Happy Friday!
Feeling Heard: Securing Voice AI
You didn’t think the innovation train stopped at ChatGPT, did you? If you’ve been following this newsletter over the past two years, you know that AI continues to evolve at lightning speed, regularly introducing new use cases and novel interfaces. This week, we saw some major developments in voice AI that’s bringing us closer to those sci-fi dreams of computers without a keyboard.
Star Trek IV – The crew is transported back in time to 20th century and Chief Engineer Scotty asks to speak with the computer:
OpenAI’s Real-Time Voice Integration: A Game-Changer
OpenAI made headlines with a more restrained Dev Day compared to last year’s spectacle. Instead of big flashy demos, they focused on releasing solid functionality updates that promise to be game-changing. Chief among these is their real-time API with voice-to-voice capabilities. This means developers can now integrate real-time conversations into applications, allowing users to interrupt, redirect, and engage in a more fluid and natural manner.
Imagine the possibilities—personalized voice interfaces, smart assistants that respond in real-time, and interactions that feel like talking to a human rather than a machine. We’re enabling the type of tech experiences you’ve see in movies like “Her” or “Star Trek,” and it’s only a matter of time before they become mainstream in the products we all use.
Google’s Notebook LM and Voice-Driven Research
OpenAI isn’t the only one pushing the audio envelope. Google’s Notebook LM continues to make waves with an impressive voice capability that turns document summaries into a podcast format, featuring simulated voice actors. This innovation allows users to listen to complex topics in a distilled and conversational manner, making research more accessible and engaging.
Listen for yourself happened when I fed it 50 editions of this newsletter.
Or if you’re tired of AI topics, here’s an episode based on an old document written by Orville Wright and his first-hand account of the first flight
Imagine the utility here—AI-generated briefings and reports that can be consumed on the go, freeing up time while keeping you informed. It’s a powerful example of how voice technology is enhancing productivity in ways we hadn’t even considered before.
The Voice-Driven Future and Business Impact
Real-time voice interaction is becoming the new frontier. These capabilities will redefine how we interact with software and systems, whether it’s querying large language models in a SOC or having your AI assistant summarize complex scenarios with voice cues. The impact on business will be profound, enabling quicker decisions, better client engagement, and seamless workflows that reduce dependency on screens and keyboards.
With costs dropping and implementation becoming simpler, it’s clear that voice-first interfaces are poised to become a major driver of innovation across industries. We need to start thinking about how these capabilities can be harnessed not just for convenience but as a core component of our business strategy.
The Security Angle: New Challenges for Voice AI
However, as with any new technology, we need to be mindful of the security implications. Voice introduces an entirely new category of risk. Streaming data is harder to monitor and control—if a user speaks sensitive information, how do we detect it and ensure it’s not being transmitted or intercepted?
This challenge demands AI detection and response capabilities that are as advanced as those generating the voice responses. Additionally, we’re now contending with risks we don’t fully understand yet. For example, could a malicious actor embed high-frequency instructions in audio that aren’t detectable to human ears but understood by the model? Or make other changes to streaming audio data that enable malicious activities? How are audio and text artifacts of these interactions stored and secured? How will we even detect PII or confidential information over a streaming audio feed? We need to take all of these Voice AI risk scenarios seriously.
Preparing for the Voice-First Security Landscape
To stay ahead, we need to anticipate these new threats and develop security controls that will supervise voice. Monitoring, anomaly detection, and encryption will need to adapt to cover voice interactions as effectively as they do for text and other forms of data.
There’s a tremendous amount of research to be done, and as voice becomes a more prevalent interface, we can expect to see new threat vectors emerge. But with every new risk comes an opportunity for innovation. This is where security leaders can shine—by developing strategies that not only safeguard these systems but also unlock their potential in a secure and responsible manner.
Bottom Line: Voice AI is here to stay, and it’s going to reshape our interactions with technology. But we can’t afford to be complacent. We need to think through the security implications and ensure our defenses are as advanced as the capabilities we’re deploying. Let’s stay ahead of the curve—innovate, but secure it.
This week’s newsletter was dictated to a voice AI model which cleaned up my “ums” and “ahs” to form the core of the topic. It was then fed to OpenAI o1 to be structured and a GPT trained on my writing style. I then read through the entire thing and made small edits and enhancements with my “quaint” keyboard.
In AI We (Don’t) Trust
https://www.medrxiv.org/content/10.1101/2024.03.12.24303785v1.full.pdf
A recent study evaluated GPT-4’s impact on physicians’ diagnostic reasoning, and the results were surprising: GPT-4 alone outperformed human doctors with and without AI tools. The study which was meant to measure the impact of these tools found almost no difference, however the diagnosis when a human was out of the loop was more accurate. This is controversial, and not anywhere near conclusive. But it points to an intriguing future: what happens if AI tools are statistically better than humans? In situations where time is critical and mistakes are costly, there are some potential moral dilemmas ahead.
Responsible AI ≠ Secure AI
A great article by the Optiv AI Team, “Ethical, Yet Exposed: Why Responsible AI Does Not Guarantee Security,” argues that while responsible AI focuses on ethical considerations like fairness and transparency, it does not inherently protect against cyber threats. We emphasize in this that responsible AI and AI security serve complementary but distinct roles—responsible AI addresses ethical guidelines, whereas AI security ensures the integrity, confidentiality, and availability of AI systems. Ultimately, organizations should adopt a holistic approach that integrates both responsible AI and AI security to minimize risks and maximize AI’s benefits. You can also listen to the article as a NotebookLM podcast.
SB 1047 Vetoed
California Governor Gavin Newsom vetoed the controversial AI law SB 1047, citing concerns that the bill applies overly stringent standards to all AI systems, regardless of their risk level or context. He emphasized that a more nuanced approach is needed to effectively safeguard against real threats posed by AI technology.
Governor Newsom’s veto of SB 1047 underscores the need for future AI legislation to focus on specific applications rather than broad technology regulations that risk stifling innovation. Critics likened the bill’s approach to regulating electric motors instead of end-use products, arguing that such overreach could hinder smaller companies and open-source projects. Future laws should adopt a risk-based framework that tailors requirements to high-risk AI deployments while avoiding unnecessary barriers for lower-risk, everyday uses of AI technology.
The Complete Guide to the Growing Impact of Non-Human Identities in Cybersecurity
https://softwareanalyst.substack.com/p/the-complete-guide-to-the-growing
NHIs—think bots, API keys, and AI agents—are essentially digital identities that belong to machines, not people. With AI systems and automated workflows becoming more central to business operations, these identities are multiplying fast, often outpacing human identities by a huge margin. The problem? NHIs often operate in the shadows, without proper visibility or security controls, creating huge blind spots and potential backdoors for attackers.
This matters because as companies embrace AI-driven solutions, these unmonitored NHIs enable the “shadow AI” that can easily slip through traditional security defenses. If compromised, they can be used to access sensitive systems, escalate privileges, or even launch full-scale attacks. So, understanding and managing NHIs isn’t just about compliance—it’s essential to safeguarding the future of AI-powered enterprises.
Have a Great Weekend!
You can also chat with the newsletter archive at https://chat.openai.com/g/g-IjiJNup7g-thinks-and-links-digest