In a move that resembles the famous Trustworthy Computing push of yesteryear, Redmond is responding to a spate of embarrassing hacks with a new ‘Secure Future Initiative’ promising faster cloud patches, better management of identity signing keys, and a commitment to ship software with a higher default security bar. In a note announcing the new SFI approach, Microsoft Security Vice President Charlie Bell said the software giant will revamp the age-old Software Development Lifecycle (SDL) to account for the latest trends in cyberattacks. “The first priority is security by default,” Bell said, echoing the words of Microsoft founder Bill Gates in the seminal 2002 memo that documented the company’s mission to root out security problems that were leading to destructive Windows worm attacks. Today, Microsoft is reeling from a major hack of its flagship M365 cloud platform, a compromise that led to the theft of U.S. government emails and prompted a U.S. senator to accuse Microsoft of “cybersecurity negligence.” The M365 hack, caused by an embarrassing mismanagement of signing keys, is being investigated by the Department of Homeland Security’s Cyber Safety Review Board (CSRB). “We have carefully considered what we see across Microsoft and what we have heard from customers, governments, and partners to identify our greatest opportunities to impact the future of security. We will focus on transforming software development, implementing new identity protections, and driving faster vulnerability response,” Bell said. More specifically, Microsoft plans to move identity signing keys to an integrated, hardened Azure HSM and confidential computing infrastructure where the signing keys are not only encrypted at rest and in transit but also during computational processes as well. “Key rotation will also be automated allowing high-frequency key replacement with no potential for human access, whatsoever,” Bell announced, a clear reference to how a crash dump error was exploited by a Chinese espionage group to steal emails from approximately 25 organizations. Bell, who took control of security at Microsoft in 2021 after a stint running security at AWS, said the company will use AI to help automate threat modeling and adopt memory-safe languages like Rust to build security at the language level and eliminate entire classes of traditional software vulnerabilities. In a nod to the dangers of default cloud deployments that expose data to remote hackers, Bell said the SFI will move to implement Azure tenant baseline controls (99 controls across nine security domains) by default across our internal tenants automatically. “Without full transparency on vulnerabilities, the security community cannot learn collectively—defending at scale requires a growth mindset. Microsoft is committed to transparency and will encourage every major cloud provider to adopt the same approach,” Bell declared. Microsoft has faced intense criticism for its own approach to third-party vulnerability research of its cloud products and continues to struggle with faulty and incomplete patches and a surge in Windows zero-day attacks. The company recently announced plans to expand logging defaults for lower-tier M365 customers and increase the duration of retention for threat-hunting data.

More than a decade ago, the co-founder of Google's DeepMind artificial intelligence lab predicted that by 2028, AI will have a half-and-half shot of being about as smart as humans — and now, he's holding firm on that forecast. In an interview with tech podcaster Dwarkesh Patel, DeepMind co-founder Shane Legg said that he still thinks that researchers have a 50-50 chance of achieving artificial general intelligence (AGI), a stance he publicly announced at the very end of 2011 on his blog. It's a notable prediction considering the exponentially growing interest in the space. OpenAI CEO Sam Altman has long advocated for an AGI, a hypothetical agent that is capable of accomplishing intellectual tasks as well as a human, that can be of benefit to all. But whether we'll ever be able to get to that point — let alone agree on one definition of AGI — remains to be seen. Legg apparently began looking towards his 2028 goalpost all the way back in 2001 after reading "The Age of Spiritual Machines," the groundbreaking 1999 book by fellow Google AI luminary Ray Kurzweil that predicts a future of superhuman AIs. "There were two really important points in his book that I came to believe as true," he explained. "One is that computational power would grow exponentially for at least a few decades. And that the quantity of data in the world would grow exponentially for a few decades." Paired with an understanding of the trends of the era, such as the deep learning method of teaching algorithms to "think" and process data the way human brains do, Legg wrote back at the start of the last decade that in the coming ones, AGI could well be achieved — so long as "nothing crazy happens like a nuclear war." Today, the DeepMind co-founder said that there are caveats to his prediction that the AGI era will be upon us by the end of this decade. The first, broadly, is that definitions of AGI are reliant on definitions of human intelligence  — and that kind of thing is difficult to test precisely because the way we think is complicated. "You'll never have a complete set of everything that people can do," Legg said — things like developing episodic memory, or the ability to recall complete "episodes" that happened in the past, or even understanding streaming video. But if researchers could assemble a battery of tests for human intelligence and an AI model were to perform well enough against them, he continued, then "you have an AGI." When Patel asked if there could be a single simple test to see whether an AI system had reached general intelligence, such as beating Minecraft, Legg pushed back. "There is no one thing that would do it, because I think that's the nature of it," the AGI expert said. "It's about general intelligence. So I'd have to make sure [an AI system] could do lots and lots of different things and it didn't have a gap.""Get better informed by visiting OUR FORUM.