring their data from the online advertising'bid stream,'" rather than code embedded into the apps themselves, Zach Edwards, senior threat analyst at cybersecurity firm Silent Push and who has followed the location data industry closely, tells 404 Media after reviewing some of the data.
The 'dangerous' iPhone settings that are sharing your data... and how to turn them off
These settings allow your iPhone to share data that helps third parties target advertisements to you and measure advertisement engagement. Chip Hallett, author of The Ultimate Privacy Playbook, explained how to turn these'dangerous' settings off to ensure that your data is always kept private. To disable them, start by opening the settings app. Then scroll down and tap'Safari.' Then scroll all the way down to the bottom of the screen where it says'Advanced.' Tap this tab, and you should see a toggle on/off button next to'Privacy Preserving Ad Measurement.'
Can the Bee Pioneer finally make AI wearables useful?
The concept of wearable AI devices hasn't exactly taken off. Devices like the Rabbit R1 and Humane AI Pin have been largely criticized for overpromising while under-delivering. Now, a new company, Bee, is taking another stab at the concept with its wrist-worn AI device. The Bee AI device, called the Bee Pioneer, is essentially designed to listen to you go about your day and use the information it collects to build a personalized knowledge base about your life. It can remember things you did during the day, create to-do lists based on what it hears, and even search through conversations you had.
The Download: how AI is changing internet search, and the future of privacy in the US
Every day, we are tracked hundreds or even thousands of times across the digital world. All of this is collected, packaged together with other details, and used to create highly personalized profiles that are then shared or sold, often without our explicit knowledge or consent. A consensus is growing that Americans need better privacy protections--and that the best way to deliver them would be for Congress to pass comprehensive federal privacy legislation. So what can Americans expect for their personal data in 2025? We spoke to privacy experts and advocates about what's on their mind regarding how our digital data might be traded or protected moving forward.