Is GenAI Having a Rough Time? We check in to see how it’s doing. – ESW #366
We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week.
This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market.
We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries.
We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise.
We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware.
Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie.
Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge).
Hosts
- 1. FUNDING: Huntress Raises a $150M Series D
$150M Series D at a $1.55B valuation, led by Kleiner Perkins, Meritech Capital, and Sapphire Ventures. Total funding is now $309.8M.
"Huntress is the leading cybersecurity partner for small and mid-sized businesses (SMBs) and the managed service providers that support them."
- 2. FUNDING: Semperis Secures $125 Million in Growth Financing – Semperis
$125M "venture round" (or Series D down round?) led by Hercules Capital and JP Morgan. Total funding is now $498.3M
"Semperis is a developer of enterprise identity protection and cyber resilience for cross-cloud and hybrid environments."
- 3. ACQUISITIONS: NetSPI expands proactive security with strategic acquisition of Hubble
- 4. MARKET UPDATE: Cybersecurity Market Update: May 2024 Insights & Trends
- 5. DETECTION: IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
The latest in a series of writeups detailing how attacks happen (and apparently a brisk business selling detections as well!)
- 6. DETECTION: A Bird’s-eye view: ShareFinder-How Threat Actors Discover File Shares (The DFIR Report)
An article that doesn't mention AI? What???
The TL;DR is that juicy stuff is in file shares. Attackers like them. Which is why setting a file-share-based trap for attackers is a really good idea.
There actually was an angle for GenAI here - generating file names and file content at scale for these file shares. But it looks like Thinkst is already doing the file/directory structure generation for you, so that's covered!
- 7. DUMPSTER FIRE: Robert Hansen (RSnake) runs some surveys on sentiment around the Gili Ra’anan model
This is largely unsurprising and reminds me of a similar survey I did around how people felt about companies buying fake awards.
If you haven't read the original investigative piece, click here.
- 8. BREACHES: Whistleblower Says Microsoft Dismissed Warnings About a Security Flaw That Russians Later Used to Hack U.S. Government
Some insider insight on the culture of bad decisions that culminated in a breach that will take many years for Microsoft to live down.
- 9. BREACHES: Polyfill.io JavaScript supply chain attack impacts over 100K sites
- 10. ESSAYS: Navigating the Entrepreneurial Journey: Highlights from BuildCon
- 11. AI ESSAYS: How AI Will Change Democracy – Schneier on Security
A thought-provoking essay on all kinds of weird, unintended outcomes AI could result in. If you'd prefer a video version of this essay, it follows Bruce Schneier's RSA talk pretty closely.
- 12. AI ESSAYS: Why AI Will Save the World
An essay that seems largely self-serving, I don't think this is Marc's next "Software is Eating the World" essay. I think it might be more akin to his "Metaverse" moment. Everything we're hearing about AI suggests it can't do any of the things he's suggesting without human assistance.
At least, not right now. I don't think it's a given that this technology will continue to improve and have breakthroughs at the same speed we saw from GPT2 to GPT4o, I suspect we'll start seeing issues and regression at some point.
- 13. AI ESSAYS: I Will Fucking Piledrive You If You Mention AI Again — Ludicity
- 14. AI HYPE CHECK: From Dare Obasanjo on X: “…you aren’t just adopting AI, you’re doing data management as well.”
Just a few tweets, but really cuts to the heart of enterprise challenges in adopting GenAI: if your data is a hot mess, the AI will reflect that mess. GIGO still applies in the age of GenAI. Much of the problem here is a data hygiene/governance problem.
- 15. SQUIRREL: ChatGPT Now Has PhD-Level Intelligence, and the Poor Personal Choices to Prove It
A great laugh. I predict 50% of the folks you share this with won't realize it's satire.
