Researchers from MIT, Northeastern University, and Meta recently released a paper suggesting that large language models (LLMs) similar to those that power ChatGPT may sometimes prioritize sentence structure over meaning when answering questions. The findings reveal a weakness in how these models process instructions that may shed light on why some prompt injection or jailbreaking approaches work, though the researchers caution their analysis of some production models remains speculative since training data details of prominent commercial AI models are not publicly available.

The team, led by Chantal Shaib and Vinith M. Suriyakumar, tested this by asking models questions with preserved grammatical patterns but nonsensical words. For example, when prompted with “Quickly sit Paris clouded?” (mimicking the structure of “Where is Paris located?”), models still answered “France.”

This suggests models absorb both meaning and syntactic patterns, but can overrely on structural shortcuts when they strongly correlate with specific domains in training data, which sometimes allows patterns to override semantic understanding in edge cases. The team plans to present these findings at NeurIPS later this month.

Read full article

Comments

CHICAGO — When Mike Braun took office as governor of Indiana in January, he quickly found he needed to address two critical issues.

First, Indiana state agencies were woefully behind in how they were using and managing technology.

Second, he understood the systems and applications implemented throughout the state were at risk of cyber attack.

“I was surprised how disaggregated and disorganized it was. In our state government, that’s about 30,000 employees spread across about 60 or 70 agencies. There was no central technology theme. It seemed like everyone was doing their own thing,” Braun said during the second annual GovRAMP Cyber Summit in October. “The thing I heard most is [the employees] didn’t like it; it wasn’t working and it was almost outdated. We were spending a fortune on it, not to mention the cybersecurity side of it. I guess the only blessing would have been, since it wasn’t that great, had it been taken down, it would have been then the real motivation to maybe fix it.”

Braun said he has slowly been improving the processes to buy and apply technology to state services. But when it came to cybersecurity, he moved fast.

In March, Braun signed an executive order that among other things mandated the implementation of a risk and authorization management program (RAMP) for cloud computing services.

“If we want to be the leading state, not only on technology but in how to protect it, whether that be education, healthcare, infrastructure, even things like utility rates, then we needed to be there and we weren’t. That’s why I put it into as high a gear as I could. That’s what that executive order was about,” he said.

Indiana’s mandate to use a RAMP comes on the heels of a growing use of the GovRAMP, formerly known as StateRAMP, initiative.

Leah McGrath, executive director of GovRAMP, said the service now includes 70 participating state and local governments, 33 states and around 400 private sector members, 10% of which are small businesses with under $5 million in annual revenue.

GovRAMP has added about eight new state participants over the last year. McGrath said she credits the continue growth of states and companies to meeting them where they are and not trying to force them into a one-size-fits all approach to cybersecurity.

“With our security program, what we’ve learned, especially when we are working with states and local governments, education and the providers who serve them, is that we needed to be able to build out a program that’s not a binary choice of, are you fully authorized or not? So we really have worked over the course of the last few years to create a step-by-step program,” McGrath said. “It’s more a question of, where are you in your journey? Are you progressing? And are you taking those steps forward so that we can make visible, here’s the risk and then our participating governments can make really informed decisions that fit their risk appetite and need.”

GovRAMP continues to grow

One way GovRAMP is creating a more flexible program is through the recently updated Progressing Snapshot Program that kicks into gear on Jan. 1.

McGrath said GovRAMP launched the Snapshot Program in 2023 in direct response after hearing from states and companies, both of whom wanted better visibility in the cyber journey.

The Progressing Snapshot Program will update state participants on the progress companies are making in reaching the different levels of GovRAMP – low, moderate and eventually high baselines.

“What we’ve done with GovRAMP is by working with our program management office is we created a centralized, shared service, and so the changes are going to have a positive impact on our participating governments,” she said. “The way that it works is by having that centralized program management office function, they’re reviewing all the packages. They’re reviewing all the Progressing Snapshot Program statuses and where the vendors are. The providers have the ability, through our PMO portal, to give access to the participating governments. Governments can ask for access. Once they’re given access, one of the things that we heard that was really important is they don’t have time or interest to log in every day and see what’s happening. So what we have instituted is a continuous monitoring escalation policy. So once a government’s been given access to the continuous monitoring of a provider’s package or product information, then if there is something that is escalated, you have a vulnerability. That will trigger a notification to our governments to log in and take a look, because something changed that they need to be aware of, so that they can take action if they need to.”

At the same time, GovRAMP is initiating a new “core status” effort, which is administered by its PMO and provides a structured, standards-based milestone approach to help vendors more quickly provide secure cloud services, but it doesn’t require an immediate leap to full authorization.

McGrath said vendors must implement and demonstrate that they meet 60 controls under the MITRE Attack framework to achieve core status.

“Once you’ve demonstrated via evidence that you’ve met these 60 controls, you achieve a core status, and now you roll into quarterly continuous monitoring,” she said. “Core is a GovRAMP status and it’s like 20x for FedRAMP. What’s unique about core, as we’ve been working with our participating governments, is it could be a stepping stone to what’s next. It could be, you’re GovRAMP core, you meet the requirements to begin a contract with an agency, but they want you to become authorized because you’re handling some really sensitive data. So you have 12-to-18 months to go the distance of full authorization. Or it could be a terminal status, meaning core is all a government may require, depending on the data and the impact of the potential security.”

Confidence in and transparency about GovRAMP are major reasons why the program is gaining more and more users.

Jeff Maxon, the chief information technology officer for the state of Kansas, said his office just issued a new cloud security policy requiring the use of vendors who meet the minimum standards of GovRAMP or the federal government program known as FedRAMP.

“We’re starting to set the governance in place to more broadly adopt GovRAMP and what they’re providing because we know we’re not going to do everything ourselves. We need to rely on the vendors, but we also don’t have the resources internally to assess and audit each of those vendors,” he said. “That’s where GovRAMP really steps in and helps the states and takes that burden off the states, and gives us a degree of confidence that the vendors we’re using have things in place to protect themselves.”

Nikki Rosecrans, the chief information security officer for Arapahoe County, Colorado, added GovRAMP and FedRAMP authorized vendors provide her with the confidence that the cloud security tool is secure and will be kept up to date through a rigorous oversight process.

“We have it written into our procurement language. We have it outlined for our larger vendors who transmit or process some of the most sensitive data, so your personally identifiable information, criminal justice information or your personal health information. That is a part of our requirement for those third party vendors,” Rosecrans said.

Collaborating with procurement experts

Driving cloud security standards through the procurement process is one of GovRAMP’s ongoing initiatives to expand its reach.

GovRAMP worked with National Association of State Procurement Officials (NASPO) on a multi-state cooperative purchasing agreement for cloud and software solutions that is run by Utah.

Nick Hughes, the senior cooperative portfolio manager at NASPO, said the award includes 51 suppliers. Hughes said NASPO is in the process of awarding an updated 10-year contract for cloud and software solutions that will be more flexible, letting companies join in the middle of the contract and making it easier for awardees to add new technologies as they mature.

Hughes said by working with GovRAMP and the National Association of State CIOs, NASPO is ensuring everyone is speaking the same language.

“It’s making sure we have some type of translation to get on that same page. So we have regular meetings that are really good to get us on the same page because it’s constantly evolving. With GovRAMP, they’ve been heavily involved with the new solicitation for cloud and software solutions,” he said. “They are helpful in making sure there are terms that are going to be applicable for this type of security standard. They help us answer questions like ‘Are we going to implement the security standards within the solicitation or make it optional for the states? And then also, can we navigate when a state signs on can they restrict security standards for an executive branch agency or have it broadly applied to the entire jurisdiction or geography of the state?’ They’ve been critical in helping answer questions from suppliers too.”

NASPO current manages about 63 different cooperative agreements for everything from technology to playground equipment to managing the Agriculture Department’s Women, Infant and Children (WIC) infant formula rebate program.

The continued partnership between acquisition and technology officials isn’t just to create cooperative contracts.

Vendors seeing benefits too

JR Sloan, the Arizona CIO and incoming vice president of NASCIO, said the state has incorporated GovRAMP requirements into their contracts.

“We’re working it through our processes. Things in government take kind of going to turn over, and the fact that we had a RAMP program before GovRAMP existed was helpful,” he said. “And yet, I will tell you that we are much better position today as we approach new procurements with awareness across all of the individuals. Arizona is a more federated environment, decentralized and yet in that community, I can tell you that folks are aware of what GovRAMP is, what the benefits are and how do we engage in the state’s procurement process to ensure that they are on the right path to success.”

The benefits aren’t just for the states. But vendors who participate in RAMP-type programs also see significant advantages.

John Lee, the vice president of cloud services at Carahsoft, said vendors participating in the FedRAMP program, for example, are seeing increased profits.

“If I’m a vendor, I’m actually seeing like a 30% price increase for a moderate solution. So diving a little bit deeper, 20% increase for the low impact levels and we’re seeing about 33% increase for the FedRAMP high. And we’re seeing like a 48% increase in cost when you’re dealing with the Defense Department Impact Level four, and almost a 65% increase because there’s additional security controls that you have to do in order to get those across the board,” Lee said. “So as a vendor, we’re seeing there is that government’s is willing to pay for that additional security that’s in place.”

Joe Bielawski, the president of knowledge services and a member of the GovRAMP board, said going forward the focus area for GovRAMP is the harmonization among existing cybersecurity standards.

He said GovRAMP is working with federal agencies, including the FBI and the General Services Administration, on standard overlays for programs like CJIS or FedRAMP.

“At the end of the day, I look at GovRAMP  and ask how do we simplify a very, complex world? The fact that we have been able to, as an organization, have 33 plus states, 60 plus cities, towns and other political subdivisions adopting GovRAMP is a great accomplishment,” Bielawski said. “But in that process of simplifying a framework that everyone can agree to and then overlaying these other frameworks to make it simpler, more easy for adopting GovRAMP will solve a big challenge we all have.”

The post Indiana’s push toward cyber standards highlights growth of GovRAMP first appeared on Federal News Network.

Hundreds of global leaders gathered in the Pacific Northwest this week for the inaugural One Ocean Week Seattle, a maritime conference with dozens of events that brought together company executives, government officials and advocates charting paths toward cleaner shipping, sustainable fishing and ocean conservation.

The conference, organized by Washington Maritime Blue, was anchored by Wednesday’s One Ocean Summit, where leaders from global companies with Seattle ties discussed their climate progress and the challenges of deploying sustainable technologies.

Seattle-based SSA Marine, a global marine terminal operator, has 200 locations worldwide, moving cargo from ships to terminals and onto trains and trucks. The company has carbon emissions targets and is working to shift from gas and diesel to electrical power for the machines moving moving the cargo, but the move requires juggling sometimes competing factors.

“If you have a piece of electrical equipment, you have to think about charging time that’s required in between shifts, and when can you actually fit it in there?” said Meghan Weinman, SSA Marine’s vice president of sustainability. “One of those big pieces of innovation that we really have to think about is the overlay of technology, labor planning, and can it do the job that we need it to do.”

Corvus Energy is a Norwegian clean shipping company with Seattle offices and a manufacturing facility in Bellingham, Wash. The business is helping vessels go electric with its maritime battery technologies, serving ferries, cruise ships, tugs, cranes and fishing boats.

It’s an evolving sector and the company spends up to 15% of its annual revenue on research and development to fine-tune its technology to meet demanding oceanic conditions.

“It is totally different to operate a battery in an EV versus a maritime setting,” said Corvus CEO Fredrik Witte. “For an EV, you’re traveling three, four hours a day, maybe. But in a maritime setting, you’re potentially operating 24/7.”

Seattle’s Trident Seafoods operates fishing boats and onshore production facilities, including the largest seafood processing plant in North America in Akutan, Alaska. While seafood typically has a much lower carbon footprint than beef, pork or dairy, the company wants to reduce the climate impacts associated with its operations.

But Paul Doremus, Trident Seafoods’ vice president of policy and sustainability, pointed to a hard reality: the company competes directly with Russian and Chinese seafood companies that are doing business under less stringent environmental regulations.

He said the seafood sector — “which has been kind of famously fragmented, small, fairly scrappy” — needs to come together to collectively make improvements.

Doremus applauded events like One Ocean Week Seattle for gathering maritime interests to draw attention and capital toward “sustainable use of the ocean for the benefit of local communities, regional and national.”

“I think that’s the next wave,” he said.

Collaboration and innovation

The call for collaboration echoed throughout the One Ocean Summit, which also featured former NOAA Administrator Jane Lubchenco, United Nations officials, and Norway’s ambassador to the U.S.

Washington Lt. Gov. Denny Heck gave a welcome address, highlighting the state’s maritime economy while calling out threats from plastic pollution, undersea noise, and environmental degradation.

“To face these challenges, we will need to develop new technologies and strengthen our institutions,” Heck said. “It will require sustainable fuel storage, habitat restoration, quiet propulsion and so many other inventions and innovations. But more importantly, it will require the dedication and teamwork of thousands of people.”

The message was reinforced by Haakon Vatle, leader of the One Ocean Expedition, which is sailing a 111-year-old Norwegian tall ship across the globe. The ship, named the Statsraad Lehmkuhl, was moored just outside Bell Harbor International Conference Center during the event.

“The role of our ship is to create attention and share knowledge of the crucial role of the ocean for a sustainable future,” Vatle said. “We’re going to use a ship to reduce the gap between science and the public — get the people we need for the ocean we want. We cannot save the ocean alone.”

Editor’s note: GeekWire reporter Lisa Stiffler was the volunteer emcee of the One Ocean Summit.

Seattle and the Nordic nations have strong ties — from Norway’s first astronaut launching on a SpaceX mission to Scandinavian companies supporting the efforts to electrify the region’s ferries. And those connections stretch back more than a century when John Nordstrom, a Swedish immigrant, co-founded an eponymously named shoe store in Seattle’s downtown.

“As we look towards the future, we build on our history and also our heritage. But today, we reach for much more. We are partners in innovation, from high tech in the AI revolution to building more security projects,” said Anniken Huitfeldt, Norway’s ambassador to the United States.

On Tuesday evening, Huitfeldt helped kick off the annual Nordic Innovation Summit, held in Seattle’s Ballard neighborhood at the National Nordic Museum.

The event continues through Wednesday and features speakers and panelists discussing clean energy topics such as data center operations, microgrids and recycling; cyber security initiatives; innovation in biotech; and sustainable transportation.

“We’ve seen innovations come out of the summit,” said Seattle City Councilmember Dan Strauss, speaking Tuesday. “The ability to integrate technology into new business practices is something that has happened here before, and I’m excited to see it occur here again.”

Other speakers at the opening session included University of Washington Nobel Laureate David Baker, who shared new research published since he received his award from the Swedish institution one year ago. Baker is leading efforts that harness AI to create proteins that can be used in health care, environmental cleanup and other challenges.

Norwegian Astronaut Jannicke Mikkelsen livestreamed a presentation from Oslo to share the story of her journey to space, which began at age 10 when she had a devastating horse riding accident. During a five-year recovery, Mikkelsen became obsessed with NASA — even calling the agency’s Johnson Space Center seeking employment as a 12-year-old.

“It cost us a fortune,” she said. “My dad can’t afford to drive his car to work for a week because we can’t afford gas because I called the U.S. and I applied for a job.”

Mikkelsen ultimately pursued a career in 3D photography and 3D filmmaking, residing in Svalbard, a frozen tundra that ranks as one of the world’s northernmost inhabited areas.

“This is a place that equipped me the best to become an astronaut, because it’s sort of fear-based learning,” she said. “As soon as you leave town, any mistake you make could potentially kill you. It’s exceptionally cold. There is no communication to the outside world as you leave town.”

In March of this year, SpaceX — which has significant manufacturing operations in the Seattle region — launched Mikkelsen and three other non-governmental astronauts on the first crewed orbit over the Earth’s polar regions. The Fram2 mission spanned 3½ days. The astronauts performed scientific research, including data collection on the Northern Lights, which are beautiful but poorly understood and can destroy satellites.

Mikkelsen highlighted the importance of the collaboration between nations.

“We have four non-American astronauts on board an American spaceship. This, to me, just shows great trust that the U.S. showed in us,” she said. “But it’s also American technology that flew the first Norwegian astronaut into space.”

Speakers participating in the summit on Wednesday include Mathias Sundin, founder of the Warp Institute Foundation; Douglas Kieper, director of the Paul G. Allen Research Center; Nick Huzar, co-founder of OfferUp; Sunil Gottumukkala, CEO of Averlon; Petri Hautakangas, CEO of Tupl; Maiken Møller-Hansen, director of energy and sustainability for Amazon Devices; and other corporate, government and academic leaders.

By Gary Miliefsky, Publisher of Cyber Defense Magazine Black Hat, the cybersecurity industry’s most established and in-depth security event series, has once again proven why it remains the go-to gathering...

The post Black Hat USA 2025 – AI, Innovation, and the Power of the Cybersecurity Community appeared first on Cyber Defense Magazine.

Drug-loaded nanoparticles—or ultrafine particles ranging from one to 100 nanometers in diameter—prevent treatments from being released prematurely, which ensures that the drug reaches its destination before beginning to do its job. This means nanoparticles carrying cancer treatments can collect at the tumor site, facilitating the most effective treatment possible. There is, of course, one caveat: Only a few cancer-treating nanoparticles have been approved by the FDA, and only one of those is capable of carrying more than one drug.

MIT’s molecular bottlebrush, detailed Thursday in the journal Nature Nanotechnology, challenges that. Chemists start by inactivating drug molecules by binding and mixing them with polymers. The result is a central “backbone” with several spokes. All it takes to activate the inactivated drugs sitting along the backbone is a break in one of those spokes. This unique design is what enables the new nanoparticle to carry (and thus deliver) multiple drugs at a time.

(Image: Detappe et al/Nature Nanotechnology/MIT)

The team tested the molecular bottlebrush in mice with multiple myeloma, a type of cancer that targets the body’s plasma cells. They loaded the nanoparticle with just one drug: bortezomib. On its own, bortezomib usually gets stuck in the body’s red blood cells; by hitching a ride on the bottlebrush, however, bortezomib accumulated in the targeted plasma cells.

The researchers then experimented with multidrug combinations. They tested three-drug bottlebrush arrangements on two mouse models of multiple myeloma and found that the combinations slowed or stopped tumor growth far more effectively than the same drugs delivered sans bottlebrush. The team even found that solo bortezomib, which is currently approved only for blood cancers and not solid tumors, was highly effective at inhibiting tumor growth in high doses.

Through their startup Window Therapeutics, the researchers hope to develop their nanoparticle to the point that it can be tested through clinical trials.

Now Read:

• NASA Ultrasound Technique Eliminates Kidney Stones Painlessly
• Researchers Use Avatar’s Motion Capture Tech to Study Genetic Disorders
• Pharmaceutical Companies Are No Longer Required to Test Drugs on Animals

The post Detectify on tour – meet us at the following events and meetups! appeared first on Detectify Blog.