TECH NEWS

Confidentiality is not security: Why the real AI runtime crisis Is the Authorization Gap

https://cdn.mos.cms.futurecdn.net/UjSNcAZ5SebctebKAMQNVF-2560-80.jpg

A comforting story is taking hold in enterprise cybersecurity circles: AI is broken at runtime because we haven't protected data while it's in use, and the answer is to wrap workloads in encrypted memory, hardware enclaves, and cryptographic attestation.

Get the confidentiality model right, the argument goes, and AI security will follow.

Confidentiality is necessary. It is not sufficient.

An AI workload running in a perfectly attested, fully encrypted enclave will, with complete fidelity, execute whatever instruction reaches it — including the instruction to exfiltrate a customer database, mutate a production config, or wire money to an attacker's account.

The enclave protects the bytes. It does not ask whether the action should happen.

That question — should this identity be permitted to take this action against this resource, in this context, right now? — is the question almost no one is answering at runtime.

That is the Authorization Gap,...

Copyright of this story solely belongs to techradar.com. To see the full text click HERE

Read more

https://images.ft.com/v3/image/raw/https%3A%2F%2Fd1e00ek4ebabms.cloudfront.net%2Fproduction%2F0388b243-8957-4ed7-af75-a45c7c09a5f2.jpg?source=next-article&fit=scale-down&quality=highest&wi...

Sources: Revolut told new hires they'll have to work in office at least three days a week from next year, retreating from its long-held remote-first approach

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.