FAILURE ON THE PART OF CHATGPT TO GIVE VALID RESULTS

 

ChatGPT which is built on Artificial Intelligence and Machine Learning is failing in assisting decision making, as it is not providing information to input/label.

 

Artificial Intelligence is a broad area that focuses on creating systems capable of performing tasks that typically require human intelligence. This includes problem-solving, understanding natural language, recognizing patterns, and making decisions.

 

Machine Learning, on the other hand, is a subset of AI that involves the use of algorithms and statistical models to enable systems to improve their performance on a task through experience.

Essentially, ML allows computers to learn from data, identifying patterns and making predictions without being explicitly programmed for every task.

 

ChatGPT is built on advanced natural language processing technology developed by OpenAI. It uses deep learning techniques, particularly transformer models, to understand and generate human-like text. This technology allows it to engage in conversations, answer questions, and assist with a wide range of topics by predicting and generating text based on the input it receives.

 

Use Case:

The below input or label is keyed in to ChatGPT under the “Get Advice” section.

A series of queries were given as input/label to ChatGPT and in response no useful information was provided and the conversation was prolonged. As there were no information provided by ChatGPT, the Artificial Intelligence or Machine Leaning did not aid decision making.

Input or Label: “Canada and India ties and current situation with relation to IT market”.

Response Provide by ChatGPT: No relevant information was provided and conversation was prolonged.

The below is the screen print of input/label and responses provided by ChatGPT.

From this Use Case, we can safely conclude that ChatGPT which utilizes the Artificial Intelligence and Machine learning is not providing any relevant or no information, and by using these, the decision making cannot be made.

Veeam Security Vulnerability which allows an unauthenticated remote code execution.

 

·      Veeam Backup & Replication is a proven data protection solution that offers efficient and reliable backup and recovery for virtual, physical, NAS, and cloud-native environments.

·      Veeam was co-founded in 2006 by Ratmir Timashev and Andrei Baronov, two entrepreneurs from Russia. 

·      Veeam creates backups by instructing the virtualization software to take snapshots of VMs. 

·      VM backups are intended to store your data for as long as deemed necessary, so you can go back in time and restore what was lost, while VM replicas are intended to restore the VMs as soon as possible.

·      Veeam is for virtual environments built on VMware vSphere, Nutanix AHV, and Microsoft Hyper-V hypervisors. 

 

v Most of the system administrators are familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’.

v Tactlessly, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks.

v Note, recently there are many notable ransomware attacks reported across the globe, probably due to this vulnerability

VENERABILITY DETAILS:

Veeam allows the connection to the .NET Remoting object, which is the root cause of the vulnerability.

Version	Status
12.2.0.334	Fully patched.
12.1.2.172	Low privilege users are able to execute arbitrary code. Needs Authentication.
12.1.1.56 and earlier	Vulnerable to unauthenticated Remote Code Execution.

 

PRODUCTS AFFECTED:

ü Veeam ONE

ü Veeam Service Provider Console

ü Veeam Agent for Linux

ü Veeam Backup for Nutanix AHV

ü Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization

Recommendation:

As there are multiple vulnerability fixes provided by Veeam in its latest patch, it is recommended for all DevOps and System Administrators to upgrade to the latest version of Veeam software.

 

 

Incorrect or misleading labels/outputs are provided by the AI and Machine Learning Models

 

AI and ML products have proliferated as businesses use them to process and analyze immense volumes of data, drive better decision-making, generate recommendations and insights in real time, and create accurate forecasts and predictions.

 

Gemini is a large language model (LLM) developed by Google Artificial Intelligence. Gemini is built on a foundation of advanced machine learning techniques, including transformer architectures and deep learning. It has been trained on a massive dataset of text and code, allowing it to acquire a deep understanding of language.  

 

It is designed to be a versatile AI assistant capable of a wide range of tasks, including:  

§  Gemini can generate human-quality text, such as articles, essays, code, scripts, musical pieces, email, letters, etc.

§  It can translate text from one language to another accurately and naturally.

§  Gemini can write code in various programming languages, including Java, Python, JavaScript, and CSharp.

§  It can provide informative and comprehensive answers to a wide range of questions.

§  Gemini can summarize long texts into shorter, more concise versions.

§  It can generate creative content, such as poems, stories, and scripts.  

 

Overall, Gemini is a powerful and versatile AI assistant with the potential to revolutionize a wide range of industries.

Note: Google Gemini’s AI and Machine Learning Models are utilized for the below use cases.

 

Use Case 1:

The below two features are used as input to Google Gemini.

Ø  Flights list from New York to Mumbai

Ø  Air India Flights from New York to Mumbai cheap rates

 

v  For the first feature i.e., “Flights list from New York to Mumbai”, the below label is present by Gemini.

 

 

When searched the flights using the Google Flights link, two Air India Flights were displayed  and both were direct flights.

 

 

 

But when searched the Air India website, there were no direct flights from EWR – BOM and its details.

 

 

 

Google Gemini has provided incorrect or misleading information, as the content displayed by Gemini, that there were direct flights, which was partially correct, but it recommended to Google Flights Link, where there were direct flights from EWR – BOM, but the information in the Air India is completely different, and there were no direct flights.

 

v  The second feature i.e., “Air India Flights from New York to Mumbai cheap rates”, the below label is presented by Google Gemini.

 

 

Google Gemini content gave the information that direct flights may be more expensive than flights with layovers, but when queried the Air India flights, the opposite was true, such as the direct flight was the cheapest option, and the details goes here. The Google Gemini content was thus misleading.

 

Summary: The randomness, generalization, and pattern identifications techniques are still evolving, as it continues to develop, we can expect to see even more innovative and exciting applications of this technology.

 

 

 

Use Case 2:

 

The below feature is used as input to Google Gemini, as a fresh query.

Ø  Direct Air India Fligths list from John F Kennedy to Mumbai on 13 Oct

 

Google Gemini, gave the above label for the feature (Direct Flights), such as there are multiple flights from JFK to BOM and the number may vary. It is recommended to visit Air India Link for details. In the Air India Link provided by Google Gemini, there was only one direct flight from JFK to BOM, the details are as follows.

 

 

 

Here the content provided by the Google Gemini and the Air India link data are not matching, the information is misleading.

Hence, we can safely conclude that incorrect or misleading labels/outputs are provided by the AI and Machine Learning Models which we have to double check before arriving any conclusion by using AI for outcomes.

 

IVANTI ENDPOINT MANAGER SECURITY VULNERABILITY INSIGHT

Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that allows for centralized management of devices within an organization.

EPM aids in media protection, isolated device remote control, security diagnostics, flexible dashboards and reporting. It also detect and prevent threats before they impact you, and respond swiftly to infections.

EPM, produces software for IT Security, IT Service Management, IT Asset Management, Unified Endpoint Management, Identity Management and supply chain management. Endpoint management is the process of controlling endpoint devices connected to a network.

VULNERABILITY DETAILS

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

Using this vulnerability, the IIS Manager “EventHandler.cs” can be hosted on the “/WSStatusEvents” endpoint and the SQL Server log and access can be gained.

After successful exploitation, entire network assets, file listing would be compromised.

Products Affected:

§  Ivanti Avalanche 

§  Ivanti Neurons for ITSM 

§  Ivanti Connect Secure

§  Ivanti Secure Access 

§  Ivanti Endpoint Manager (EPM) 

 

Hence, it is recommended, to apply the patch which Ivanti has released, for all the DevOps and Network Teams. It is also recommended to apply Life Cycle Management on all the installed software’s of the respective project teams to review on regular basis.