30_Hacking_AI_-_Its_Not_Just_For_Security_Anymore

Joly MacFie6min

Harley Geiger

00:01

So I'm Harley Geiger, and I am a cybersecurity attorney with a law firm called Venable LLP. So we're on security compliance, law hacking and helping people with their cybersecurity incidents. I'm also the coordinator for the hacking Policy Council, which is a group of companies that works on hacking policy holder building Asian bug bounties and security research.

Harley Geiger

02:43

For the legal side of, sorry, the security side of things, that Security money, we actually presently over the course of several years have some pretty well developed security legal protections for that activity. So companies that want to share amongst themselves information about vulnerabilities or exploits or cybersecurity threats, they have a fair amount of leeway to do that. And exemption from liability. They're exempt from things like antitrust, for example. And things like certain privacy laws, this was under the CISA 2015 Law. While

Harley Geiger

05:05

Does this lead to policy priorities? I think that are I think going to quickly come to the fore as our regulations become more specific, the overarching issue towards more trustworthy and transparent AI. But we've recognized that non security issues are critical, critical to that trustworthy and transparent deployment. So just like over the past 10 years or so, we've recognized that security reporting information sharing is good for the ecosystem, which is why we've provided it with those legal protections. We need to recognize the same thing if necessary for the non security side of the house when it comes to AI. And that includes getting the AI operators similar protections to share threats, tech techniques and algorithms and longer abilities for non security problems. Not criminalizing ethical AI hackers, right. So individuals who are investing in AI for non security reasons, there's currently a petition right now before the copyright office to do this under Section 201 begins yet. And then lastly, clarifying security versus non security, legal obligations. Nomenclature ends up being important in this in this realm here. A lot of people refer to these things just kind of in general as vulnerabilities. But we have a lot of laws right now that places legal obligations on security vulnerabilities are not really intended to sweep in non security flaws. So security is important. My battery's already low, Oh, no.

Harley Geiger

06:34

The good news is I only had one more slide and it said thank you.

00:0000:00