CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Trustwave Measures the Pros and Cons of President Biden’s Executive Order to Regulate AI Development

President Joe Biden, on October 30, signed the first-ever Executive Order designed to regulate and formulate the safe, secure, and trustworthy development and use of artificial intelligence within the United States.

 

Overall, Trustwave’s leadership commended the Executive Order, but raised several questions concerning the government’s ability to enforce the ruling and the impact it may have on AI’s development in the coming years.

 

The 111-page order covers a myriad of AI-related topics designed to protect privacy, enhance law enforcement, ensure responsible and effective government use of AI, stand up for consumers, patients, and students, support workers, and promote innovation and competition. 

 

"In the end, AI reflects the principles of the people who build it, the people who use it, and the data upon which it is built," President Biden said in the Executive Order. "I firmly believe that the power of our ideals; the foundations of our society; and the creativity, diversity, and decency of our people are the reasons that America thrived in past eras of rapid change."

 

The new Executive Order follows the release of the Blueprint for an AI Bill of Rights in October 2022 and issuing an Executive Order directing agencies to combat algorithmic discrimination in February 2023.

 

Trustwave: The EO is an Excellent Start

 

Trustwave leaders support the concept behind the Executive Order but note the order's final impact will depend on how the details listed in the order are fleshed out.

 

"The Executive Order is huge; my only concern is, at this time, it's hard to see the follow-up and whether these recommendations are embraced," said Trustwave CISO Kory Daniels.

 

Daniels goes on to note that the message captured in the order is very clear: there are different levels of maturity in AI. President Biden is communicating the importance of formulating plans around AI, and organizations should take the order seriously or risk being caught flat-footed. 

 

Kevin Kerr, Trustwave Lead Security Principal Consultant, pointed out that a measure of nuance is necessary to ensure the EO does not do the opposite of its stated intention and hinder innovation.

 

The White House Executive Order on Artificial Intelligence, Kerr said, brings both benefits and risks to the cybersecurity and privacy landscape as it relies on many other variables, to establish standards for AI safety and security, combating AI-enabled threats, and prioritizing privacy, the order aims to protect Americans and promote responsible AI use.

 

“However, challenges in compliance and potential limitations on innovation need to be carefully addressed to ensure the order's long-term effectiveness,” Kerr said. “As we all may know, the use and misuse of AI will be global, and rules to control AI will only work with those that want the best from it, so care must be taken to not hinder innovation and enable technology to protect against what it could do, intentional or not. Bottom-line, this will be a tough balancing act.”

 

The order should also spur conversations within organizations nationwide, Daniels said, about not only how each will adopt AI but how it can be used while maintaining privacy, control, and ultimately how it can power the organization's workforce to be more effective.

 

The other matter that must be addressed is the level of transparency the Executive Order attempts to bring to the development of AI. 

 

"AI developers need to be transparent with what they use in the training data sets, model development, and other components to ensure acceptable usage of Intellectual Property (e.g., Books3 dataset that contains copyright-protected fiction and non-fiction being used to train models) as well as safety compliance," said Karl Sigler, Trustwave SpiderLabs Senior Security Research Manager.

 

Sigler, who has conducted several AI-centric webinars, added that the passages pertaining to criminal usage of AI are especially important. 

 

The potential for criminals to abuse AI is already taking place with threat actors using Large Language Models (LLM) like Fraud GPT and WormGPT. Trustwave SpiderLabs wrote an in-depth blog on this topic in August. The team noted that the underground community has a great deal of interest in LLMs, and additional malicious LLM products can be expected.

 

"The other primary issue to be addressed is safety, specifically keeping humans safe. This applies to not just preventing AI from being a criminal accomplice by providing help in making bombs or robbing banks, but also to making sure that AI isn’t disseminating disinformation or enabling social or racist bigotry and bias," he said.

 

The EO at a Glance

 

The White House developed the Executive Order under the Defense Production Act, which enables the federal government to regulate industries related to national security to compel companies to tell the federal government about potential national security risks related to their AI work.

 

The order will:

  • Require that developers of the most powerful AI systems share their safety test results and other critical information with the US government.
  • Develop standards, tools, and tests to help ensure that AI systems are safe, secure, and trustworthy.
  • Protect Americans from AI-enabled fraud and deception by establishing standards and best practices for detecting AI-generated content and authenticating official content.
  • Establish an advanced cybersecurity program to develop AI tools to find and fix vulnerabilities in critical software.
  • Protect Americans' privacy by prioritizing federal support for accelerating the development and use of privacy-preserving techniques.
  • Provide clear guidance to landlords, Federal benefits programs, and federal contractors to keep AI algorithms from being used to exacerbate discrimination.
  • Advance the responsible use of AI in healthcare and the development of affordable and life-saving drugs.

 

The order also requires an accelerated hiring of AI professionals as part of a government-wide AI talent surge led by the Office of Personnel Management, US Digital Service, US Digital Corps, and Presidential Innovation Fellowship. Agencies will provide AI training for employees at all levels in relevant fields.

Daniels noted this requirement is extremely important, as the US is in a race to become the world leader in AI development, and the key to winning that contest is having the best and the brightest personnel.

 

In the end, deciding whether the AI Executive Order will succeed in its goals will take some time, but if the astonishing pace of technologies like ChatGPT continue, we may find out sooner rather than later if President Biden's attempt to control development is successful. 

Latest Trustwave Blogs

The Power of Red and Purple Team Drills in Enhancing Offensive Security Programs

Despite investing in costly security solutions, keeping up with patches, and educating employees about suspicious emails, breaches still occur, leaving many organizations to wonder why they are...

Read More

Balancing Innovation and Security: How Offensive Security Can Help Navigate the Tech Industry’s Dual Challenges

Two of the greatest threats facing technology-focused organizations are their often-quick adoption of new technologies, such as artificial intelligence (AI), without taking security measures into...

Read More

Trustwave Government Solutions (TGS) Salutes New Mexico’s New Cybersecurity Executive Order

New Mexico Governor Michelle Lujan Grisham issued an Executive Order to shore up the state’s cybersecurity readiness and better safeguard sensitive data by conducting a state-wide security assessment...

Read More