In March, when Greg Brockman, president and co-founder of OpenAI, wanted to demo the exciting power of GPT-4, he turned to one of life’s least-exciting inventions: taxes. It caught Ken Priyadarshi’s eye that a language-learning model could seemingly take heaps of policy and output the answers to burning payment questions, like:

What is a couple’s tax deduction in 2018, a year with special rules? Or, What is a couple’s total liability?

The OpenAI team showed how GPT-4 could answer both questions swiftly.

“They were thinking the same way that I was thinking in the context of how this could be applied,” said Priyadarshi.

Priyadarshi is a prompt engineer—specifically, a tax prompt manager at the professional-services firm EY, someone whose job is to translate client questions into worded queries that a language-learning model understands and answers. The role—a position requiring command of both language and data—is an emerging and valuable one, especially if a prompter has specialized knowledge.

“I don’t think of myself as a prompt engineer, I think of myself as a tax prompt engineer…I understand the domain-specific systems and data that our firm is working with. So, my goal is to design prompts or prompt families or prompt databases that are specific to that data set; that is valuable,” said Priyadarshi.

Read more here.—BH

Containerized and serverless technologies enable organizations to build highly resilient cloud-native applications at unprecedented speed. However, developing and testing distributed architectures—as well as applying effective release patterns—is complex.

Join this webinar to discover how DevOps principles, such as automation and CI/CD, can be applied to building containerized and serverless applications.

You’ll learn how to implement simplified workflows, gain better visibility, and improve predictability to enhance and scale application development.

Sign up to secure your spot. Register now.

Check those permission slips. Risky software delivery is targeting the virtual supply chain.

Daniel Krivelevich, CTO of AppSec at Palo Alto Network’s Prisma Cloud, told IT Brew that changes in how software is delivered and developed have driven threat actors to adapt.

“The reason why we are having this discussion is because there was a massive paradigm shift in relation to the way engineering is done,” Krivelevich said.

Watch your back. Increased flexibility and third-party integration for developers are trending. But IT security company Wiz noted the potential danger facing software supply chains, as well, in its 2023 Cloud Security Threat Report.

The report identified two main points of concern: identity-based risk and software-based risk. Hacking systems through identity and permissions infiltration allows threat actors to get inside organizations by disguising themselves as someone who belongs there.

Wiz found that companies give third-party vendors in the software space far more access than they should, heightening the chances for damage to the supply chain. The report found that 82% of companies give these vendors privileged roles, 76% permit third parties to completely take over accounts, and a whopping “90% of cloud security teams were unaware they had granted high privileges.”

Software and code-based attacks, on the other hand, implant code to extract information—as we saw in the SolarWinds and Log4Shell attacks.

Read more here.—EH

Hackers allegedly breached a NATO server and made off with copies of hundreds of documents that they posted publicly on July 24.

The hacktivist group SiegedSec, a shadowy anti-government group of self-declared “gay furries,” claimed in a message posted to Telegram that the attack has nothing to do with the ongoing war in Ukraine.

“We’d like to emphasize this attack on NATO has nothing to do with the war between Russia and Ukraine, this is a retaliation against the countries of NATO for their attacks on human rights,” the group said, adding, “We hope this attack will get the message across to each country within NATO.”

The NATO hack allegedly exposed sensitive information from 31 countries. The 700+ files reportedly include user data and documents that could impact member countries. An analysis by cybersecurity firm CloudSek found that the leaked data totaled 845 MB.

Political motivations. SiegedSec has targeted US states in the past, including Nebraska, Pennsylvania, South Carolina, South Dakota, and Texas in late June. Those attacks were, for the most part, done to support trans rights, the group said.

“Money is not our main goal, most of the time we just want to have fun and destroy stuff,” SiegedSec told CyberScoop at the time.

The gang also attacked Kentucky and Arkansas state government agencies over policies in those states restricting abortion rights.

Keep reading here.—EH

Today’s top IT reads.

Stat: 4%. That’s how much of Discord’s staff was cut in a “restructuring” move. (TechCrunch)

Quote: “I want them to get their dopamine hits from other things, and I don’t want to be grabbing their phones all the time.”—Marketing executive and father-of-two Tim Baker on using Apple’s Downtime to manage his children’s screen time (the Wall Street Journal)

Read: Apps are bringing in AI to help you write, but might be going overboard when it comes to simple tasks. (Wired)

Want resilience? Get containerized and serverless technologies—without spending endless time and resources on developing and testing. Join this webinar to discover how to simplify, streamline, and scale application development. Secure your spot.*

^{*This is sponsored advertising content.}