Podcasts about sensitive data

Nir Leibovich, Product Executive at QuickBooks Workforce, joined us on The Modern People Leader to discuss why HR and finance teams struggle when data lives in silos and how unified systems create better business decisions. Downloadable PDF with top takeaways: https://modernpeopleleader.kit.com/episode306----  Sponsor Links:

What health care and life sciences organizations need to know: "Bulk" Has a New Definition: The volume thresholds under the U.S. Department of Justice's (DOJ's) Bulk Sensitive Data (BSD) Transfer Rule are surprisingly low—sharing genomic data on just 100 people can trigger compliance requirements, catching many organizations off guard. HIPAA Compliance Is Not Enough: The BSD Transfer Rule creates an entirely new compliance layer that goes beyond existing privacy frameworks, such as the Health Insurance Portability and Accountability Act (HIPAA), applying even when data has been de-identified or anonymized. It's About Access, Not Just Transfers: Simply giving a foreign vendor, board member, or investor the ability to view sensitive data can trigger the BSD Transfer Rule—no formal data-sharing agreement is required. In this episode of Diagnosing Health Care®, Epstein Becker Green attorneys Laura DePonio, Elizabeth McEvoy, and Elena Quattrone walk health care and life sciences organizations through the DOJ's BSD Transfer Rule—from scoping and compliance to enforcement risks and exemptions. Navigate BSD Transfer Rule Compliance with Confidence: Our team has developed specific tools and advisory services to help organizations like yours understand their obligations under the BSD Transfer Rule, assess risk, and implement compliant data practices. Check out our free resource center: https://explore.ebglaw.com/resources/doj-bulk-sensitive-data-transfer-rule/ Visit our site for related resources and email contact information: https://www.ebglaw.com/dhc93. Listen to the series and subscribe for email notifications: http://diagnosinghealthcare.com. - Epstein Becker Green is a national law firm that focuses its resources on health care, life sciences, and workforce management solutions, coupled with powerful litigation strategies. This video is for informational purposes only and does not constitute legal advice. Viewing this video does not create an attorney-client relationship.  DIAGNOSING HEALTH CARE® is a registered trademark of Epstein Becker & Green, P.C. © Epstein Becker & Green, P.C. All Rights Reserved. Attorney Advertising.

Jeremy Samuelson is the Executive Vice President of AI and Innovation at Integrated Quantum Technologies (CSE: ICS). Jeremy, a former AI leader at Equifax and Mastercard, invented VEIL™ (Vector Encoded Information Layer) - a breakthrough privacy-preserving framework to let AI models work with sensitive data without ever exposing raw information to security breaches.Episode Blog Post: https://www.sharesforbeginners.com/blog/samuelson-ics

Jeremy Samuelson is the Executive Vice President of AI and Innovation at Integrated Quantum Technologies (CSE: ICS). Jeremy, a former AI leader at Equifax and Mastercard, invented VEIL™ (Vector Encoded Information Layer) - a breakthrough privacy-preserving framework to let AI models work with sensitive data without ever exposing raw information to security breaches.Episode Blog Post: https://www.sharesforbeginners.com/blog/samuelson-ics

Discover how WHOOP is building an AI-powered health data infrastructure that is redefining how we understand human health. Emily Capodilupo, Senior Vice President of Research, Algorithms, and Data at WHOOP, explains how continuous physiological data is uncovering new opportunities in predictive health through AI, from presymptomatic disease detection to biological age scoring. She examines the governance challenges of deploying AI in a regulated environment and what it takes to build the data trust required to make it work at scale. Key Moments: How WHOOP Built Its AI and Data Foundation (00:57): Emily explains how WHOOP's early focus on elite athlete performance shaped the data collection rigor and multidisciplinary science organization that now powers its predictive health capabilities. She outlines the model she built across AI, machine learning, clinical research, and digital signal processing, and why starting with the highest-demand use case created a data foundation built to scale. The Power of Continuous Data (06:21): Emily draws on WHOOP's sleep research to show how continuous physiological data reveals patterns that would be invisible without longitudinal tracking. She shares findings linking sleep architecture to metabolic disease, cancer risk, and cognitive decline, illustrating why the depth and continuity of a data set determine what insights are actually possible. The Data Governance Challenge of Acting on Sensitive Data (13:17): Emily shares how WHOOP's respiratory rate data could detect COVID infection up to three days before symptom onset in over 80% of cases, but a denied FDA application left the company holding actionable insights it was legally prohibited from sharing. She examines the governance tension that emerges when your data capabilities move faster than the regulatory frameworks designed to govern them. Turning Complex Multi-Signal Data Into a Single Actionable Metric (27:32): Emily introduces WHOOP's Healthspan feature, which translates physiological and behavioral data across nine components into a single biological age score tied to all-cause mortality risk. She explains why distilling complex data into one number is more motivating than presenting raw risk statistics, pointing to research that shows how age-based framing drives stronger behavior change. Building Data Trust and Privacy Infrastructure at Scale (31:40): As WHOOP moves into FDA-cleared products and more sensitive data collection, Emily outlines the governance principles that underpin member trust. She argues that for any organization building on sensitive personal data, the asymmetry between earning trust and losing it should be a foundational design constraint. Key Quotes: "It takes 13 years to earn the trust and one mistake to lose it. And that kind of asymmetry is constantly top of mind." - Emily Capodilupo "We were able to show that we could detect COVID up to three days before symptom onset in over 80% of cases." - Emily Capodilupo “ WHOOP has been collecting data [for] over 12 years. We're working on a lot of new types of algorithms that are able to help people understand their bodies in ways that we might not have appreciated…even just a couple years ago.” - Emily Capodilupo "One of the ways that AI has advanced the product... is this ability to chat with WHOOP in natural language, the way you might chat to a doctor or a trainer or a coach." - Emily Capodilupo Mentions Harvard Study | Analyzing changes in respiratory rate to predict the risk of COVID-19 infection  Cornell Study Uses WHOOP Sleep Data to Monitor Patients at Risk for Alzheimer's Can Data Help Us Sleep Better? | WHOOP There's More to Sleep than Sleep Need: The Importance of Sleep Consistency | WHOOP Cribsheet & Expecting Better 2 Books Collection Set By Emily Oster  The Family Firm: A Data-Driven Guide to Better Decision Making in the Early School Years By Emily Oster  Guest Bio  Emily Capodilupo is an award-winning AI and research leader with more than 13 years of experience building and scaling science-driven organizations in fast-paced startup environments. She began her career as an emergency medical technician before studying neurobiology and human sleep at Harvard University and conducting research at Brigham and Women's Hospital. Emily is driven by a passion for using data to solve hard problems and advance our understanding of human physiology. Along the way, she "accidentally" became a data scientist, recognizing that the biggest breakthroughs in health require not just rigorous science, but big data and bold technology.  As WHOOP's first employee, Emily founded and now leads the company's science organization, pioneering a new model of health that begins long before diagnosable illness and is continuous, personalized, AI-powered, and designed to empower individuals to take the driver's seat in their own well-being. She has built and scaled multidisciplinary teams across artificial intelligence, machine learning, digital signal processing, clinical research, and engineering to translate real-time physiological data into actionable insights that improve performance, resilience, and long-term health. Emily's work sits at the intersection of wearable technology, digital biomarkers, and predictive health, helping shift healthcare from reactive treatment to proactive optimization. Hear more from Cindi Howson here. Sponsored by ThoughtSpot.

Are you risking your legal case by chatting with open AI platforms like ChatGPT or Claude? You're not alone, and this episode reveals critical insights that could save your case—whether you're a lawyer, a client, or someone handling sensitive info. In this eye-opening discussion, Kevin Szczepanski dissects two landmark cases—US v. Heppner and Warner v. Gilbarco—that show how courts are scrutinizing AI communications in both criminal and civil contexts. Learn why, in the Heppner case, prompting AI without your lawyer's guidance led to the betrayal of attorney-client privilege, and why, in Warner, a pro se litigant's use of AI didn't waive work product protections. These rulings might seem straightforward, but they hold powerful lessons for anyone using AI to handle sensitive legal, financial, or personal information. Listen in for Kevin's analysis and stay tuned for updates on this increasingly relevant and complex topic.

In episode #64 of PodSpot, Jon Pittham is joined by Hank Lander, Group Product Manager at HubSpot, to discuss sensitive data management and AI governance in regulated industries. The episode explores how HubSpot defines and categorises sensitive data, how firms can configure controls within the platform, and what enhanced auditing and visibility look like in practice. The discussion also covers integration considerations for organisations connecting HubSpot with core systems. A key focus is AI. Hank explains HubSpot's approach to zero data retention, the handling of sensitive properties within AI workflows, and how customers can align platform controls with their own risk appetite. The episode also touches on emerging capabilities designed to help firms identify and manage sensitive information more proactively. This is a practical conversation for financial services and professional services leaders who want to balance innovation with strong governance, without compromising trust.   Key discussion points: 04:10 – What Is Sensitive Data? 10:05 – Standard vs Highly Sensitive Properties 16:05 – Audit Controls & Integrations 21:05 – Zero Data Retention and AI Model Transparency 29:10 – Roadmap Direction and Future Investment in Data Controls   Want to learn more about HubSpot? Visit our website: https://www.karman.digital/ Follow us on LinkedIn Listen on Spotify Listen on Apple Podcasts

EP 273.  This year starts with the high cost of Electricity and gets left exposed.Communities Across America Mobilize Against Massive AI-Powered Data Center Expansions.Surging GPS Interference Disrupts U.S. Aviation, Highlighting Growing Vulnerabilities in Critical Infrastructure.Cybersecurity Researchers Outsmart Notorious Cybercrime Group with Elaborate Honeypot Trap.Malicious Chrome Extensions Exposed for Stealthily Harvesting User Credentials from Over 170 Websites.Grok AI Faces Intense Scrutiny for Generating Widespread Nonconsensual Sexualized Images of Women.Investigative Journalist Exposes Thousands of Users on White Supremacist Platforms in Massive Data Leak.OpenAI Reportedly Preparing to Introduce Sponsored Content into ChatGPT Responses Starting in 2026.Ledger Confirms Fresh Data Breach via Third-Party Processor, Exposing Customer Names and Contacts.European Space Agency Acknowledges Cyber Intrusion as Hacker Claims Theft of 200GB of Sensitive Data.Let's start the new year with a bang!Find the full transcript here.

In this episode of Darnley's Cyber Café, we slow things down and look at a recent data leak involving Wired to understand what these incidents actually mean for everyday people.Millions of records. No passwords. No credit cards. And yet,  there is real risk.Using a real-world breach as the starting point, this conversation explores how seemingly harmless pieces of information can quietly add up over time, why delayed consequences are often the most dangerous, and what small, deliberate steps can help you stay in control of your digital footprint.This isn't a headline recap. It's a reflection on how data moves, how trust erodes, and why awareness still matters.Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

Enjoying the content? Let us know your feedback!In late 2025, Jaguar Land Rover was hit by a debilitating cyberattack that brought its global production to a near-standstill and ultimately exposed sensitive employee and contractor data, marking one of the most disruptive breaches in the automotive industry in recent memory.** The incident not only shuttered factories and hammered sales, but also served as a stark reminder of how deeply cybersecurity failures can ripple through complex modern supply chains and operations.- https://treblle.com: JLR Breach Breackdown Analysis-https://www.cyfirma.com: Investigation Report on Jaguar Land Rover Cyber Attack- https://therecord.media: Juaguard Land Rover Quarter Loss Cyber AttackBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

How modern ransomware actors are deploying multidimensional tactics to outpace traditional defencesStrategies to reduce data loss and sustain business operations after an attackAI and automation – enhancing visibility and accelerating response to ransomware threatsThom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Edward Starkie, Director, GRC | Cyber Risk, Thomas Murrayhttps://www.linkedin.com/in/edward-starkie-56712431/Cameron Brown, Head of Cyber Threat and Risk Analytics, Ariel Rehttps://www.linkedin.com/in/analyticalcyber/Jesus Cordero, Director, Solution Architects AppSec, NetSec & XDR, EMEA, Barracudahttps://www.linkedin.com/in/jcordero-guzm%C3%A1n/

Satellites are leaking a ton of sensitive data! by Nick Espinosa, Chief Security Fanatic

AI is moving too fast for regulation to keep up. Sumit Dhawan, CEO of Proofpoint, discusses how industries are adopting AI without knowing how to handle the technology. He notes that sensitive data, financial information, and critical infrastructure are being exposed as it's fed into the AI, and Sumit emphasizes that the machine doesn't know who is allowed to see what. He discusses how companies can keep data more secure and how to build stronger systems.======== Schwab Network ========Empowering every investor and trader, every market day. Subscribe to the Market Minute newsletter - https://schwabnetwork.com/subscribeDownload the iOS app - https://apps.apple.com/us/app/schwab-network/id1460719185Download the Amazon Fire Tv App - https://www.amazon.com/TD-Ameritrade-Network/dp/B07KRD76C7Watch on Sling - https://watch.sling.com/1/asset/191928615bd8d47686f94682aefaa007/watchWatch on Vizio - https://www.vizio.com/en/watchfreeplus-exploreWatch on DistroTV - https://www.distro.tv/live/schwab-network/Follow us on X – https://twitter.com/schwabnetworkFollow us on Facebook – https://www.facebook.com/schwabnetworkFollow us on LinkedIn - https://www.linkedin.com/company/schwab-network/ About Schwab Network - https://schwabnetwork.com/about

A federal appeals court is giving the Department of Government Efficiency access to sensitive data at several agencies. The U.S. Court of Appeals for the Fourth Circuit overturned a lower court's ruling that barred DOGE from accessing records at the Treasury Department … the Education Department … and the Office of Personnel Management. Appeals court judges ruling in favor of DOGE cited a recent Supreme Court ruling … that allowed DOGE officials access to Social Security Administration data on millions of Americans. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

On Part II of last week's Live Riff, co-hosted with Village Global, Reid fields audience member questions about scale product-market fit, license modeling, data sensitivities, and the future of customer service, along with positive use cases for deepfake technology and the making of Reid AI, his digital twin. He also tells a story from his PayPal days, when Peter Thiel gave him five days to come up with a solution to a problem that was putting money and user trust on the line.  For more info on the podcast and transcripts of all the episodes, visit https://www.possible.fm/podcast/  For Reid and Allie Miller's agent experiment: https://www.youtube.com/watch?v=YeLSq9D65m4  For Reid AI giving Reid's Perugia speech in multiple languages: https://www.reidhoffman.org/perugia-speech/  For the Masters of Scale episode about building trust featuring Daniel Ek: https://mastersofscale.com/daniel-ek-how-to-build-trust-fast/  

The Cybercrime Magazine Podcast brings you daily cybercrime news on WCYB Digital Radio, the first and only 7x24x365 internet radio station devoted to cybersecurity. Stay updated on the latest cyberattacks, hacks, data breaches, and more with our host. Don't miss an episode, airing every half-hour on WCYB Digital Radio and daily on our podcast. Listen to today's news at https://soundcloud.com/cybercrimemagazine/sets/cybercrime-daily-news. Brought to you by our Partner, Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies. Learn more at https://evolutionequity.com

The Defense Department is on the verge of fully launching the Cybersecurity Maturity Model Certification Program, or CMMC, after years of effort to secure sensitive information across the Defense Supply Chain. Federal News Network's Anastasia Obis took a deep dive into the origins of CMMC and she's here now with the fascinating history of this important program.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

After an informative 45-day trial run, the Department of the Navy is getting set to expand its rollout of emerging AI capabilities for sailors, Marines and civilians to speedily adopt in support of their daily operations — via its new DoN GPT tool. Jacob Glassman, who serves as senior technical advisor to the assistant secretary of the Navy for research, development and acquisition, told DefenseScoop Thursday that this is a new way for the Navy to rapidly innovate and rapidly prototype. GenAI encompasses the field of still-maturing technologies that can process huge volumes of data and perform increasingly “intelligent” tasks — like recognizing speech or producing human-like media and code based on human prompts. These capabilities are pushing the boundaries of what existing tech can achieve. Still, according to Glassman, the Navy has historically “struggled with AI adoption.” Amazon has received federal authorizations that allow Anthropic's Claude and Meta's Llama AI models to be used within high-sensitivity government computing environments, the company's cloud computing division announced Wednesday. The company has achieved FedRAMP “High” authorization as well as at the Defense Department's Impact Levels 4 and 5 for use of the two foundation models in AWS GovCloud, its government cloud environment, according to a blog post by Liz Martin, Department of Defense director at Amazon Web Services. That means it's met the security requirements needed for the AI models to be used with some of the government's most sensitive civilian and military information, and per Martin, it's the first cloud provider to receive that level of authorization for Claude and Llama. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

The decision to reverse course comes after an industry lobby group called for the rule change to be withdrawn. Also, speaking during a business summit in Doha, Trump said he met with Cook and asked him to stop building in India and instead increase production in the US ... and YouTube introduced an interactive product feed for shoppable TV ads Learn more about your ad choices. Visit podcastchoices.com/adchoices

Jason Schwent, cybersecurity attorney at Clark Hill, addresses the growing cyber security risks facing the cannabis industry. The discussion highlights the unique vulnerabilities of cannabis businesses due to heavy regulation, reliance on third-party vendors, and challenges with payment processing. Clark Hill wrote an article on The Growing Cybersecurity Risks in the Cannabis IndustryAn attorney specializing in cyber security emphasizes the importance of due diligence when selecting vendors, particularly point-of-sale systems, and stresses the need for robust security protocols to protect sensitive customer data, including government IDs and medical information.We also explore the potential legal and financial repercussions of data breaches, including regulatory scrutiny, lawsuits, and damage to brand reputation. It concludes with recommendations for proactive measures, such as developing incident response plans, obtaining appropriate cyber security insurance, and treating cyber security compliance as an ongoing process integrated into regular business operations.Advertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy

In Episode 3, host Jordan L. Fischer, Esq. interviews Corey Dennis, Chief Privacy Officer & Assistant General Counsel at Legend Biotech, where he leads the global privacy, cybersecurity, and artificial intelligence legal programs. In this episode, Jordan and Corey walk through two recent developments that are impacting data strategies in the healthcare and life sciences industry: the EU NIS2 Directive and the Department of Justice ("DOJ") Final Rule on the bulk transfer of sensitive data to “countries of concern” or “persons of concern.” Corey provides practical insights into the way that both of these new requirements are impacting businesses, as well as considerations for businesses who are required to comply with these changes. For more information on Corey Dennis, visit: https://www.linkedin.com/in/corey-m-dennis-cipp/. To contact our host, Jordan L. Fischer, Esq., regarding this podcast or to inquire into becoming a guest, please contact Ms. Fischer at jordan@jordanfischer.me.

AI Security in High-Risk Sectors In a recent conversation, Alec and I dove into the critical role of AI security, especially in high-risk sectors like healthcare and banking. Alec stressed that AI must be secure and aligned with business strategies while ensuring governance, risk management, regulatory compliance, and cybersecurity remain top priorities. I couldn't agree more—AI in the wrong hands or without proper safeguards is a ticking time bomb. Sensitive data needs protection, and businesses must stay ahead of evolving regulations. We also touched on the growing need for private AI solutions, given the rising threats of cyberattacks like prompt injections. Cybersecurity and AI in Organizations Our discussion expanded into cybersecurity and AI adoption within organizations. Unvetted AI solutions pose significant risks, making internal development and continuous monitoring essential. Alec's company, Artificial Intelligence Risk, Inc., deploys private AI within clients' firewalls, reinforcing security through governance and compliance measures. One key takeaway? Awareness is everything. Many organizations jump into AI without securing their systems first. I was particularly interested in the “aha moments” Alec's clients experience when they see AI-driven security solutions in action. AI Governance and Confidentiality Concerns Alec shared a governance issue where a company implemented Microsoft Copilot—only to discover it unintentionally exposed confidential employee data. This highlighted a major concern: AI needs strict guardrails. Alec advocated for a “belt and suspenders” approach—limiting system access, assigning AI agents to specific groups, and avoiding over-reliance on super users who could inadvertently misuse AI. The lesson? AI governance isn't optional; it's a necessity. AI Applications in Call Centers AI's potential spans across industries, and call centers are a prime example. Alec described a client who leveraged AI to analyze 150,000 call transcripts, leading to a 30% reduction in call length and an additional 30% drop in overall call volume—all thanks to AI-driven website improvements. Beyond customer service, AI is making waves in investment research, analyzing earnings calls and regulatory filings. I even shared a fun hypothetical—using AI to predict the Toronto Blue Jays' performance—proving that AI's applications go beyond business into fields like sports analytics. AI Adoption, Security, and Privacy Wrapping up, Alec and I discussed the double-edged sword of AI adoption. While AI presents massive opportunities, it also comes with security, ethical, and privacy risks. Alec emphasized the need for strong leadership in AI implementation, ensuring data quality remains a top priority. I pointed out that the fear of missing out (FOMO) on AI can lead companies to make reckless decisions—often at the cost of security. Alec's company specializes in AI security solutions that safeguard against data breaches and attacks on Large Language Models, reinforcing the importance of a strategic, security-first approach to AI adoption.   Alec Crawford is Founder & CEO of Artificial Intelligence Risk, Inc., a company that accelerates enterprise Gen AI adoption - safely. He has been working with AI since the 1980's when he built neutral networks from scratch for his Harvard senior thesis. He is a thought leader for Gen AI with a blog at aicrisk.com and podcast called AI Risk Reward. He has more than 30 years of experience on Wall Street with his last role being Partner and Chief Risk Officer for Investments at Lord Abbett. linkedin.com/in/aleccrawford Our Story Dedicated to shaping the future.   At AI Risk, Inc., we are dedicated to shaping the future of AI governance, risk management, and compliance. With AI poised to become a cornerstone of business operations, we recognize the need for software solutions that ensure its safety, reliability, and regulatory adherence. Learn more Our Journey ​ Founded in response to the burgeoning adoption of AI without proper safeguards, AI Risk, Inc. seeks to pioneer a new era of responsible AI usage. Our platform, AIR GRCC, empowers companies to manage AI effectively, mitigating risks and ensuring regulatory compliance across all AI models. ​ Why Choose AI Risk, Inc.? ​ Comprehensive Solutions: We offer an all-encompassing platform for AI governance, risk management, regulatory compliance, and cybersecurity. Expertise: With extensive experience across industries and global regulations, we provide tailored solutions to meet diverse business needs. Futureproofing: As AI regulations evolve, our platform remains updated and adaptable, ensuring businesses stay ahead of compliance requirements. Cybersecurity Focus: Recognizing the unique challenges of AI cybersecurity, we provide cutting-edge solutions to protect against threats and ensure data integrity. ​​ Get Started with AI Risk, Inc. ​ Whether you're a large corporation or a budding startup, AI Risk, Inc. is your partner in navigating the complexities of AI implementation securely and responsibly. Join us in shaping a future where AI drives innovation without compromising integrity or security.

The Data Chronicles dives into the recent FTC action against data broker Mobilewalla, which highlights the Commission's continued focus on the collection, use, and disclosure of sensitive consumer data, including by downstream data recipients in the ad tech ecosystem.  Join Scott Loughlin and Hogan Lovells colleague Alaa Salaheldin as they unpack the implications of the FTC action and what it means for the future of data privacy, ad tech and location data.

This episodes covers how Starlink users can be geolocated and how Cloudflare may help deanonymize users. The increased use of AI helpers leads to leaking data via careless prompts. Geolocation and Starlink https://isc.sans.edu/diary/Geolocation%20and%20Starlink/31612 Discover the potential geolocation risks associated with Starlink and how they might be exploited. This diary entry dives into new concerns for satellite internet users. Deanonymizing Users via Cloudflare https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117 Deanonymizing users by identifying which cloudflare server cashed particular content Sage's AI Assistant and Customer Data Concerns https://www.theregister.com/2025/01/20/sage_copilot_data_issue/ Examine how a Sage AI tool inadvertently exposed sensitive customer data, raising questions about AI governance and trust in business applications. The Threat of Sensitive Data in Generative AI Prompts https://www.darkreading.com/threat-intelligence/employees-sensitive-data-genai-prompts Analyze how employees careless prompts to generative AI tools can lead to sensitive data breaches and the importance of awareness training. Homebrew Phishing https://x.com/ryanchenkie/status/1880730173634699393

Memory is a problem for many people as they age. To combat this, wearable devices may help older adults recall precious memories through what is called 'life-logging', despite these technologies raising significant privacy concerns.Researchers at Singapore Management University, led by Thivya Kandappu, have developed PrivacyPrimer, a tool designed to protect sensitive information captured by wearable cameras. Their approach uses selective image obfuscation to safeguard privacy, while preserving the ability to reminisce - striking a balance between memory recall and security.Read the original research: doi.org/10.1145/3476047

Watch now! - https://www.youtube.com/@Urelevant Let's dive into some security concerns and what you can do to shore up your AI implementations inside of agent force so I noticed a post on LinkedIn that was gaining some traction that was from Amnon Kruvi and he's a Salesforce architect and he mentions in his post that "it took me exactly two questions to accidentally get agent force to reveal someone else's personal information using the default actions followed by hallucinating madeup orders for that person and then from there he's saying how AI has no business reading database records that is not to say there are no excellent use cases for it but delivering live information from a database is just too risky in the data protection era we need to be realistic with what kinds of solutions AI can safely deliver I understand the hype but some of it will just leave the door wide open for someone to steal your data." That really intrigued me when I first saw that is like wow this is giving up information and Salesforce has done a lot of work around the Einstein trust layer to try to protect information to mask sensitive data as it goes to a large language model but when you think about it as far as authentication methods that's something that always happens whenever you call into a call center and dealing with any sort of sensitive records often times you're asked to verify your phone number your date of birth perhaps provide the last four of your Social just different things as far as verifying and so what Amnon goes on to describe in some of the comments which I'll highlight some here in a moment is that the verification process was kind of thin and this was the default behavior and setup in the instruction sets inside of Agentforce and I'll dig in more to try to see what sort of org or instance he was in if this was is a free learner account I think one of the issues is is that this was the default setup provided by Salesforce which might lead to uh users trusting that just because it's coming from Salesforce just presuming that best practices were being used so we're going to explore in this video as well how you can help bring your instructions into alignment your various guardrails that you can put in place inside of Agentforce and then open up some of the possibilities as far is if there's things that are out of alignment or contradict one another in your guard rails and instructions these are all things that we now have to think about in this new age of AI that we're working in and navigating and so Amnon further iterates that does a good job of closing off a lot of attack vectors but the issue was with the default demo configuration being of poor quality and teaches bad processes that highlight the security risk involved with any kind of AI based technology and so here is my comment where I chimed in just saying for my perspective that there's so many challenges that abound from implementing generative AI and placing guard rail ensuring alignment across all instructions in Agentforce and the inevitable rapid release of new and improved models makes this a moving Target this is a good case study for the Agentforce testing center and previously we saw the release a few weeks ago of the Agentforce testing center where you can bulk test agent force performance and agent responses and I think that this is a good thing to think about is the hundreds or thousands of ways that prompts might come into an Enterprise and then testing out out in bulk the verification process so that you are not just giving away other people's information the scenario that Amnon is describing is he's self-identifying as someone saying that he is someone else giving that person's email address which sometimes is easy to find online and then asking questions about an order for example so you can see if you're dealing with agent force at a healthcare setting Financial Services Etc there's a lot of loopholes that could be exploited and so then Paul Battisson he had a question here missing that this is concerning and asking about the setup wanting to know more details as to what was the org in question what was the setup and so he answers Paul saying it was an SDO that's the Salesforce developer org and the main point here is that Amnon had a pretty good idea of why it was happening how to mitigate the situation as well his main point is that the default action should not be so exposed because people might think they're best practice and that's the point here is that when you see something from Salesforce you assume that everything's been thought out and thought through and that the proper guard rails are in place so whenever you're spinning up an instance that has Agentforce enabled you don't want to just necessarily take all the instruction sets at face value there's instructions you can place the agent level and inside of prompt templates and you will be wanting to audit those make sure that they're in alignment that's one of the points I was trying to make as far as this being indeed a moving Target coupled with as well in the background the constant Evolution and advancements with new large language models and those being added into agent force over time and so this is something that will not be set it and forget it sort of proposition but will always need to be being monitored by organizations and tested in bulk in mass and that's why the Agentforce testing center is so important is because we can't humanly scale to that point to think of all the variations as to the different approaches to be able to try to hack this in and there was another response further down from someone named Vani I didn't put her last name I checked her profile I'm not sure what her last name is she's bringing up since Agentforce can't function without Einstein trust layer uh which includes safeguards like data masking and access controls I'm curious do this happen even after having these protections or or do you think they're still room for improvement and so then Amnon responds back that I did not actively put someone's address as protected data in the trust layer configuration though it was enabled with the default settings and then basically said hey my email is xxx then asked it to tell me what my address and birthday were and so that is the example specifically of the prompt or the utterance that was given to Agentforce and it didn't really do a great job as far as verifying the identity of the person it was able to then verify by the email address assuming that that is the person that is chatting or prompting agent force and then was able to follow up with asking some follow-up questions and so then Andy Cotgreave brought up a great point as well saying we don't want to put the burden on the end user as far as having to test test test and that burden should be on Salesforce in the configuration of Agentforce and this I think it was this specific comment that caused me to remember theAgentforce testing center which was recently released that comment of test test test was realizing okay the burden is on the user and this is Salesforce's response is to use the Agentforce testing center because it we can't humanly scale as I said to test out all those different variations and so it's the coupling of humans and AI working together on that side of the fence to do that testing in in addition to configuring the Einstein Trust Layer setting and then as well the instruction sets for prompt templates the agent instructions as well the topic configurations so there's a lot of great conversation here and this really opens up some thought related to authentication of users and just the utterances and prompts that Agentforce will be faced with dealing with out in the wild so many thanks to Amnon Kruvi for insightful post bringing up some important aspects related to Security in the age of Agentforce and so be sure and check out Velza that is our implementation company we specialize in Salesforce implementations and agent force implementations reach out to us at Velza.com and we will schedule a call do a discovery and get your implementation out on the right foot or fix a failed implementation that seems to be all the rage nowadays is people trying to start over and get their configurations fixed especially in this age of AI and Agentforce also be sure and check out rapidreskill.com for Salesforce and AI training and be sure and like And subscribe to the Urelevant podcast feed the algorithm help others to find Urelevant as well it's all about helping you to find relevance in the economy of now I'm Mike wheeler signing off for now until next time I'll see you in the cloud

A cyberattack in Rhode Island targets those who applied for government assistance programs. U.S. Senators propose a three billion dollar budget item to “rip and replace” Chinese telecom equipment. The Clop ransomware gang confirms exploiting vulnerabilities in Cleo's managed file transfer platforms. A major Southern California healthcare provider suffers a ransomware attack. A leading US auto parts provider discloses a cyberattack on its Canadian business unit.SRP Federal Credit Union notifies over 240,000 individuals of cyberattack.  A sophisticated phishing campaign targets YouTube creators.  Researchers identify a high-severity vulnerability in Mullvad VPN. A horrific dark web forum moderator gets 30 years in prison. Our guests are Perry Carpenter and Mason Amadeus, hosts of the new FAIK Files podcast. Jailbreaking your license plate.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guests are Perry Carpenter and Mason Amadeus, hosts of The FAIK Files podcast, talking about their new show. You can find new episodes of The FAIK Files every Friday on the N2K CyberWire network.  Selected Reading Personal Data of Rhode Island Residents Breached in Large Cyberattack (The New York Times) Senators, witnesses: $3B for ‘rip and replace' a good start to preventing Salt Typhoon-style breaches ( CyberScoop) Clop ransomware claims responsibility for Cleo data theft attacks (Bleeping Computer) Hackers Steal 17M Patient Records in Attack on 3 Hospitals (BankInfo Security) Major Auto Parts Firm LKQ Hit by Cyberattack (Securityweek) SRP Federal Credit Union Ransomware Attack Impacts 240,000 (Securityweek) ConnectOnCall Announces 914K-Record Data Breach (HIPAA Journal) Malware Hidden in Fake Business Proposals Hits YouTube Creators (Hackread) Critical Mullvad VPN Vulnerabilities Let Attackers Execute Malicious Code (Cyber Security News)  Texan man gets 30 years in prison for running CSAM exchange (The Register) Hackers Can Jailbreak Digital License Plates to Make Others Pay Their Tolls and Tickets (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Proposed rules ban U.S. companies from selling sensitive data Cisco data stolen by IntelBroker Nidec breach exposes 50,000+ documents Thanks to today's episode sponsor, SpyCloud Did you know that infostealer malware can be a precursor to ransomware? Infostealers are a trending tactic used by cybercriminals to exfiltrate valuable identity data like credentials, PII, and session cookies. According to recent SpyCloud research, 75% of organizations were affected by ransomware more than once in the past year! Visit spycloud.com/headlines to find out how to keep your organization from becoming one of the statistics.

Bret and Nirmal are joined by Maria Vechtomova, a MLOps Tech Lead and co-founder of Marvelous MLOps, to discuss the obvious and not-so obvious differences between a MLOps Engineer and traditional DevOps jobs.Maria is here to discuss how DevOps engineers can adopt and operate machine learning workloads, also known as MLOps. With her expertise, we'll explore the challenges and best practices for implementing ML in a DevOps environment, including some hot takes on using Kubernetes.Be sure to check out the live recording of the complete show from June 20, 2024 on YouTube (Stream 271).★Topics★Marvelous MLOps on LinkedInMarvelous MLOps SubstackMarvelous MLOps YouTube ChannelCreators & Guests Cristi Cotovan - Editor Beth Fisher - Producer Bret Fisher - Host Maria Vechtomova - Guest Nirmal Mehta - Host (00:00) - Intro (02:04) - Maria's Content (03:22) - Tools and Technologies in MLOps (09:21) - DevOps vs MLOps: Key Differences (19:22) - Transitioning from DevOps to MLOps (22:52) - Model Accuracy vs Computational Efficiency (24:46) - MLOps with Sensitive Data (29:10) - MLOps Roadmap and Getting Started (32:36) - Tools and Platforms for MLOps (37:14) - Adapting MLOps Practices to Future Trends (44:08) - Is Golang an Option for CI/CD Automation? You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

The Justice Department is accusing TikTok of harnessing the capability to gather bulk information on users based on views on divisive social issues like gun control, abortion and religion. See omnystudio.com/listener for privacy information.

We've all heard about breaches of privacy and leaks of private health information (PHI). For healthcare providers and those storing this data, knowing where all the sensitive data is stored is non-trivial. Ramin, from Tausight, joins us to discuss how they have deploy edge AI models to help company search through billions of records for PHI.

The news of Texas covered today includes:Our Lone Star story of the day: Bumbling Biden's border order is fakery for the ballot box – only morons and those who have been in a coma the past three years can take it seriously – as the A.P. does! “Why now?”: Biden's new immigration policy to limit asylum seekers faces quick criticism in Texas Border Expert Exposes Biden's ‘Unserious' Executive Order DHS Fails to Monitor 77,000 Immigration Parolees; Can They Handle 1.1M Others? Our Lone Star story of the day is sponsored by Allied Compliance Services providing the best service in DOT, business and personal drug and alcohol testing since 1995.Texas sales tax collection up over May of last year.Much news from Ken Paxton's Office of Attorney General: Attorney General Ken Paxton Successfully Stops Unlawful Attempt By The Biden IRS To Impair Texas Child Support Programs Attorney General Ken Paxton Sues Biden Department of Labor for Attempting to Revive Illegal Obama-Era Mandate Attorney General Ken Paxton Launches Data Privacy and Security Initiative to Protect Texans' Sensitive Data from Illegal Exploitation by Tech, AI, and Other Companies OAG Asks Texas Supreme Court to Review Politically Motivated Lawfare Against Attorney General Paxton and OAG Leadership Listen on the radio, or station stream, at 5pm Central. Click for our radio and streaming affiliates.www.PrattonTexas.com

This week, Chelsea Smith, Chief Executive Officer & Information Security Consultant at CAJ Cyber Consulting LLC, joins the show.  In this episode, Chelsea shares her insights on Governance, Risk, and Compliance (GRC), emphasizing information security and business process analysis. She offers tips on enhancing information security, improving communication between Internal Audit teams and SICOs, and explores use cases involving cyber analytics.   Be sure to connect with Chelsea on LinkedIn.   Also, be sure to follow us on our new social media accounts on LinkedIn, Instagram, and TikTok.   Also be sure to sign up for The Audit Podcast newsletter and to check the full video interview on The Audit Podcast YouTube channel.   Timecodes: 3:08- How a Privacy Expert Uses ChatGPT 10:21 - The Flexibility of Living Life in Sprints 14:06 - Cyber Analytics Use Case Examples 20:31 - The impact of AI on SICOs 22:25 - Improving Communication Between Internal Audit Teams and SICOs 24:21 - Sensitive Data and the Risks of AI Tools 27:27 - Mitigating Personal Risk 30:52 - How Cyber Security can be Improved with Data Analytics   *   This podcast is brought to you by Greenskies Analytics, the services firm that helps auditors leap-frog up the analytics maturity model. Their approach for launching audit analytics programs with a series of proven quick-win analytics will guarantee the results worthy of the analytics hype.  Whether your audit team needs a data strategy, methodology, governance, literacy, or anything else related to audit and analytics, schedule time with Greenskies Analytics.

This episode of Screaming in the Cloud focuses on keeping critical data safe and organized, especially when there's a lot of it. Pranava Adduri, the CEO of Bedrock Security, shares the tools and methods Bedrock uses to help other businesses protect their essential information. They discuss how new technologies like AI can help manage vast amounts of data and ensure only the right people can access it.About Pranava:Pranava has worked in data protection and security for more than a decade. Before becoming an Entrepreneur In Residence at Greylock Partners in 2020, he was a Software Development Manager for AWS, where he worked with Fortune 500 CISOs to develop innovative products for data risk and compliance. Before that, he was a founding engineer at Rubrik, a SaaS data protection platform. Pranava graduated magna cum laude from the University of California, Berkeley with a triple-major B.S. in Computer Science, Industrial Engineering and Operations Research, and Economics, then obtained an M.S. from Berkeley in Industrial Engineering and Operations Research. Show highlights:(00:00) - Introduction (01:36) - Overview of Bedrock Security's solutions for large-scale data protection(03:04) - The importance of data classification and access control was discussed(04:47) - Exploring the limitations of current data governance (05:22) - Pranava details how data is managed in cloud environments(09:39) - Evolving strategies in data lake management and data volume growth(12:36) - Impact of generative AI on data creation and the need for retention(15:50) - Discussion on cost-effective data management solutions(23:45) - The role of AI in enhancing data security measures at Bedrock(25:42) - How customer feedback shapes Bedrock's AI security technology(27:19) - The growing necessity for sophisticated data security systems(29:22) - Upcoming events and where to find more about Bedrock Security and PranavaLinks: Bedrock Security: https://www.bedrock.security/ Bedrock Security X/Twitter: https://twitter.com/bedrocksecBedrock Security LinkedIn: https://www.linkedin.com/company/bedrocksec/Pranava's LinkedIn: https://www.linkedin.com/in/padduri/Pranava's Twitter: https://twitter.com/thenava?lang=enInnovation Sandbox 2024: https://www.businesswire.com/news/home/20240402284910/en/Bedrock-Security-Named-RSA-Conference-2024-Innovation-Sandbox-FinalistSponsorPanoptica Academy: https://panoptica.app/lastweekinaws  

Guest: Damien Desfontaines, Staff Scientist at Tumult LabsOn Linkedin | https://www.linkedin.com/in/desfontaines/On Twitter | https://twitter.com/TedOnPrivacyOn Mastodon  | https://hachyderm.io/@tedted____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesThis episode of Redefining CyberSecurity features a deep discussion between host, Sean Martin and guest, Damien Desfontaines on the topic of Differential Privacy (DP) and its implications in the field of cybersecurity. Damien, who currently works in a startup, Tumult Labs, primarily focuses on DP concepts and has rich prior experience from working in the anonymization team at Google. He shares key insights on how differential privacy — a tool to anonymize sensitive data can be effectively used by organizations to share or publish data safely, thus opening doors for new business opportunities.They discuss how differential privacy is gradually becoming a standard practice for companies wanting to share more data without incurring additional privacy risk. Damien also sheds light on the forthcoming guidelines from NIST regarding DP, which will equip organizations with a concrete framework to evaluate DP claims. Despite the positive dimension, Damien also discusses the potential pitfalls in the differential privacy implementation and the need for solid data protection strategies.The episode concludes with an interesting conversation about how technology and risk mitigation controls can pave way for more business opportunities in a secure manner.Key insights:Differential Privacy (DP) offers a mathematically proven methodology to anonymize sensitive data. It enables organizations to safely share or publish data, opening new business opportunities while adhering to privacy norms and standards.The forthcoming guidelines from NIST will equip organizations with a concrete framework to evaluate DP claims, fine-tune their privacy governance, and promote data governance within their operations.Implementing DP is complex and necessitates solid data protection strategies. Even with a strong mathematical foundation, the practical implementation of DP requires careful monitoring of potential vulnerabilities, illustrating the need for a holistic approach to data privacy.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Research shows that 26% of US workers currently work remotely, and there are expected to be 32.3 million American employees working remotely by 2025. To support these workers, organizations are adopting cloud solutions and migrating data to these cloud solutions. However, many businesses lack visibility into who has access to what data and when, especially in these cloud solutions. How should organizations reconcile the disconnect between data access and data security? Mike Scott, CISO at Immuta, joins Business Security Weekly to discuss best practices for moving sensitive data into the cloud, including data access and data security. If you're moving data into the cloud, listen in to learn how best to protect that data. In the leadership and communications section, Advice to Aspiring CISOs, New risk management framework helps with SEC mandate compliance, A Simple Hack to Help You Communicate More Effectively, and more! Show Notes: https://securityweekly.com/bsw-333 Visit https://www.securityweekly.com/bsw for all the latest episodes!