When security gets lost in translation

Welcome to Runtime! Today: why global companies rolling out new security policies need to make sure their end users understand what they're trying to say, Microsoft hooks up with Mistral, and the latest funding rounds in enterprise tech.

(Was this email forwarded to you? Sign up here to get Runtime each week.)

Communication breakdown

Cybersecurity is a global issue, and multinational businesses that haven’t developed security policies and tech-support practices that take differences in languages, characters, and keyboards into account are at a disadvantage.

Global teams across an enterprise are likely to speak different languages, of course, but even those who all speak the same language might be using different keyboard layouts with different characters. Those differences, combined with subtle linguistic variations in meaning across American versus British English, can lead to miscommunication and confusion about password requirements that could hinder collaboration and even compromise security. 

• “This topic is incredibly relevant as attackers are taking advantage of organizations expanding to a new global footprint and entering new territories,” according to Avi Pichette, product manager at CyberArk, an identity security company that specializes in privileged access management (PAM) technology. 
• For example, if an English-speaking tech-support person has to reach out to someone in Japan, they can’t even tell that user, “‘click here and there’ unless the UI is exactly the same,” observed Alexandre Blanc, a security expert, consultant and speaker. 
• Blanc noted that it’s also important to understand that not all languages are typed out from left to right — Arabic and Hebrew are written right to left — particularly when setting up passwords for access.

Charles Givre recounted his own experience with language miscommunication while at Black Hat helping a Japanese student write a SQL query.

• “We couldn't figure out why the query wouldn't work on his machine. It turned out that the Japanese keyboard has a different unicode character for the period.”
• An IT support specialist based in the U.S. working for a global bank (who requested anonymity to tell the story) relayed a frustrating experience he had when trying to tell a user in the U.K. which characters to enter for her password reset.
• The string included the punctuation mark that people in the U.K. call a “full stop” and the user didn’t know what the IT support person meant by the “period” key.  

Multinational organizations can use AI to mitigate problems, in addition to establishing training and building the right security culture, 

• Givre pointed out that “OpenAI models were trained with multilingual data,” which makes it "more than capable of translating text written in a variety of languages into SQL queries,” he said. 
• Another way AI can be useful is by bridging character differences through smart mapping: AI algorithms can intelligently map characters from different languages and alphabets.
• Security managers could then generate a password in Chinese characters or whatever form of alphabet is needed even if they were using an American keyboard.
• But when it comes to pure translation, Blanc said generative AI is not on par with human translators who can understand not just the words being used, but their meaning.

Read the full report on Runtime here.

A MESSAGE FROM CANVA

As enterprises rush to embrace AI, CIOs are grappling with how to merge their enterprise’s IT past and future. Increasingly, in-house technology leaders are tasked with the seemingly impossible mandate of reaping the benefits of next-generation systems while simultaneously reducing legacy technical debt and costs and managing risk.  Read more about The CIO Paradox on Runtime.

Microsoft's Mistral move

One of the loudest complaints about Microsoft's close partnership with OpenAI is that the "open" in OpenAI is quite the misnomer; there's nothing open about Sam Altman and Co.'s GPT models, which makes it harder for some companies to center those black boxes in their business plans. In response, Microsoft has been adding other models into its mix, and Monday it announced plans to link up with one of the more open foundation-model providers.

Mistral AI on Monday released Mistral Large, a new model that compares to OpenAI's GPT-4, and made the model weights available to companies that want to use it internally. Mistral Large will also be available first through Microsoft Azure, and Microsoft will invest $16 million in the French startup in exchange for Mistral's agreement to train future models on Azure.

That investment is a drop in the bucket compared to the billions Microsoft has committed to OpenAI, but Mistral is the first foundation-model investment it has made outside that partnership. The European Commission said Tuesday it planned to investigate the Mistral deal alongside broader scrutiny of Microsoft's deal with OpenAI.

Enterprise funding

Glean raised "over" $200 million in Series D funding ($203.2 million, I'm told) that values the generative AI internal-search company at $2.2 billion.

Clumio landed $75 million in Series D funding to build out its cloud backup and restore product.

Synadia scored $25 million in Series B funding to fund further development of Nats.io, an open-source communications platform for distributed applications.

Prowler raised $6 million in seed funding to build a company around its namesake open-source project, which was developed by two former AWS engineers to improve cloud security.

Codified now has $4 million in seed funding to help companies set data access and retention policies using code.

The Runtime roundup

GitHub Copilot Enterprise is now generally available, giving us a chance to see how many companies want to train a coding assistant on their own code bases for another $39 per user per month.

European regulators are taking a closer look at Microsoft's bundling of Entra AD with Microsoft 365 after complaints that Microsoft 365 users can't adopt a competing identity management product, according to The Information.

Zoom shares rose almost 7% Tuesday after a better-than-expected earnings report on Monday suggested it is finding its way after the pandemic boom subsided.

AWS announced plans to invest $5 billion in new data centers in Mexico, its first region south of the U.S. border until you get to Brazil.

That didn't take long: Lockbit resurfaced Monday a week after several international law enforcement agencies said they had "completely disrupted" its operations, but it's not clear if the group's full capabilities remain intact or if it just figured out how to restore a backup website.

Sabre completed a four-year migration to Google Cloud that saw it close 17 data centers and move 50 petabytes of data into Google.

A MESSAGE FROM CANVA

A new report from Canva reveals how more than 1,360 CIOs are managing app sprawl and making decisions about which workplace tools in the AI era will drive the best results. Discover more.

Thanks for reading — see you Thursday!