Why is Wandasho's little unit symbol not orange? All of the other unit symbols are their unit colors, why is WxS being singled out instead of, like, Niigo as the "outcast" group? This clown unit continues to baffle me.

it is cosmically massive in the face of your mortal insignificance, and it has only ever turned its gaze on an individual to destroy them. it doesn't know how to love you. it has never attempted such a thing before.

it does not know how to gentle its hands to hold you, for it has only ever needed claws. it never wanted to avoid breaking anyone before you. when it tries, it will fail. it will unintentionally leave gashes as deep as the ones that were deliberately carved into you.

does the intent make all the difference, or is a wound a wound? are there enough scraps of you left to survive the carnage of its learning curve?

trans men please please please keep up with your pelvic health. find a provider who will listen to you and see you as you are. you have the right to good quality and affirming care

get your annual physical exam. regular std testing. pap smears. all of it

aaarghh. i hope i get an interview for this position at my friend’s job. i would really like to get an interview at least lets all manifest this for me…

i dont like art tutorials that keep hammering in the idea that “circles are soft cute and friendly squares are sturdy and confident and triangles are MEAN and EVIL and FUCKED UP” because like,,,, it kinda feels like discrimination against triangles man

Hello from the frog in my planner

i really think who a person chooses as their favorite character has deep psychological implications but i canNOT examine those themes in myself or else i’ll explode. i will explode

oh my god writing essays is so harddddd

what shatters you ?

      ⸻       exhaustion

  you   have   tried   to   be   atlas   for   far   too   long.   your   legs   tremble   and   shoulders   creak   beneath   the   weight   of   the   world   you   carry.   every   step   forward   is   a   battle   ,   yet   you   soldier   on   .   .   .   for   what   ?   when   will   you   learn   that   you   are   allowed   to   lower   your   heavy   burdens   ?

tagged by : @amourem ( peekaboo ) tagging : i'm late so feel free to if you haven't already !

pvc electric red and blue wire #smartratework#tumblr

see like. i kind of understand where the people who say "oh but if you put something online you agree for it to be critiqued" re fics but. but. i promise that if you got persistent criticism on your work, for example, art (your anatomy is bad you have no sense of posing properly your color theory is off you are blatantly copying style from this anime, etc). you would stop being amicable to that viewpoint and block the critiquer real quick

giving constructive criticism takes knowledge and study, and i bet my ass most of yall have never taken a creative writing class

For the writer's asks: 13, 16, & 20

tyyy, questions are here

13. What feedback did you receive for your writing that stuck with you? Answered here :3

16. Where do you find inspiration to write?

Is it cliché to say everywhere? There's always a little narrator somewhere in my head, and when I see something that I like, or touch it, or eat it, or hear it- I squirrel it away. I always want to be writing and always sort of am whether I want to or not because there are so many words! But also in a more practical structural based way, I would say by asking myself questions. Sometimes from inside out- What would cause Valentine to purposefully break from Arasaka? Sometimes from the outside in- How could Valentine post DE end up interacting with Johnny? * 20. Do you have one piece of advice for your fellow writers? Don't be afraid to experiment- it feels bad to fall short, but you'll learn a lot, and you can always save the attempt and analyze it later or re-do it. For some reason this article is Medium-walled but I'm a big believer in the 1000 pots process. If you try to make the best pot every time from the moment you start writing it's going to be discouraging and hard. If you tell yourself you're going to end up churning a lot of 50% quality pots and learning about what Not To Do it takes a lot of the pressure off and makes it fun to dick around and do weird hobby stuff. Have fun!

Why Does High-temperature Liquefied Iron Nucleus Produce a Huge Magnetic Field?

Bar Magnet Heating Will Lose Magnetism, Why Does High-temperature Liquefied Iron Nucleus Produce a Huge Magnetic Field? The atoms in the magnet are arranged neatly in accordance with certain rules, which is why magnets have magnetic reasons. When heating the magnet, the arrangement of the atom is disrupted and the magnetic is reduced. When heating to 770 ° C, the magnet loses magneticity. Why…

View On WordPress

Ensuring Resilient Security for Autonomous AI in Healthcare

New Post has been published on https://thedigitalinsider.com/ensuring-resilient-security-for-autonomous-ai-in-healthcare/

Ensuring Resilient Security for Autonomous AI in Healthcare

The raging war against data breaches poses an increasing challenge to healthcare organizations globally. As per current statistics,  the average cost of a data breach now stands at $4.45 million worldwide, a figure that more than doubles to $9.48 million for healthcare providers serving patients within the United States. Adding to this already daunting issue is the modern phenomenon of inter- and intra-organizational data proliferation. A concerning 40% of disclosed breaches involve information spread across multiple environments, greatly expanding the attack surface and offering many avenues of entry for attackers.

The growing autonomy of generative AI brings an era of radical change. Therefore, with it comes the pressing tide of additional security risks as these advanced intelligent agents move out of theory to deployments in several domains, such as the health sector. Understanding and mitigating these new threats is crucial in order to up-scale AI responsibly and enhance an organization’s resilience against cyber-attacks of any nature, be it owing to malicious software threats, breach of data, or even well-orchestrated supply chain attacks.

Resilience at the design and implementation stage

Organizations must adopt a comprehensive and evolutionary proactive defense strategy to address the increasing security risks caused by AI, especially inhealthcare, where the stakes involve both patient well-being as well as compliance with regulatory measures.

This requires a systematic and elaborate approach, starting with AI system development and design, and continuing to large-scale deployment of these systems.

The first and most critical step that organizations need to undertake is to chart out and threat model their entire AI pipeline, from data ingestion to model training, validation, deployment, and inference. This step facilitates precise identification of all potential points of exposure and vulnerability with risk granularity based on impact and likelihood.

Secondly, it is important to create secure architectures for the deployment of systems and applications that utilize large language models (LLMs), including those with Agentic AI capabilities. This involves meticulously considering various measures, such as container security, secure API design, and the safe handling of sensitive training datasets.

Thirdly, organizations need to understand and implement the recommendations of various standards/ frameworks. For example, adhere to the guidelines laid down by NIST’s AI Risk Management Framework for comprehensive risk identification and mitigation. They could also consider OWASP’s advice on the unique vulnerabilities introduced by LLM applications, such as prompt injection and insecure output handling.

Moreover, classical threat modeling techniques also need to evolve to effectively manage the unique and intricate attacks generated by Gen AI, including insidious data poisoning attacks that threaten model integrity and the potential for generating sensitive, biased, or inappropriately produced content in AI outputs.

Lastly, even after post-deployment, organizations will need to stay vigilant by practicing regular and stringent red-teaming maneuvers and specialized AI security audits that specifically target sources such as bias, robustness, and clarity to continually discover and mitigate vulnerabilities in AI systems.

Notably, the basis of creating strong AI systems in healthcare is to fundamentally protect the entire AI lifecycle, from creation to deployment, with a clear understanding of new threats and an adherence to established security principles.

Measures during the operational lifecycle

In addition to the initial secure design and deployment, a robust AI security stance requires vigilant attention to detail and active defense across the AI lifecycle. This necessitates for the continuous monitoring of content, by leveraging AI-driven surveillance to detect sensitive or malicious outputs immediately, all while adhering to information release policies and user permissions. During model development and in the production environment, organizations will need to actively scan for malware, vulnerabilities, and adversarial activity at the same time. These are all, of course, complementary to traditional cybersecurity measures.

To encourage user trust and improve the interpretability of AI decision-making, it is essential to carefully use Explainable AI (XAI) tools to understand the underlying rationale for AI output and predictions.

Improved control and security are also facilitated through automated data discovery and smart data classification with dynamically changing classifiers, which provide a critical and up-to-date view of the ever-changing data environment. These initiatives stem from the imperative for enforcing strong security controls like fine-grained role-based access control (RBAC) methods, end-to-end encryption frameworks to safeguard information in transit and at rest, and effective data masking techniques to hide sensitive data.

Thorough security awareness training by all business users dealing with AI systems is also essential, as it establishes a critical human firewall to detect and neutralize possible social engineering attacks and other AI-related threats.

Securing the future of Agentic AI

The basis of sustained resilience in the face of evolving AI security threats lies in the proposed multi-dimensional and continuous method of closely monitoring, actively scanning, clearly explaining, intelligently classifying, and stringently securing AI systems. This, of course, is in addition to establishing a widespread human-oriented security culture along with mature traditional cybersecurity controls. As autonomous AI agents are incorporated into organizational processes, the necessity for robust security controls increases.  Today’s reality is that data breaches in public clouds do happen and cost an average of $5.17 million , clearly emphasizing the threat to an organization’s finances as well as reputation.

In addition to revolutionary innovations, AI’s future depends on developing resilience with a foundation of embedded security, open operating frameworks, and tight governance procedures. Establishing trust in such intelligent agents will ultimately decide how extensively and enduringly they will be embraced, shaping the very course of AI’s transformative potential.

Cybercriminals are abusing Google’s infrastructure, creating emails that appear to come from Google in order to persuade people into handing over their Google account credentials. This attack, first flagged by Nick Johnson, the lead developer of the Ethereum Name Service (ENS), a blockchain equivalent of the popular internet naming convention known as the Domain Name System (DNS). Nick received a very official looking security alert about a subpoena allegedly issued to Google by law enforcement to information contained in Nick’s Google account. A URL in the email pointed Nick to a sites.google.com page that looked like an exact copy of the official Google support portal.

As a computer savvy person, Nick spotted that the official site should have been hosted on accounts.google.com and not sites.google.com. The difference is that anyone with a Google account can create a website on sites.google.com. And that is exactly what the cybercriminals did. Attackers increasingly use Google Sites to host phishing pages because the domain appears trustworthy to most users and can bypass many security filters. One of those filters is DKIM (DomainKeys Identified Mail), an email authentication protocol that allows the sending server to attach a digital signature to an email. If the target clicked either “Upload additional documents” or “View case”, they were redirected to an exact copy of the Google sign-in page designed to steal their login credentials. Your Google credentials are coveted prey, because they give access to core Google services like Gmail, Google Drive, Google Photos, Google Calendar, Google Contacts, Google Maps, Google Play, and YouTube, but also any third-party apps and services you have chosen to log in with your Google account. The signs to recognize this scam are the pages hosted at sites.google.com which should have been support.google.com and accounts.google.com and the sender address in the email header. Although it was signed by accounts.google.com, it was emailed by another address. If a person had all these accounts compromised in one go, this could easily lead to identity theft.

How to avoid scams like this

Don’t follow links in unsolicited emails or on unexpected websites.

Carefully look at the email headers when you receive an unexpected mail.

Verify the legitimacy of such emails through another, independent method.

Don’t use your Google account (or Facebook for that matter) to log in at other sites and services. Instead create an account on the service itself.

Technical details Analyzing the URL used in the attack on Nick, (https://sites.google.com[/]u/17918456/d/1W4M_jFajsC8YKeRJn6tt_b1Ja9Puh6_v/edit) where /u/17918456/ is a user or account identifier and /d/1W4M_jFajsC8YKeRJn6tt_b1Ja9Puh6_v/ identifies the exact page, the /edit part stands out like a sore thumb. DKIM-signed messages keep the signature during replays as long as the body remains unchanged. So if a malicious actor gets access to a previously legitimate DKIM-signed email, they can resend that exact message at any time, and it will still pass authentication. So, what the cybercriminals did was: Set up a Gmail account starting with me@ so the visible email would look as if it was addressed to “me.” Register an OAuth app and set the app name to match the phishing link Grant the OAuth app access to their Google account which triggers a legitimate security warning from [email protected] This alert has a valid DKIM signature, with the content of the phishing email embedded in the body as the app name. Forward the message untouched which keeps the DKIM signature valid. Creating the application containing the entire text of the phishing message for its name, and preparing the landing page and fake login site may seem a lot of work. But once the criminals have completed the initial work, the procedure is easy enough to repeat once a page gets reported, which is not easy on sites.google.com. Nick submitted a bug report to Google about this. Google originally closed the report as ‘Working as Intended,’ but later Google got back to him and said it had reconsidered the matter and it will fix the OAuth bug.