Elastic® introduces Elastic AI Assistant, the open, generative AI sidekick powered by ESRE to democratize cybersecurity and enable users of every skill level. The recently released Elasticsearch Relevance Engine™ (ESRE™) delivers new capabilities for creating highly relevant AI search applications. ESRE builds on more than two years of focused machine learning research and development made possible through Elastic’s leadership role in search use cases.

Generative AI has captured the imagination of the world by being able to produce poetry, screenplays, or imagery. These tools can be used to improve human productivity for good causes, but they can also be employed by malicious actors to carry out sophisticated attacks. We are witnessing phishing attacks and social engineering becoming more sophisticated as attackers tap into powerful new tools to generate credible content or interact with humans as if it was a real person.

Today, Cloudflare is announcing the development of Firewall for AI, a protection layer that can be deployed in front of Large Language Models (LLMs) to identify abuses before they reach the models. While AI models, and specifically LLMs, are surging, customers tell us that they are concerned about the best strategies to secure their own LLMs. Using LLMs as part of Internet-connected applications introduces new vulnerabilities that can be exploited by bad actors.

The United States Cybersecurity and Infrastructure Agency (CISA) and seventeen international partners are helping shape best practices for the technology industry with their ‘Secure by Design’ principles. The aim is to encourage software manufacturers to not only make security an integral part of their products’ development, but to also design products with strong security capabilities that are configured by default.

At any point in your cloud security journey, you should consider practical architectures, frameworks, and benchmarks that will benefit your current and future infrastructure. These tools will provide guidance directly from those who have pioneered similar solutions. Working with existing designs will speed up your efforts and provide your organization with confidence that it is following industry security standards.

Every organization has to assign privileges to its user accounts. Good security practice requires each account to have only the privileges necessary for the role it’s assigned to. Ideally, that means only a few accounts have wide-ranging privileges capable of significantly changing the organization’s security configuration. These typically include systems administrators, database administrators, and service accounts. These accounts are especially vulnerable to security and compliance risks.

Modern software development techniques are creating flaws faster than they can be fixed. While using third-party libraries, microservices, code generators, large language models (LLMs), etc., has remarkably increased productivity and flexibility in development, it has also increased the rate of generating insecure code. An automated and intelligent solution is needed to bridge the widening gap between the introduction and remediation of flaws.

In a recent ad on a closed Telegram channel, a known threat actor has announced it’s recruiting AI and ML experts for the development of it’s own LLM product.