artificial intelligence – Page 3

Non-Human Identity Verification

How do you verify non-human identities?

One of the reasons that I titled my ebook “Proving Humanity” is because the six (yes, six) factors of identity verification and authentication that I discuss only apply to identifying humans, and do not apply to non-human identities.

Again, so how do you verify non-human identities?

Cryptographics

One way is via cryptographics. As I discussed previously, the Secure Production Identity Framework For Everyone (SPIFFE) and the SPIFFE Runtime Environment (SPIRE) provide non-person entities with “strongly attested, cryptographic identities.”

Problem solved, right?

As any human who has used a password knows, a single factor can be stolen. And that includes cryptographic factors.

Provenance

Which means that we have to look at provenance. But instead of looking at the provenance of an AI-generated image or video, we are looking at the provenance of an agent that performs actions. The network origin. The environment. The associated attributes. Is the agent running on a specific, authorized, and known virtual machine or container at a specific network address, or is it running…somewhere else?

Behavior

And if you’ve read my book, you know that human identities can be evaluated based upon their behavior (either tendencies or intent). You can also look at the behavior of agents. Is the agent acting at an unexpected time of day? Is it executing an unusually high volume of requests? Is it “scoping out the joint”?

Multi-factor authentication

Again, it’s possible to spoof one factor, but much harder to spoof multiple factors. And that applies to both humans and non-human agents.

Be safe out there.

Data Centers: NIMBY? Part Two.

We want bad people to be thrown in prison, but we don’t want said prisons near OUR houses. Same for data centers, in West Virginia and elsewhere.

I first heard of Festus, Missouri via one of those long-winded Facebook posts that doesn’t cite its sources, thus making me automatically question its veracity.

But this one was true, according to Politico.

“The [Festus] City Council voted March 30 to approve a development agreement for the data center, planned for 360 wooded acres on the city’s southwest side. The operator of the data center hasn’t been identified…”

Now normally there are weeks of meetings before a city council even approves a fast food joint. This leveling of 360 acres of wood to let people like me create wildebeest pictures seems to have surprised the residents of Festus.

Google Gemini. Yes, I appreciate the irony.

But that wasn’t the only surprise for the city. A second surprise happened a few days later.

“Voters in a small Missouri town, unhappy with the city council’s approval of a $6 billion data center, struck back at the polls last week, ousting all four incumbent council members running for reelection.”

If you are a political (or business) leader who despises transparency, try not to violate your stakeholders’ trust when your job is on the line.

Speaking of losing jobs, there is an effort to recall Mayor Sam Richards and other council members who supported the data center project.

Hype

The picture above and text below were authored by Google Gemini.

Get ready to maximize your reality because our quantum-powered, generative AI agent is autonomously deploying a CRISPR-edited, synthetic biopolymer directly into your 5G-connected smart-home fabricator to 3D-print a hyper-personalized, self-driving robotaxi—instantly minting the entire experience as a fractionalized, Web3 DeFi asset with a secure NFT deed that grants your holographic avatar VIP entry into a fully decentralized, spatial-computing metaverse!

Rural Data Centers: Music To Our Ears?

More next week.

For Inland Empire West Locals

I was challenged by a private AI group to create a joke restaurant ad.

Locals will get it.

(Guasti and Filippi were wineries.)

BIPA Violations and “Investigative Journalism”

When I saw this statement in Biometric Update’s summary of a a BIPA lawsuit against Google for voiceprint use, I had to laugh.

“NotebookLM Audio Overviews can be used to generate podcasts, directly competing with investigative audio journalism and narration work.”

Invesigative audio journalism?

Have any of the plaintiffs ever HEARD a NotebookLM Audio Overview?

I shared one over a year ago when my LinkedIn profile was used to create the audio overview “Career Detective.” It’s so fawning about my amazing background that it is nowhere near investigative journalism.

Or maybe investigative journalisn is just that bad.

Judge for yourself whether this AI-generated “podcast” would compete with a real investigative podcast:

Using LLMs for KYC. What Could Go Wrong?

The title of this post uses acronyms for brevity, but the full version is “Using Large Language Models for Know Your Customer. What Could Go Wrong?”

Biometric Update links to a TrendAI post that demonstrates how the use of a large language model to analyze document data is a vulnerability to prompt attacks.

“In a real-world stack built with FastAPI, Claude Code, and a SQLite MCP backend, his team embedded malicious instructions inside a passport so that the AI agent followed them and leaked other customer records directly into the verification page.”

Google Gemini. I tried to create the image with a fake too-short onion address but Google Gemini prohibited that.

What does this mean?

“The takeaway here is that if your AI can read documents and call tools, your documents can potentially become executable attack surfaces even when guarded with strict schemas.”

Something a human wouldn’t do.

Putting the Tires Before the Purpose of Your Drive

So I had to fulfill a medical appointment and got into my car WITH TIRES, started it, and positioned THE TIRES so that I would head north, then west, toward the medical facility. Once I got to the parking lot I parked my car WITH TIRES and went inside. Less than a half hour later I exited, walked to my car WITH TIRES, and drove home. (Did I mention that my car has TIRES?)

Artisan

AI is a tool.

You wield the tool.

Is Your Identity/Biometric Firm Too Busy Putting Out Fires to Install a Sprinkler System?

It’s the classic case of paralysis by overwhelmedness. (Not officially a word, but bear with me here.)

Your identity/biometric firm needs experienced product marketing contract help because you are drowning in work. But because you’re drowning in work you can’t take the time to set up that contract.

Bredemarket can help you contract with Bredemarket.

Now there are certain things that Bredemarket can’t do. Well, Bredemarket could do them, but you (understandably) won’t let me.

I can’t create my own contract with you. Actually I can, and I have with some clients, but your company probably requires that I use your contract, which I don’t have.
I can’t enroll myself as a vendor in your purchasing system. Trust me, that would be dangerous. Hmm…net 5 terms at $1,000 per hour?
I can’t onboard myself into your other internal systems. If I could, that would be a major security flaw.

But there are things that I can do to make your life easier when you onboard Bredemarket as a contractor/vendor…especially if you are an identity/biometric firm.

You don’t have to explain to me what a bifurcation or ridge ending are. I’ve been working with fingerprints since 1994 and know these things.
You don’t have to teach me how to spell NIST. While the 1985 interchange standard was before my time, I’m familiar with every ANSI/NIST standard since 1993 to the present day.
You don’t have to explain to me what a “factor” and a “modality” are. Heck, I wrote the book on factors and modalities.
You don’t have to create a briefing book. Just let me ask the questions and we’ll figure out the scope together.

So I can meet your partway. Then we’ll realize our mutual goal of making your products prominent and making the competitive products look weak.

So let’s talk and move the process forward.

Oh, and the title of this post was suggested by Google Gemini. AI is only a tool, but sometimes it’s a very effective tool. Sometimes.