Researchers at the University of Illinois Urbana-Champaign have discovered that OpenAI's GPT-4 large language model can autonomously exploit real-world security vulnerabilities when provided with CVE advisories. The model successfully exploited 87% of tested one-day vulnerabilities, significantly outperforming other models and open-source vulnerability scanners. Despite the impressive performance, the success rate drastically reduces when access to CVE descriptions is restricted. The study highlights the potential for future models to facilitate even more effective exploits, stressing the need for proactive security measures rather than relying on security through obscurity.

OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories The Register

In Molly White's newsletter "AI isn't useless. But is it worth it?", she explores her complex views on artificial intelligence, likening her skepticism of AI to her criticisms of blockchain technology. White discusses the limited practicality of AI tools, which, while useful in specific scenarios such as simple coding tasks and proofreading, often fail to meet the grandiose claims of AI companies. She stresses the significant ethical, environmental, and social costs of developing these technologies. Despite finding personal utility in some applications of AI, she questions whether the broader impacts and the hype surrounding AI justify its use, especially in light of its potential to replace human labor and generate misleading information. Ultimately, White remains critical of the overhyped promises and the dangerous externalities of rapidly advancing AI technology.

AI isn't useless. But is it worth it? publication

Cerebral, a virtual mental health platform, has agreed to a $7.1 million settlement with the Federal Trade Commission (FTC) for mishandling sensitive patient data and sharing it with advertisers. The settlement includes utilizing $5.1 million of the fine for partial refunds to users who struggled to cancel services due to deceptive practices. Founder Kyle Robertson is facing potential personal charges, as he was deeply involved in the platform's problematic policies. The FTC's complaint highlighted the platform's failure to safeguard patient privacy, exposing sensitive health information to third-party advertisers and employing questionable patient engagement tactics. As part of the resolution, Cerebral is banned from using health information for advertising and must overhaul its privacy and data security protocols. This action follows a rare self-reporting to regulators by Cerebral in 2022 amidst leadership changes, with the company expressing a commitment to moving forward with enhanced security measures while still offering its services within new regulatory guidelines.

Mental health platform fined $7M by FTC for sharing data with advertisers healthexec.com

Apple has launched the Apple Vision Pro, introducing a revolutionary platform for health app developers through visionOS. This new technology provides an “infinite canvas” for creating spatial experiences that seamlessly integrate digital content with the physical environment, transforming healthcare delivery in settings ranging from clinics to home care. Developers now have the ability to craft applications that were previously unfeasible, focusing on critical areas such as clinical education, surgical planning, medical imaging, and behavioral health. The suite of apps designed for the Vision Pro—including surgical planning tools like Stryker’s myMako and educational platforms such as CyranoHealth—demonstrates the extensive possibilities for enhancing patient care and professional training. Apple's advancements signify a shift towards more interactive and immersive healthcare technologies that promise to improve outcomes and operational efficiency across the medical field.

Apple Vision Pro unlocks new opportunities for health app developers publication