Enlarge (credit: Google)

On Wednesday, Google introduced PaLM 2 , a family of foundational language models comparable to OpenAI's GPT-4 . At its Google I/O event in Mountain View, California, Google revealed that it already uses PaLM 2 to power 25 products, including its Bard conversational AI assistant.

As a family of large language models (LLMs), PaLM 2 has been trained on an enormous volume of data and does next-word prediction, which outputs the most likely text after a prompt input by humans. PaLM stands for "Pathways Language Model," and " Pathways " is a machine-learning technique created at Google. PaLM 2 follows up on the original PaLM , which Google announced in April 2022.

According to Google, PaLM 2 supports over 100 languages and can perform "reasoning," code generation, and multi-lingual translation. During his 2023 Google I/O keynote, Google CEO Sundar Pichai said that PaLM 2 comes in four sizes: Gecko, Otter, Bison, Unicorn. Gecko is the smallest and can reportedly run on a mobile device. Aside from Bard, PaLM 2 is behind AI features in Docs, Sheets, and Slides.

Enlarge (credit: Aurich Lawson)

A ransomware intrusion on hardware manufacturer Micro-Star International, better known as MSI, is stoking concerns of devastating supply chain attacks that could inject malicious updates that have been signed with company signing keys that are trusted by a huge base of end-user devices, a researcher said.

“​​It’s kind of like a doomsday scenario where it’s very hard to update the devices simultaneously, and they stay for a while not up to date and will use the old key for authentication,” Alex Matrosov, CEO, head of research and founder of security firm Binarly, said in an interview. “It’s very hard to solve, and I don’t think MSI has any backup solution to actually block the leaked keys.”

The intrusion came to light in April when, as first reported by Bleeping Computer, the extortion portal of the Money Message ransomware group listed MSI as a new victim and published screenshots purporting to show folders containing private encryption keys, source code, and other data. A day later, MSI issued a terse advisory saying that it had “suffered a cyberattack on part of its information systems.” The advisory urged customers to get updates from the MSI website only. It made no mention of leaked keys.

Enlarge (credit: Google)

At Wednesday's Google I/O conference, Google announced wide availability of its ChatGPT-like AI assistant, Bard , in over 180 countries with no waitlist. It also announced updates such as support for Japanese and Korean, visual responses to queries, integration with Google services, and add-ons that will extend Bard's capabilities.

Similar to how OpenAI upgraded ChatGPT with GPT-4 after its launch, Bard is getting an upgrade under the hood. Google says that some of Bard's recent enhancements are powered by Google's new PaLM 2 , a family of foundational large language models (LLMs) that have enabled " advanced math and reasoning skills " and better coding capabilities. Previously, Bard used Google's LaMDA AI model.

Google plans to add Google Lens integration to Bard, which will allow users to include photos and images in their prompts. On the Bard demo page, Google shows an example of uploading a photo of dogs and asking Bard to “write a funny caption about these two." Reportedly, Bard will analyze the photo, detect the dog breeds, and draft some amusing captions on demand.

Enlarge (credit: Getty Images)

FBI officials on Tuesday dropped a major bombshell: After spending years monitoring exceptionally stealthy malware that one of the Kremlin’s most advanced hacker units had installed on hundreds of computers around the world, agents unloaded a payload that caused the malware to disable itself.

The counter hack took aim at Snake, the name of a sprawling piece of cross-platform malware that for more than two decades has been in use for espionage and sabotage. Snake is developed and operated by Turla, one of the world's most sophisticated APTs, short for advanced persistent threats, a term for long-running hacking outfits sponsored by nation states.

Inside jokes, taunts, and mythical dragons

If nation-sponsored hacking was baseball, then Turla would not just be a Major League team—it would be a perennial playoff contender. Researchers from multiple security firms largely agree that Turla was behind breaches of the US Department of Defense in 2008 , and more recently the German Foreign Office and France’s military . The group has also been known for unleashing stealthy Linux malware and using satellite-based Internet links to maintain the stealth of its operations.

Enlarge / Anthropic's Constitutional AI logo on a glowing orange background. (credit: Anthropic / Benj Edwards)

On Tuesday, AI startup Anthropic detailed the specific principles of its " Constitutional AI " training approach that provides its Claude chatbot with explicit "values." It aims to address concerns about transparency, safety, and decision-making in AI systems without relying on human feedback to rate responses.

Claude is an AI chatbot similar to OpenAI's ChatGPT that Anthropic released in March .

"We’ve trained language models to be better at responding to adversarial questions, without becoming obtuse and saying very little," Anthropic wrote in a tweet announcing the paper. "We do this by conditioning them with a simple set of behavioral principles via a technique called Constitutional AI."

Enlarge (credit: Thomas Trutschel via Getty )

Spotify has removed tens of thousands of songs from artificial intelligence music start-up Boomy, ramping up policing of its platform amid complaints of fraud and clutter across streaming services.

In recent months the music industry has been confronting the rise of AI-generated songs and, more broadly, the growing number of tracks inundating streaming platforms daily.

Spotify, the largest audio streaming business, recently took down about 7 percent of the tracks that had been uploaded by Boomy, the equivalent of “tens of thousands” of songs, according to a person familiar with the matter.

Enlarge / A domain seizure notice from the Justice Department, showing the national seals of several other governments.

The US Justice Department has sized the domains of 13 DDoS-for hire services as part of an ongoing initiative for combatting the Internet menace.

The providers of these illicit services platforms describe them as “booter” or “stressor” services that allow site admins to test the robustness and stability of their infrastructure. Almost, if not all, are patronized by people out to exact revenge on sites they don’t like or to further extortion, bribes, or other forms of graft.

The international law enforcement initiative is known as Operation PowerOFF. In December, federal authorities seized another 48 domains. Ten of them returned with new domains, many that closely resembled their previous names.

Enlarge / An AI-generated image of the White House in front of a cybernetic background. (credit: Midjourney)

On Thursday, the White House announced a surprising collaboration between top AI developers, including OpenAI, Google, Antrhopic, Hugging Face, Microsoft, Nvidia, and Stability AI, to participate in a public evaluation of their generative AI systems at DEF CON 31 , a hacker convention taking place in Las Vegas in August. The event will be hosted by AI Village , a community of AI hackers.

Since last year, large language models (LLMs) such as ChatGPT have become a popular way to accelerate writing and communications tasks, but officials recognize that they also come with inherent risks. Issues such as confabulations , jailbreaks, and biases pose challenges for security professionals and the public. That's why the White House Office of Science, Technology, and Policy endorses pushing these new generative AI models to their limits.

"This independent exercise will provide critical information to researchers and the public about the impacts of these models and will enable AI companies and developers to take steps to fix issues found in those models," says a statement from the White House, which says the event aligns with the Biden administration's AI Bill of Rights and the National Institute of Standards and Technology's AI Risk Management Framework .

Enlarge (credit: Aurich Lawson | Getty Images)

By now, you’ve likely heard that passwordless Google accounts have finally arrived . The replacement for passwords is known as "passkeys."

There are many misconceptions about passkeys, both in terms of their usability and the security and privacy benefits they offer compared with current authentication methods. That’s not surprising, given that passwords have been in use for the past 60 years, and passkeys are so new. The long and short of it is that with a few minutes of training, passkeys are easier to use than passwords, and in a matter of months—once a dozen or so industry partners finish rolling out the remaining pieces—using passkeys will be easier still. Passkeys are also vastly more secure and privacy-preserving than passwords, for reasons I'll explain later.

This article provides a primer to get people started with Google's implementation of passkeys and explains the technical underpinnings that make them a much easier and more effective way to protect against account takeovers. A handful of smaller sites—specifically, PayPal, Instacart, Best Buy, Kayak, Robinhood, Shop Pay, and Cardpointers—have rolled out various options for logging in with passkeys, but those choices are more proofs of concept than working solutions. Google is the first major online service to make passkeys available, and its offering is refined and comprehensive enough that I’m recommending people turn them on today.