Adam Parlett

The inaugural International AI Safety Report provides a comprehensive insight into General-purpose AI’s current state, future potential, and associated risks. General-purpose AI refers to AI models or systems that can perform a wide variety of tasks, as opposed to Specialized AI. Synthesizing insights from over 90 independent international AI experts, the report summarizes understanding around three core questions: What can general-purpose AI do? What are the risks associated with general-purpose AI? And what mitigation techniques exist against these risks? A lot has changed since an interim report was published in May 2024. So, let’s review the report and assess the…

The second annual Fortra State of Cybersecurity Survey is here. It reveals that organizations are ensuring their foundational and fundamental cybersecurity position is robust to combat more sophisticated threats and comply with more stringent regulations. We also see a rise in the utilization of managed security services owing to budgetary constraints, compliance, and operational efficiency. The 2025 survey collects insights from global practitioners occupying more than a dozen roles across two dozen industries on the factors they anticipate will define the upcoming year and the associated measures they are taking. This year’s survey focuses on determining what risks and initiatives,…

Organizations are increasingly prioritizing compliance due to recent regulatory requirements, such as those from the US Government regarding the sale of software to the US government and the EU’s Digital Operational Resilience Act (DORA). This was one of the findings of the Black Duck “Building Security in Maturity Model” (BSIMM) report, which garnered insights from 121 organizations across eight industries on effective security practices, emerging risks, and evolving threat landscapes. The report examines current successes and failures in software security and considers how organizations adapt their strategies to tackle traditional security challenges and emerging threats. Key takeaways from this year’s…

On January 17TH, 2025, the EU’s Digital Operational Resilience Act (DORA) came into effect. However, a recent survey of 200 UK CISOs from Censuswide found that 43% of the UK financial services industry will miss this compliance deadline despite facing the possibility of fines of up to 1% of global daily turnover for up to six months. Make it Make Sense A key question to answer first is, if the UK is no longer a member of the EU, why does DORA even apply to UK businesses? Well, although DORA isn’t directly applicable in the UK, it is still relevant…

The Federal Trade Commission (FTC) has filed a complaint that GoDaddy has violated Section 5 of the FTC Act pertaining to “unfair methods of competition” through “unfair or deceptive acts or practices.” The complaint details how GoDaddy’s failure to implement standard security tools and practices for protecting the environment where it hosts customers’ websites and data, coupled with the insufficient monitoring of said environment for security threats, contradicted their promotional claim to be a secure option for hosting. The FTC Won’t Let Me Be The FTC asserts that “GoDaddy’s data security program was unreasonable for a company of its size…

Code Intelligence has started 2025 with a bang and captured the interest of the cybersecurity community by announcing ‘Spark,’ their new AI Test Agent, ahead of a launch party later this month. Influential AI-automated software testing company Code Intelligence has identified Spark as the first AI test agent to autonomously identify bugs and vulnerabilities in unknown code without human interaction. It becomes the first AI Agent able to locate real-world vulnerabilities by automatically generating and running a test for widely used open-source software. Information Security Fuzz The proof that Spark could perform such a feat was discovered during the Fuzz…

Earlier this week, UK Prime Minister Keir Starmer released a statement and made a subsequent speech unveiling and endorsing his government’s AI Opportunities Action Plan (AOAP). He declared Artificial intelligence (AI) to be “the defining opportunity of our generation” foreshadowing that in the years to come there will be “barely an aspect of our society that will remain untouched by this force of change.” By increasing 20-fold the amount of AI computing power under public control by 2030, coupled with the mass deployment of AI and dedicated AI growth zones, he is seeking to “turbocharge growth.” Three Key Pillars The…

The U.S. Department of Health and Human Services (HSS) Office for Civil Rights (OCR) has published a Notice of Proposed Rulemaking (NPRM) proposing substantial cybersecurity requirements for all regulated entities and their business associates to be added to the HIPAA Security Rule. Comments are due on or before March 7, 2025, with a final ruling due to take effect 60 days after publication and a compliance date 180 days after that. Following these dates, the NPRM also proposes a transition period beyond the 180-day compliance period to allow regulated entities to modify their business associate agreements in response to the…

Whilst the four-time Superbowl Champions, The Green Bay Packers, have rightly been drawing praise this season for their on-field defensive performances, the Organization’s online defense has been called into question following the disclosure of a significant data breach affecting thousands of their loyal supporters. Contrasting Fortunes The last week of 2024 saw the storied franchise triumph 34-0 against the New Orleans Saints to record the first defensive shutout of the current NFL season. In his post-match comments, Packers head coach Matt LaFleur gushed, “Obviously, it’s hard to shutout an opponent in this league. From what I was told, it was…

Have you heard the story about the RAT that pretended to be a RAT? If not, you’d better sit down for this one. There’s a RAT in my kitchen Last month, a malicious package, ethereumvulncontracthandler, was identified on the npm registry. It disguised itself as a Remote Access Tool (RAT), posing as a library for detecting vulnerabilities in Ethereum smart contracts. Instead of detecting said vulnerabilities, it dropped an open-source remote access trojan called Quasar Remote Access Trojan (RAT) onto developer systems. To delve a little deeper into this process, following installation, the program works through retrieving and executing a…