Subj : CRYPTO-GRAM, May 15, 2025
To   : All
From : Sean Rima
Date : Thu May 15 2025 12:39:28

ts, without compromising individualsrCO privacy.

NCSC blog entry.

** *** ***** ******* *********** *************

Privacy for Agentic AI

[2025.05.02] Sooner or later, itrCOs going to happen. AI systems will start acting as agents, doing things on our behalf with some degree of autonomy. I think itrCOs worth thinking about the security of that now, while its still a nascent idea.

In 2019, I joined Inrupt, a company that is commercializing Tim Berners-LeerCOs open protocol for distributed data ownership. We are working on a digital wallet that can make use of AI in this way. (We used to call it an rCLactive wallet.rCY Now werCOre calling it an rCLagentic wallet.rCY)

I talked about this a bit at the RSA Conference earlier this week, in my keynote talk about AI and trust. Any useful AI assistant is going to require a level of access -- and therefore trust -- that rivals what we currently our email provider, social network, or smartphone.

This Active Wallet is an example of an AI assistant. ItrCOll combine personal information about you, transactional data that you are a party to, and general information about the world. And use that to answer questions, make predictions, and ultimately act on your behalf. We have demos of this running right now. At least in its early stages. Making it work is going require an extraordinary amount of trust in the system. This requires integrity. Which is why werCOre building protections in from the beginning.

Visa is also thinking about this. It just announced a protocol that uses AI to help people make purchasing decisions.

I like VisarCOs approach because itrCOs an AI-agnostic standard. I worry a lot about lock-in and monopolization of this space, so anything that lets people easily switch between AI models is good. And I like that Visa is working with Inrupt so that the data is decentralized as well. HererCOs our announcement about its announcement:

This isnrCOt a new relationship -- werCOve been working together for over two years. WerCOve conducted a successful POC and now werCOre standing up a sandbox inside Visa so merchants, financial institutions and LLM providers can test our Agentic Wallets alongside the rest of VisarCOs suite of Intelligent Commerce APIs.

For that matter, we welcome any other company that wants to engage in the world of personal, consented Agentic Commerce to come work with us as well.

I joined Inrupt years ago because I thought that Solid could do for personal data what HTML did for published information. I liked that the protocol was an open standard, and that it distributed data instead of centralizing it. AI agents need decentralized data. rCLWalletrCY is a good metaphor for personal data stores. IrCOm hoping this is another step towards adoption.

** *** ***** ******* *********** *************

Another Move in the Deepfake Creation/Detection Arms Race

[2025.05.05] Deepfakes are now mimicking heartbeats

In a nutshell

Recent research reveals that high-quality deepfakes unintentionally retain the heartbeat patterns from their source videos, undermining traditional detection methods that relied on detecting subtle skin color changes linked to heartbeats.
The assumption that deepfakes lack physiological signals, such as heart rate, is no longer valid. This challenges many existing detection tools, which may need significant redesigns to keep up with the evolving technology. To effectively identify high-quality deepfakes, researchers suggest shifting focus from just detecting heart rate signals to analyzing how blood flow is distributed across different facial regions, providing a more accurate detection strategy.
And the AI models will start mimicking that.

** *** ***** ******* *********** *************

Fake Student Fraud in Community Colleges

[2025.05.06] Reporting on the rise of fake students enrolling in community college courses:

The botsrCO goal is to bilk state and federal financial aid money by enrolling in classes, and remaining enrolled in them, long enough for aid disbursements to go out. They often accomplish this by submitting AI-generated work. And because community colleges accept all applicants, theyrCOve been almost exclusively impacted by the fraud.

The article talks about the rise of this type of fraud, the difficulty of detecting it, and how it upends quite a bit of the class structure and learning community.

Slashdot thread.

** *** ***** ******* *********** *************

Chinese AI Submersible

[2025.05.07] A Chinese company has developed an AI-piloted submersible that can reach speeds rCLsimilar to a destroyer or a US Navy torpedo,rCY dive rCLup to 60 metres underwater,rCY and rCLremain static for more than a month, like the stealth capabilities of a nuclear submarine.rCY In case yourCOre worried about the military applications of this, you can relax because the company says that the submersible is rCLdesignated for civilian userCY and can rCLlaunch research rockets.rCY

rCLResearch rockets.rCY Sure.

** *** ***** ******* *********** *************

Florida Backdoor Bill Fails

[2025.05.12] A Florida bill requiring encryption backdoors failed to pass.

** *** ***** ******* *********** *************

Court Rules Against NSO Group

[2025.05.13] The case is over:

A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a software vulnerability that hijacked the phones of thousands of users.

IrCOm sure itrCOll be appealed. Everything always is.

** *** ***** ******* *********** *************

GooglerCOs Advanced Protection Now on Android

[2025.05.14] Google has extended its Advanced Protection features to Android devices. ItrCOs not for everybody, but something to be considered by high-risk users.

Wired article, behind a paywall.

** *** ***** ******* *********** *************

Upcoming Speaking Engagements

[2025.05.14] This is a current list of where and when I am scheduled to speak:

IrCOm speaking (remotely) at the Sektor 3.0 Festival in Warsaw, Poland, May 21-22, 2025.
The list is maintained on this page.

** *** ***** ******* *********** *************

AI-Generated Law

[2025.05.15] On April 14, Dubai's ruler, Sheikh Mohammed bin Rashid Al Maktoum, announced that the United Arab Emirates would begin using artificial intelligence to help write its laws. A new Regulatory Intelligence Office would use the technology to "regularly suggest updates" to the law and "accelerate the issuance of legislation by up to 70%." AI would create a "comprehensive legislative plan" spanning local and federal law and would be connected to public administration, the courts, and global policy trends.

The plan was widely greeted with astonishment. This sort of AI legislating would be a global "first," with the potential to go "horribly wrong." Skeptics fear that the AI model will make up facts or fundamentally fail to understand societal tenets such as fair treatment and justice when influencing law.

The truth is, the UAE's idea of AI-generated law is not really a first and not necessarily terrible.

The first instance of enacted law known to have been written by AI was p

--- BBBS/LiR v4.10 Toy-7
 * Origin: TCOB1: https/binkd/telnet binkd.rima.ie (618:500/1)

.