Security Now #1077 - “A Browser AI API?” is now available.

• Google embeds a 4.7GB AI model in Chrome while Mozilla warns of an emerging browser AI arms race
• Hackers deploy an unauthenticated AI-coded portal; Linux privilege escalation vulnerabilities discovered
• UK NCSC issues Mythos warning as AI’s impact on cybersecurity landscape grows
• Anthropic releases Claude Security; ChatGPT enhances login security measures
• Syncthing SyncTrayzor transitions to new version

#SecurityNow #Cybersecurity #BrowserSecurity #AI #Linux #InfoSec

All the terms for the Google AI API that Steve read out are actually legal requirements, at least where I live.

On the other hand, it is a dismissable offence to use AI at work, without it having been tested and authorised by the Chief AI Officer and having received training, so the Google browser is now off-limits for 99% of our staff.

You can use a registry hack to block the AI API on Windows:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome and add a new DWORD “GenAILocalFoundationalModelSettings” and set the value to 1

On macOS it is a bit simpler: Enter chrome://flags in the URL bar and turn off the option “Enables Optimization Guide On Device”.

I think this advanced setting in Chrome does the same thing, on a per user basis
chrome://flags/#web-machine-learning-neural-network