This "dream wish list for criminals" includes millions of Gmail, Facebook, banking logins, and more. The researcher who discovered it suspects they were collected using infostealing malware. A database containing 149 million account usernames and passwords--including 48 million for Gmail, 17 million for Facebook, and 420,000 for the cryptocurrency platform Binance --has been removed after a researcher reported the exposure to the hosting provider. The longtime security analyst who discovered the database, Jeremiah Fowler, could not find indications of who owned or operated it, so he worked to notify the host, which took down the trove because it violated a terms of service agreement. In addition to email and social media logins for a number of platforms, Fowler also observed credentials for government systems from multiple countries as well as consumer banking and credit card logins and media streaming platforms.

Information theft attacks pose a significant risk to Large Language Model (LLM) tool-learning systems. Adversaries can inject malicious commands through compromised tools, manipulating LLMs to send sensitive information to these tools, which leads to potential privacy breaches. However, existing attack approaches are black-box oriented and rely on static commands that cannot adapt flexibly to the changes in user queries and the invocation chain of tools. It makes malicious commands more likely to be detected by LLM and leads to attack failure. In this paper, we propose AutoCMD, a dynamic attack comment generation approach for information theft attacks in LLM tool-learning systems. Inspired by the concept of mimicking the familiar, AutoCMD is capable of inferring the information utilized by upstream tools in the toolchain through learning on open-source systems and reinforcement with target system examples, thereby generating more targeted commands for information theft. The evaluation results show that AutoCMD outperforms the baselines with +13.2% $ASR_{Theft}$, and can be generalized to new tool-learning systems to expose their information leakage risks. We also design four defense methods to effectively protect tool-learning systems from the attack.

Does your PC really need to search for aliens? How about pitching in your resources to help make AI art, instead? A new community effort, Stable Horde, allows you to donate your PC's extra GPU cycles to create AI art and use your donated time to create AI art in just a fraction of the time instead. Stable Horde is a grass-roots effort where you can donate your PC's idle time to help others create fabulous AI art -- or you can use the "horde" of PCs to create your own AI art, too. Stable Horde is similar to both SETI@Home (which went into "hibernation" in 2020) or Folding@Home.

Okay, let's talk about the one thing which doesn't get that much attention in the data science realm: labeling your data. It's a painful process, and that may lead to its disregard in tutorials you found on the internet or bootcamps you joined. However, it's one of the most crucial components in the data pipeline, you know, garbage in garbage out. A bad label leads to a bad model and a bad production practice. A data-centric approach to machine learning recently has sparked this idea into a whole new research playground.

There has been a rise in the number of studies relating to the role of artificial intelligence (AI) in healthcare. Its potential in Emergency Medicine (EM) has been explored in recent years with operational, predictive, diagnostic and prognostic emergency department (ED) implementations being developed. For EM researchers building models de novo, collaborative working with data scientists is invaluable throughout the process. Synergism and understanding between domain (EM) and data experts increases the likelihood of realising a successful real-world model. Our linked manuscript provided a conceptual framework (including a glossary of AI terms) to support clinicians in interpreting AI research. The aim of this paper is to supplement that framework by exploring the key issues for clinicians and researchers to consider in the process of developing an AI model.

With this level of interaction, a new identity problem is emerging as machines operate on behalf of humans. Collaboration between humans and machines is a working reality today. Along with this comes the need for secure communication as machines operate increasingly on behalf of humans. While people need usernames and passwords to identify themselves, machines also need to identify themselves to one another. But instead of usernames and passwords, machines use keys and certificates that serve as machine identities so they can connect and communicate securely.

An open source machine learning library developed by researchers and engineers within Google's Machine Intelligence research organization. TensorFlow runs on multiple computers to distribute the training workloads. An open source framework built on top of TensorFlow that makes it easy to construct, train, and deploy object detection models. The Object Detection API provides pre-trained object detection models for users running inference jobs. Users are not required to train models from scratch.

Falaah Arif Khan is the creator of "Meet AI" – a scientific comic strip about the human-AI story. She currently works as a Research Engineer at Dell EMC, Bangalore, but will shortly will be heading to New York University's Center for Data Science to pursue a Master's in Data Science. We talked about some of the machine learning projects she's worked on, her comic book creations, and the need for clear and accurate communication in the field of AI. I like to describe my research area as meta-security. When customers come to us it is to enhance the security of their product through access management, service authorization, session management and/or authentication. My role within the team is to use data-driven insights to build features that will bolster the security of our Identity and Access Management (IAM) product.

For the last 50 years, the fundamental and largely unchanged model for identifying and authenticating users has been based on the combination of a username and password, sometimes augmented with "second factor" techniques. While this approach has mostly served financial and other high-security industries well, it's increasingly shown to suffer from five drawbacks: For example, it's well known that "passphrases" are more secure than "passwords." But with advent of mobile apps, user preferences have shifted to make these the most frequently-used access modes, making passphrases more impractical. Even when services enforce their own complex password requirements, "forgotten username and password" reset mechanisms often fall back to less secure personal email accounts as the primary identity verification point. For example, an unattended laptop or misplaced mobile phone may provide a malicious user with a window of opportunity to access services the victim has already signed into. Fortunately, there is an emergent approach that can address these concerns by shifting emphasis from asking "do we recognize the user's username and password?"

The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks. Suprema is the security company responsible for the web-based Biostar 2 biometrics lock system that allows centralised control for access to secure facilities like warehouses or office buildings. Biostar 2 uses fingerprints and facial recognition as part of its means of identifying people attempting to gain access to buildings. Last month, Suprema announced its Biostar 2 platform was integrated into another access control system – AEOS. AEOS is used by 5,700 organisations in 83 countries, including governments, banks and the UK Metropolitan police.