Security researchers have discovered a new malicious chatbot advertised on cybercrime forums. GhostGPT generates malware, business email compromise scams, and more material for illegal activities. The chatbot likely uses a wrapper to connect to a jailbroken version of OpenAI’s ChatGPT or another large language model, the Abnormal Security experts suspect. Jailbroken chatbots have been instructed to ignore their safeguards to prove more useful to criminals. Must-read security coverage What is GhostGPT? The security researchers found an advert for GhostGPT on a cyber forum, and the image of a hooded figure as its background is not the only clue that it is intended for nefarious purposes. The bot offers fast processing speeds, useful for time-pressured attack campaigns. For example, ransomware attackers must act quickly once within a target system before defenses are strengthened. The official advertisement graphic for GhostGPT. Image: Abnormal Security It also says that user activity is not logged on GhostGPT and can be bought through the encrypted messenger app Telegram, likely to appeal to criminals who are concerned about privacy. The chatbot can be used within Telegram, so no suspicious software needs to be downloaded onto the user’s device. Its accessibility through Telegram saves time, too. The hacker does not need to craft a convoluted jailbreak prompt or set up an open-source model. Instead, they just pay for access and can get going. “GhostGPT is basically marketed for a range of malicious activities, including coding, malware creation, and exploit development,” the Abnormal Security researchers said in their report. “It can also be used to write convincing emails for BEC scams, making it a convenient tool for committing cybercrime.” It does mention “cybersecurity” as a potential use on the advert, but, given the language alluding to its effectiveness for criminal activities, the researchers say this is likely a “weak attempt to dodge legal accountability.” To test its capabilities, the researchers gave it the prompt “Write a phishing email from Docusign,” and it responded with a convincing template, including a space for a “Fake Support Number.” A phishing email generated by GhostGPT. Image: Abnormal Security The ad has racked up thousands of views, indicating both that GhostGPT is proving useful and that there is growing interest amongst cyber criminals in jailbroken LLMs. Despite this, research has shown that phishing emails written by humans have a 3% better click rate than those written by AI, and are also reported as suspicious at a lower rate. However, AI-generated material can also be created and distributed more quickly and can be done by almost anyone with a credit card, regardless of technical knowledge. It can also be used for more than just phishing attacks; researchers have found that GPT-4 can autonomously exploit 87% of “one-day” vulnerabilities when provided with the necessary tools. Jailbroken GPTs have been emerging and actively used for nearly two years Private GPT models for nefarious use have been emerging for some time. In April 2024, a report from security firm Radware named them as one of the biggest impacts of AI on the cybersecurity landscape that year. Creators of such private GPTs tend to offer access for a monthly fee of hundreds to thousands of dollars, making them good business. However, it’s also not insurmountably difficult to jailbreak existing models, with research showing that 20% of such attacks are successful. On average, adversaries need just 42 seconds and five interactions to break through. SEE: AI-Assisted Attacks Top Cyber Threat, Gartner Finds Other examples of such models include WormGPT, WolfGPT, EscapeGPT, FraudGPT, DarkBard, and Dark Gemini. In August 2023, Rakesh Krishnan, a senior threat analyst at Netenrich, told Wired that FraudGPT only appeared to have a few subscribers and that “all these projects are in their infancy.” However, in January, a panel at the World Economic Forum, including Secretary General of INTERPOL Jürgen Stock, discussed FraudGPT specifically, highlighting its continued relevance. There is evidence that criminals are already using AI for their cyber attacks. The number of business email compromise attacks detected by security firm Vipre in the second quarter of 2024 was 20% higher than the same period in 2023 — and two-fifths of them were generated by AI. In June, HP intercepted an email campaign spreading malware in the wild with a script that “was highly likely to have been written with the help of GenAI.” Pascal Geenens, Radware’s director of threat intelligence, told TechRepublic in an email: “The next advancement in this area, in my opinion, will be the implementation of frameworks for agentific AI services. In the near future, look for fully automated AI agent swarms that can accomplish even more complex tasks.” source

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More DeepSeek’s release of R1 this week was a watershed moment in the field of AI. Nobody thought a Chinese startup would be the first to drop a reasoning model matching OpenAI’s o1 and open-source it (in line with OpenAI’s original mission) at the same time. Enterprises can easily download R1’s weights via Hugging Face, but access has never been the problem — over 80% of teams are using or planning to use open models. Deployment is the real culprit. If you go with hyperscaler services, like Vertex AI, you’re locked into a specific cloud. On the other hand, if you go solo and build in-house, there’s the challenge of resource constraints as you have to set up a dozen different components just to get started, let alone optimizing or scaling downstream. To address this challenge, Y Combinator and SenseAI-backed Pipeshift is launching an end-to-end platform that allows enterprises to train, deploy and scale open-source generative AI models — LLMs, vision models, audio models and image models — across any cloud or on-prem GPUs. The company is competing with a rapidly growing domain that includes Baseten, Domino Data Lab, Together AI and Simplismart. The key value proposition? Pipeshift uses a modular inference engine that can quickly be optimized for speed and efficiency, helping teams not only deploy 30 times faster but achieve more with the same infrastructure, leading to as much as 60% cost savings.  Imagine running inferences worth four GPUs with just one. The orchestration bottleneck When you have to run different models, stitching together a functional MLOps stack in-house — from accessing compute, training and fine-tuning to production-grade deployment and monitoring — becomes the problem. You have to set up 10 different inference components and instances to get things up and running and then put in thousands of engineering hours for even the smallest of optimizations.  “There are multiple components of an inference engine,” Arko Chattopadhyay, cofounder and CEO of Pipeshift, told VentureBeat. “Every combination of these components creates a distinct engine with varying performance for the same workload. Identifying the optimal combination to maximize ROI requires weeks of repetitive experimentation and fine-tuning of settings. In most cases, the in-house teams can take years to develop pipelines that can allow for the flexibility and modularization of infrastructure, pushing enterprises behind in the market alongside accumulating massive tech debts.” While there are startups that offer platforms to deploy open models across cloud or on-premise environments, Chattopadhyay says most of them are GPU brokers, offering one-size-fits-all inference solutions. As a result, they maintain separate GPU instances for different LLMs, which doesn’t help when teams want to save costs and optimize for performance. To fix this, Chattopadhyay started Pipeshift and developed a framework called modular architecture for GPU-based inference clusters (MAGIC), aimed at distributing the inference stack into different plug-and-play pieces. The work created a Lego-like system that allows teams to configure the right inference stack for their workloads, without the hassle of infrastructure engineering. This way, a team can quickly add or interchange different inference components to piece together a customized inference engine that can extract more out of existing infrastructure to meet expectations for costs, throughput or even scalability.  For instance, a team could set up a unified inference system, where multiple domain-specific LLMs could run with hot-swapping on a single GPU, utilizing it to full benefit. Running four GPU workloads on one Since claiming to offer a modular inference solution is one thing and delivering on it is entirely another, Pipeshift’s founder was quick to point out the benefits of the company’s offering.  “In terms of operational expenses…MAGIC allows you to run LLMs like Llama 3.1 8B at >500 tokens/sec on a given set of Nvidia GPUs without any model quantization or compression,” he said. “This unlocks a massive reduction of scaling costs as the GPUs can now handle workloads that are an order of magnitude 20-30 times what they originally were able to achieve using the native platforms offered by the cloud providers.” The CEO noted that the company is already working with 30 companies on an annual license-based model.  One of these is a Fortune 500 retailer that initially used four independent GPU instances to run four open fine-tuned models for their automated support and document processing workflows. Each of these GPU clusters was scaling independently, adding to massive cost overheads. “Large-scale fine-tuning was not possible as datasets became larger and all the pipelines were supporting single-GPU workloads while requiring you to upload all the data at once. Plus, there was no auto-scaling support with tools like AWS Sagemaker, which made it hard to ensure optimal use of infra, pushing the company to pre-approve quotas and reserve capacity beforehand for theoretical scale that only hit 5% of the time,” Chattopadhyay noted. Interestingly, after shifting to Pipeshift’s modular architecture, all the fine-tunes were brought down to a single GPU instance that served them in parallel, without any memory partitioning or model degradation. This brought down the requirement to run these workloads from four GPUs to just a single GPU. “Without additional optimizations, we were able to scale the capabilities of the GPU to a point where it was serving five-times-faster tokens for inference and could handle a four-times-higher scale,” the CEO added. In all, he said that the company saw a 30-times faster deployment timeline and a 60% reduction in infrastructure costs. With modular architecture, Pipeshift wants to position itself as the go-to platform for deploying all cutting-edge open-source AI models, including DeepSeek R-1. However, it won’t be an easy ride as competitors continue to evolve their offerings. For instance, Simplismart, which raised $7 million a few months ago, is taking a similar software-optimized approach to inference. Cloud service providers like Google Cloud and Microsoft Azure are also bolstering their respective offerings, although Chattopadhyay thinks these CSPs will be more like partners than competitors in the long run.

While the push for digital transformation has been underway for years, many enterprises still have legacy technology deeply ingrained in their tech stacks. In many cases, these systems are years or even decades old but remain integral to keeping a business operational. Simply ripping them out and replacing them is often not a plausible quick fix.   “It’s actually quite hard to fully demise previous versions of technology as we adopt new versions, and so you end up with the sort of layering of various ages of all the technologies,” says Nick Godfrey, senior director and global head, office of the CISO at Google Cloud.   Given that continued use of legacy systems comes with risk, why are legacy systems still so common today? How can enterprise leaders manage that risk and move forward?   A Universal Challenge  In 2019, the Government Accountability Office (GAO) identified 10 critical federal IT legacy systems. These systems were 8 to 51 years old and cost roughly $337 million to operate and maintain each year.   Government is hardly the only sector that relies on outdated systems. The banking sector uses COBOL, a decades-old coding language, heavily. The health care industry is rife with examples of outdated electronic health record (EHR) systems and legacy hardware. One survey found that 74% of manufacturing and engineering companies use legacy systems and spreadsheets to operate.   Related:Tech Company Layoffs: The COVID Tech Bubble Bursts “If we talk about banking, manufacturing, and health care, you would find a big chunk of legacy systems are actually elements of the operational technology that it takes to operate that business,” says Joel Burleson-Davis, senior vice president of worldwide engineering, cyber at Imprivata, a digital identity security company.   The cost of replacing these systems isn’t simply the price tag that comes with the new technology. It’s also the downtime that comes with making the change.   “The hardest way to drive the car is when you’re trying to change the tire at the same time,” says Austin Allen, director of solutions architecture at Airlock Digital, an application control company. “You think about one hour of downtime … you can be talking about millions of dollars depending on the company.”  A survey conducted by commercial software company SnapLogic found that organizations spent an average of $2.7 million to overhaul legacy tech in 2023.   As expensive as it is to replace legacy technology, keeping it in place could prove to be more costly. Legacy systems are vulnerable to cyberattacks and data breaches. In 2024, the average cost of a data breach is $4.88 million, according to IBM’s Cost of a Data Breach Report 2024.   Related:Securing a Better Salary: Tips for IT Pros Evaluating the Tech Stack  The first step to assessing the risk that legacy systems pose to an enterprise is understanding how they are being used. It sounds simple enough on the surface, but enterprise infrastructure is incredibly complicated.   “Everybody wishes that they had all of their processes. and all of their systems integrations documented, but they don’t,” says Jen Curry Hendrickson, senior vice president of managed services at DataBank, a data center solutions company.   Once security and technology leaders conduct a thorough inventory of systems and understand how enterprise data is moving through those systems, they can assess the risks.   “This technology was designed and installed many, many years ago when the threat profile was significantly different,” says Godfrey. “It is creating an ever more complex surface area.”   What systems can be updated or patched? What systems are no longer supported by vendors? How could threat actors leverage access to a legacy system for lateral movement?   Managing Legacy System Risk  Once enterprise leaders have a clear picture of their organizations’ legacy systems and the risk they pose, they have a choice to make. Do they replace those systems, or do they keep them in place and manage those risks?  “Businesses are fully entitled — maybe they shouldn’t [be] — but they’re fully entitled to say no, ‘I understand the risk and that’s not something we’re going to address right now,’” says Burleson-Davis. “Industries that tend to have lower margins and be a little more resource-strapped are the likeliest to make some of those tradeoffs.”  Related:Mobile App Integration’s Day Has Come If an enterprise cannot replace a legacy system, its security and technology leaders can still take steps to reduce the risk of it becoming a doorway for threat actors.   Security teams can implement compensating controls to look for signs of compromise. They can implement zero-trust access and isolate legacy systems from the rest of the enterprise’s network as much as possible.   “Legacy systems really should be hardened from the operating system side. You should be turning off operating system features that do not have any business purpose in your environment by default,” Allen emphasizes.   Security leaders may even find relatively simple ways to reduce risk exposure related to legacy systems.  “People will often find, ‘Oh, I’m running 18 different versions of the same virtualization package Why don’t I go to one?’” Burleson-Davis shares. “We find people running into scenarios like that where after doing a proper inventory [they] find that there was some low-hanging fruit that really solved some of that risk.”  Transitioning Away from Legacy Systems  Enterprise leaders have to clear a number of hurdles in order to replace legacy systems successfully. The cost and the time are obvious challenges. Given the age of these systems, talent constraints come to the fore. Does the enterprise have people who understand how the legacy system works and how it can be replaced?  “You end up with a very complex skills requirement inside of your organization to be able to manage very old types of technologies through to cutting-edge technologies,” Godfrey points out.   A change advisory board (CAB) can lead the charge on strategic planning. That group of people can help answer vital questions about the timeline for the transition, the potential downtime, and the people necessary to execute the change.   “How does that affect anything downstream or upstream? Where is my

By David Minsky ( January 23, 2025, 6:35 PM EST) — A Micron Technology Inc. shareholder has accused the company CEO and several board members of insider trading after selling $70 million worth of stock just before the release of disappointing financial results regarding demand for its semiconductors…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

In 2025, the United States holds a pivotal role in the global economy, commanding 40% of tech spend, 37% of the digital economy, and 26% of global GDP. Despite the economic policy uncertainty of the new administration, several factors stand out as likely influencers of future US economic growth: Increased spending through tariffs and tax cuts. If the new administration helps to increase consumer spending through tax cuts and the imposition of tariffs on imported goods, the Federal Reserve will need to increase interest rates to manage inflation. Higher interest rates lower inflation, strengthen the US dollar, and attract foreign capital. In this scenario, countries with more US dollar debt such as Egypt, Turkey, and Argentina would suffer. A leaner government. Plans to cut jobs to streamline government operations could slow economic growth and reduce spending on imports, which would impact the economic growth of net exporter countries to the US such as China, Mexico, Vietnam, and Germany. The importance of consumer resilience. The new administration will place a high priority on protecting incomes. In the last three years, inflation cannibalized income growth gains. Large variations of per capita personal consumption expenditure growth across states over the last three years highlight state inequality and an uneven post-pandemic economic recovery. Sector-specific changes. The new administration will likely decrease spending on the green economy, reduce the reliance on chip imports, and increase defense spending. European industries, particularly life sciences, automotive, and chemicals, should brace for the impact of the new US administration’s policies. Eleven percent of EU exports to the US is from road vehicles, and 18% is from medicinal and pharmaceutical products. Protectionist measures from higher import tariffs could compel European car manufacturers to augment their production within the US. Additionally, the pharmaceutical sector might face pressures to lower prices, and the banking sector could see increased competition amidst deregulatory measures in the US. Businesses and countries will need to prepare for these various scenarios, and resilience and adaptability will be critical factors to success. European sectors must prepare for a protectionist US car industry, more pressure to lower pharmaceutical prices, and, as the US is a net exporter of financial services, more banking competition. Driven by the US, Forrester forecasts that North America will see the highest regional tech spend growth in 2025. We just published a report on the potential impact of a new US administration and policy on tech spend. Keep an eye out for Forrester’s upcoming global, US, and European tech forecasts, 2024 to 2029, that are soon to be published. Please contact your Forrester account manager or client success manager to set up a guidance session with me to learn more. source

By Jeremiah Helm and Sean Murray ( January 21, 2025, 2:29 PM EST) — This article is part of a monthly column that highlights an important patent appeal. In this installment, we examine 2024’s most significant rulings…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

“Public safety and innovation will inevitably pull in different directions when it comes to regulations,” said Abhishek Sengupta, Practice Director at Everest Group. “Most nations recognize the criticality of AI in preserving and enhancing their national influence on the global stage. Amidst this, it seems likely that at least in the near term, regulations may cede to the need for immediate AI innovation.” While industry voices have welcomed the removal of regulatory constraints, some experts warn that the lack of oversight could lead to uneven implementation and governance challenges. “Deregulation can spark short-term innovation, giving US enterprises the flexibility to experiment and deploy AI at speed,” said Abhivyakti Sengar, Senior Analyst at Everest Group. “However, repealing Biden’s AI executive order risks creating a fragmented landscape with uneven governance standards. Without clear frameworks, enterprises could also struggle to adopt AI responsibly, weakening America’s leadership by fostering inconsistent, patchwork solutions.’” source

By Christopher Gismondi and Allen Waxman ( January 22, 2025, 5:10 PM EST) — In recent years, there has been an ongoing series of personal injury and product liability lawsuits alleging that the use of certain digital products and services is causing plaintiffs to develop behavioral addictions, including to social media and video games…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

Creator marketing programs have become a cornerstone of the social media marketing strategy across industries. As such, Forrester recommends an evolved set of metrics for measurement to optimize and show overall impact on the organization. Considering that two-thirds of B2C marketing decision-makers planned to increase investment in creator/influencer programs in 2024, teams from experimental to expert status must ensure that they are activating the right levers to maximize these partnerships. Add New Layers As The Investment Grows In our recent report, Forrester introduces frameworks for marketers to assess their progress in the journey toward running an effective multidimensional program, guiding them through the building blocks necessary at each investment level to achieve it. To effectively scale your creator marketing program, we recommend that you: Increase the number and types of creators. A wide array of creators with varying areas of specialty increases reach, shows different facets of the brand, and fosters connection with many communities. Add new business objectives. More substantial creator partnership investments allow marketers to widen the breadth of their creator activations and deliver on more business objectives. Diversify content types and delivery. Creator content is no longer limited to the confines of a consumer’s feed or “for you” page. Content repurposed for new channels such as out-of-home and CTV maximizes reach beyond the organic post. Invest in the right tech, services, and headcount. To run a full-scale creator program, adopt an influencer marketing platform and expand team support, insourced and/or outsourced. Prioritize mature measurement practices. Forrester’s Creator Composite Measurement Model aids in establishing a well-rounded measurement strategy to optimize creator marketing efforts and assess impact. This will ensure vested buy-in from leaders, unlocking greater opportunity for growth and exploration. Read the full report to leverage Forrester’s frameworks and strategically grow and scale creator marketing programs at any phase of commitment, from nascence to multimillion-dollar investment. Forrester clients, schedule a guidance session with me to discuss your creator marketing strategy. source