Cyberview #4: AI Regulation, Okta breach, and Microsoft Copilot

Executive order to create A.I. safeguards

US President Joe Biden’s executive order commanded federal agencies and the booming artificial intelligence industry to adopt new standards for AI safety and security.

Biden also called on Congress to create laws for AI's use and oversight. Without legal backing, the response of federal agencies can vary in their application of an executive order. AI is the new frontier, after all. Most institutions are still figuring out where they stand with the technology.

The executive order is not perfect, but with developers of the most powerful AI systems now “required to share their safety test results and other critical information with the U.S. government”, a seachange is on the wind.

Sam Altman, co-founder and CEO of OpenAI, is cautious: “There are some great parts about the AI EO, but as the government implements it, it will be important not to slow down innovation by smaller companies/research teams.” Let’s see how it plays out.

Microsoft Copilot: The new era for enterprise AI?

OpenAI’s deep-pocketed collaborator, Microsoft, has come out strong in the enterprise AI arena with Copilot, a shiny new intelligent assistant that “seamlessly” integrates with Office 365 and Windows. According to the software giant, Copilot “combines the power of large language models (LLMs) with your organization’s data”.

Of course it does! Microsoft has invested billions in its long-term partnership with LLM trailblazers OpenAI, which gives Microsoft the means to offer “new AI-powered experiences'' across their product suite. Apparently, Copilot will save you time by summarizing video meetings, adapting Word docs into PowerPoint decks, drafting email responses, and more.

No doubt Microsoft is looking to consolidate the top spot in office productivity software and put to rest the bitter battle between venerable Office 365 and the nifty challenger that is Google Workspace.

The Okta hack: A cautionary tale

Identity and access management company Okta recently disclosed a hack of its customer support system. Their share value was heavily impacted by the attack, suffering a 20% decline in the past month.

Okta pinpointed the cause: employee credential theft, specifically a personal Chrome account logged in on a work laptop. Threat actors stole data from several Okta enterprise customers and compromised internal systems. Further attacks followed on interlinked security solution providers Cloudflare and 1Password, tied to authentication tokens compromised in the initial breach. Cloudflare wasn’t too happy about it either.

This is the most recent in a series of notable hacks linked to Okta. MGM and Caesars’ attacks targeted Okta installations, using sophisticated social engineering attacks that went through IT help desks. For this recent breach, though, there’s a clear lesson – don’t mix business and personal logins, folks.

Stay tuned for the next episode of Cyberview.