Snippings

April 8th is an interesting day in the world of computer security because OpenSSL 3.5 is released today. It is a big deal because it use post-quantum cryptography methods:

ML-KEM (FIPS 203) — Module Lattice-Based Key Encapsulation Mechanism (FIPS 203). This is a PQC standard for Key Exchange.

ML-DSA (FIPS 204) — Module Lattice-Based Digital Signature Algorithm. This is a PQC standard for digital signatures, and it uses the Dilithium signature method.

SLH-DSA (FIPS 205) — Stateless Hash-Based Digital Signature Algorithm. This is a PQC standard for digital signatures and uses the SPHINCS+ signature method.

As Professor Bill Buchanan points out, this means that web servers and other applications will be able to protect themselves against quantum computin. As OpenSSL is the most widely used library for cryptography this release will support the replacement with ECDH with ML-KEM, and RSA and ECDSA with ML-DSA.

xxx

The UK must recognise payments as part of its strategic infrastructure, similar to energy or food security. Ensuring resilience against geopolitical disruptions requires coordinated efforts between the public and private sectors.

Open banking has made significant strides, but considerable work remains to establish it as a standalone payments ecosystem. Addressing commercial incentives, consumer protections, product ubiquity, and cross-border acceptance will be essential to build a resilient, self-sufficient infrastructure capable of withstanding external pressures.

If successful, open banking could emerge as a resilient backbone for the UK’s financial ecosystem, reducing dependency on US-dominated networks and creating a robust, homegrown payments infrastructure.

From: Can open banking stand alone as the UK’s payment infrastructure?.

xxx

xxx

The banking industry’s effort to fight check fraud is likely to benefit from President Donald Trump’s order to the Treasury Department to stop issuing paper checks for federal disbursements and to transition to digital payments.

From: Treasury’s halt of paper checks likely to reduce fraud | American Banker.

xxx

xxx

Earlier this year, employees at online diaper seller Coterie noticed customers arriving from an intriguing new source—ChatGPT.

Coterie, like most brands, asks its customers how they heard about the company after they make a purchase. The typical answer is word of mouth. But in recent months, some shoppers started crediting their purchase to OpenAI’s popular artificial intelligence chatbot, which added real-time search features last fall, making it a more important source of inspiration for shoppers—and of business for retailers.

From: AI Search Is New Arms Race for Retailers — The Information.

xxx

xxx

Microsoft has unveiled an upgraded version of its artificial intelligence assistant that remembers user preferences and take actions on their behalf, as the tech group takes on rivals building AI-infused products designed to attract millions of consumers.

The Seattle-based group at an event on Friday to mark its 50th anniversary announced a personalised “Copilot” that develops a “memory” and can recall important details, such as family birthdays and hobbies.

From: Microsoft unveils AI assistant with ‘memory’.

xxx

xxx

Walton said he and other merchants he talks to have tried to influence AI search results, including posting frequently about their brands on Reddit, a popular forum site. Reddit, a major source of training data for AI companies, inked a content licensing deal last year with OpenAI. Reddit and OpenAI didn’t respond to requests for comment.

AI search optimization startups such as Profound, which launched less than a year ago with $3.5 million from investors including Khosla Ventures, are pitching services they say can help brands crack the AI search mystery.

From: AI Search Is New Arms Race for Retailers — The Information.

xxx

xxx

researchers have demonstrated that agents are capable of executing complex attacks (Anthropic, for example, observed its Claude LLM successfully replicating an attack designed to steal sensitive information

From: Cyberattacks by AI agents are coming | MIT Technology Review.

xxx

xxx

Humans are (usually, if well-motivated) smart enough to sort things like jokes and fiction from reality, but current AI doesn’t have a clue. All it does is absorb and mimic data, without ever reflecting critically about it.

From: April fools bring May hallucinations – by Gary Marcus.

xxx

xxx

China and Russia are adapting to rapid advances in modern technology that could shift military power dynamics. While the United States leads in cutting-edge commercial technology—like low-cost drones, autonomy, and artificial intelligence—its military and defense institutions are not built to adopt these innovations quickly. To stay ahead of adversaries in an era driven by software and emerging technologies, the Department of Defense (DoD) must modernize its approach to capability development and procurement.
This new report presents a software-defined warfare approach, offering recommendations for the DoD to adopt modern software practices and seamlessly integrate them into existing platforms to enhance and strengthen defense strategies.

From: Software-defined warfare: A blueprint for sustaining a competitive military edge – Atlantic Council.

xxx

xxx

Anthropic also looked at how Claude solved simple math problems. The team found that the model seems to have developed its own internal strategies that are unlike those it will have seen in its training data. Ask Claude to add 36 and 59 and the model will go through a series of odd steps, including first adding a selection of approximate values (add 40ish and 60ish, add 57ish and 36ish). Towards the end of its process, it comes up with the value 92ish. Meanwhile, another sequence of steps focuses on the last digits, 6 and 9, and determines that the answer must end in a 5. Putting that together with 92ish gives the correct answer of 95.

And yet if you then ask Claude how it worked that out, it will say something like: “I added the ones (6+9=15), carried the 1, then added the 10s (3+5+1=9), resulting in 95.” In other words, it gives you a common approach found everywhere online rather than what it actually did. Yep! LLMs are weird. (And not to be trusted.)

The steps that Claude 3.5 Haiku used to solve a simple math problem were not what Anthropic expected—and they’re not the steps that Claude claimed it took either.
ANTHROPIC
This is clear evidence that large language models will give reasons for what they do that do not necessarily reflect what they actually did. But this is true for people too

From: Anthropic can now track the bizarre inner workings of a large language model | MIT Technology Review.

xxx