Vulnerabilities

At Google Singapore, Google Cloud’s Mark Johnston highlighted the ongoing struggle for cybersecurity defenders. He revealed that 69% of APAC breaches are detected by external parties, underscoring detection weaknesses. Google Cloud is leveraging AI to improve defenses, but acknowledges AI also empowers attackers. Initiatives like Project Zero’s “Big Sleep” use AI for vulnerability discovery. While promising, AI automation introduces risks and requires human oversight. Budget constraints and the need for partners offering scalable solutions pose challenges for CISOs. Post-quantum cryptography deployment is underway.

Zhou Hongyi, founder of 360, addressed concerns about Nvidia’s H20 AI chip security at a Beijing conference, following reports of Chinese regulatory scrutiny. While acknowledging the difficulty of detecting hardware backdoors, Zhou stated software-related vulnerabilities are inevitable. He distinguished between intentional backdoors and unintentional vulnerabilities, suggesting China’s suspicions are reasonable given past US government requests to Nvidia. Despite this, Zhou believes Nvidia likely has no deliberate malicious intent and proposed a third-party security audit to address concerns. Nvidia denies any backdoors in its chips.