Large Language Models, aka LLMs, aka AI, aka ChatGPT, are bad for society. I don't want to beat around the bush on that, but I also don't want to talk about things like the destruction of art, the cratering of code security or accuracy, or the generation of large emails from bullet points that are reduced to bullet points on the other end, causing a lot to be written while data is lost. I don't want to talk about how we generate billions of photographs every day, billions of articles, and billions of songs, too many for any human to experience, so many there's people thinking about a data storage crisis, but now we have computers generating more without a reason. No, what I want to talk about is at the heart of organizations and people.
Read MoreThere is another side to the issue of user authorization. Sometimes, a user is authorized to do something organizationally, but the technical controls refuse to allow them to do this. Obviously, this is often because we can't make programs that do everything, but too often, we also decide to limit what a program can do due to security. Security, as we know, is not a one sized fits all process, and there are deep problems when we decide very early what security is. This decision is what the other side of the Authorized User problem.
Read MoreWelp, I guess I'm starting a blog today. I want to talk about how we secure systems today, but I don't want to talk about computers, I want to talk about organizations as systems. One of the things that I think haunts infosec is our insistence that technical solutions, computers, and similar automation is the solution to security. I think this is because it's easy to measure, and there's a belief that it's reliable. But today I want to talk about what I see as the core gap in that system.
Read MoreBecause we can't just secure computers