DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Zapata Computing Earns Two New Patents for Post-Quantum Cybersecurity Threat Intelligence

Zapata Computing | December 06, 2022 | Read time : 03:00 min

Zapata Computing Earns Two New Patents for Post-Quantum Cybersecurity
Zapata Computing, the leading enterprise quantum software company, today announced that the company has earned two new patents for post-quantum cybersecurity techniques. The new patents are for its Variational Quantum Factoring (VQF) and Quantum-Assisted Defense Against Adversarial AI (QDAI) algorithms.

With the addition of these patents, Zapata now owns one of the world’s largest quantum computing software patent portfolios. The company’s growing portfolio includes a diverse range of proprietary quantum algorithms, machine learning, optimization and hardware methods.

VQF and QDAI In the Age of Post-Quantum Cybersecurity Threat Intelligence

As the narrative regarding post-quantum cybersecurity continues to gain momentum across the security, intelligence and technology landscapes, VQF and QDAI underpin Zapata’s post-quantum cybersecurity threat intelligence solutions for its customers.

  • VQF is a heuristic algorithm for cryptanalysis that can run on near-term quantum devices, quantum-inspired data structures, and other special purpose classical hardware. The hybrid quantum-classical algorithm was developed by Zapata’s technical experts and is a technique that demonstrates that an adversary can already start attempting to compromise existing encryption schemes using heuristic algorithms. A heuristic algorithm is designed to solve a problem faster than traditional methods by sacrificing accuracy or completeness for speed. This means that VQF is effective at identifying specific instances of the encryption vulnerability – helping enterprises shore up defenses in advance of an attack.

“VQF introduces a new category of decryption possibilities that could arrive a lot sooner than the market expects. “We don’t need to wait for a fully fault-tolerant computer that can run Shor’s algorithm to see the threat. It’s not a sudden ‘one-day’ jump. VQF demonstrates that an adversary can try to compromise existing encryption schemes using heuristic algorithms that don’t have a mathematically provable guarantee they will compromise all instances. Using Shor’s algorithm, factoring a 2048-bit RSA number requires a quantum computer with millions of physical qubits running for hours. We estimate that VQF can factor a 2048-bit RSA number with approximately several thousand NISQ qubits in around the same amount of time.”

Yudong Cao, CTO and co-founder of Zapata Computing
 
  • QDAI is the first hybrid quantum-classical algorithm for defense against adversarial attacks. Machine learning (ML) classification models are prone to adversarial attacks. These attacks add a very small -- but carefully chosen -- variance to data that confuses the classifier, rendering results to be incorrect. Quantum computers provide a new method of attack against ML models that possess a uniquely quantum noise meant to confuse the model. QDAI trains ML models to be immune to these types of adversarial AI attacks.

“Quantum computers have a high potential to exploit potential vulnerabilities of neural networks,” added Cao. “As threats accumulate and adversarial AI models get stronger, we must leverage the power of quantum and classical resources to successfully defend against these attacks. That’s exactly the reason we developed QDAI. As quantum computers grow, we may be able to switch to a fully quantum classifier, but in the meantime, there is potential for significant gains with the quantum-classical hybrid approach like QDAI.”

“Zapata is consistently pushing the innovation envelope, developing new proprietary methods and technology that can benefit our customers and the ecosystem,” said Christopher Savoie, CEO of Zapata Computing. “These patents represent a growing focus and concern regarding the threat that quantum computers present to national security and global enterprises. We developed VQF and QDAI as proactive threat intelligence techniques in order to develop countermeasures so our enterprise and government customers can assess their systems and make them more robust against an attack. We anticipate that more vulnerabilities will emerge as quantum and AI technology mature, and we’ll continue to research and identify new threats down the road to try to stay a step ahead.”

About Zapata Computing
Zapata Computing, Inc. is a leading enterprise quantum software company. The Company’s Orquestra® platform supports the research, development, and deployment of quantum-ready applications® for enterprises’ most computationally complex problems. Zapata has pioneered new methods in ML, optimization, and simulation to maximize value from near-term quantum devices, and works closely with ecosystem hardware providers such as Amazon, D-Wave, Google, NVIDIA, Quantinuum, IBM, IonQ and Rigetti. Zapata was founded in 2017 and is headquartered in Boston, Massachusetts.

Spotlight

Die jahrzehntelange Praxis, Remote-User, Zweigstellen und andere externe Standorte mit Hub-and-Spoke-Architekturen ans Unternehmensnetzwerk anzubinden, ist heute nicht mehr zeitgemäß. In einem Geschäftsumfeld, das von dem anhaltenden Trend zur Remote-Arbeit und der zunehmenden Verlagerung von Anwendungen in die Cloud geprägt ist

Spotlight

Die jahrzehntelange Praxis, Remote-User, Zweigstellen und andere externe Standorte mit Hub-and-Spoke-Architekturen ans Unternehmensnetzwerk anzubinden, ist heute nicht mehr zeitgemäß. In einem Geschäftsumfeld, das von dem anhaltenden Trend zur Remote-Arbeit und der zunehmenden Verlagerung von Anwendungen in die Cloud geprägt ist

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Filecloud Introduces the Industry First Zero Trust File Sharing℠

FileCloud | January 11, 2023

On January 10, 2023, FileCloud announced the addition of Zero Trust File Sharing, bringing another layer of hyper-security to the market's most robust content collaboration platform. The latest, Zero Trust File Sharing, enables users to collaborate securely with employees along with other personnel, including external partners, vendors and clients. This functionality extends beyond modulating share permissions or setting Data Loss Prevention (DLP) policies. Zero Trust File Sharing will become increasingly crucial for enterprises and organizations that handle sensitive or protected data, such as Personally Identifiable Information (PII) and Confidential Unclassified Information (CUI). The emergence of cloud service technologies, remote access applications, and disappearing network edges have revealed multiple vulnerabilities in perimeter-based IT security models. The Zero Trust framework, built on a system of least privilege, provides a more resilient and adaptable approach that imposes identity authentication, regardless of where or how the request for access gets derived. The U.S. Department of Defense has recently come up with a Zero Trust Strategy and Roadmap to eventually cover all U.S. government departments, which is likely to be adopted by the private sector. As a result, critical infrastructure sectors are ideal candidates for integrating Zero Trust File Sharing to protect their information systems from increasingly sophisticated cyberattacks launched by nation-states. FileCloud's Zero Trust support enables enterprises to have an added layer of security on top of FileCloud's built-in access controls. The data within the environment is secured using a Zip file structure and password protection. The user can also set a Zero Trust password and create a sharing link to a file or folder. The data remains inaccessible without this password, even with a shared direct link or in case of a data breach. Furthermore, the data remains protected by password-based encryption even if the Zero Trust protected folder is accessed via unauthorized means, including social engineering techniques. Users who access the data with the Zero Trust password will also be restricted in their ability to edit or manipulate the data contained within the Zero Trust folder based on the share permissions. About FileCloud Headquartered in Austin, Texas, FileCloud is a leading hyper-secure content collaboration platform (CCP) providing data governance, industry-leading compliance, data leak protection, data retention and digital rights management capabilities to millions of users worldwide. Its complete CCP stack includes workflow automation and granular control of content sharing across most enterprise platforms. The platform offers powerful file sharing, mobile access and synchronization capabilities on public, private, and hybrid clouds to customers, including top Global 1000 enterprises, government organizations, educational institutions and managed service providers.

Read More

ENTERPRISE SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Living Security Announces Partnership Agreement with GuidePoint Security

Living Security | January 02, 2023

Living Security, the pioneer in human risk management, announced entering into a strategic partnership with GuidePoint Security, a renowned value-added reseller (VAR) that enables enterprises to make more informed cybersecurity decisions and reduce their risk exposure. The partnership will combine GuidePoint Security's ecosystem with Living Security's industry-leading human risk management products and security awareness training. "According to the Computer Emergency Response, cyberattacks have been ranked as the fifth most significant danger for the year 2020 and have become the standard in both the public and private sectors." Each day, the number of cybersecurity events continues to rise, and the vast majority of these problems can be traced back to human action. Using a data-driven methodology, Living Security enables security directors to identify the most vulnerable elements of their workforce in order to decrease human risk exposure, control the contribution to overall risk over time, and alter organizational behavior. About Living Security Living Security's objective is to transform human risk in order to generate a dramatic increase in human behavior, organizational security culture, and information security program efficacy. With the company's Human Risk Management platform, Living Security connects each employee with creative and pertinent context and content while simultaneously enabling management to recognize, report on, and proactively mitigate the risk posed by human behavior. Living Security is trusted by security-conscious firms such as MasterCard, MassMutual, Verizon, Biogen, Hewlett Packard, AmerisourceBergen, and Target. About GuidePoint Security GuidePoint Security offers dependable cybersecurity insights, solutions, and services that enable businesses to make risk-averse decisions. The company's specialists serve as trusted advisors by evaluating the cybersecurity posture and ecosystem in order to identify risks, maximize resources, and deploy the most appropriate solutions. GuidePoint's unparalleled knowledge has enabled a third of Fortune 500 organizations and over half of U.S. cabinet-level agencies to enhance their security posture and decrease risk.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Legit Security Discovers New Class of Development Pipeline Vulnerabilities; Open-Source Rust Programming Language Found Vulnerable

Legit Security | December 12, 2022

Legit Security, a cyber security company with an enterprise platform that protects an organization's software supply chain from attack and ensures secure application delivery, today announced that it discovered a new class of software supply chain vulnerabilities that leverage artifact poisoning to attack underlying software development pipelines. The vulnerability was found in GitHub Actions, a platform for orchestrating and automating software development pipelines, and the vulnerability was identified in the highly popular programming language Rust. Many other GitHub Action projects remain potentially vulnerable and a technical disclosure blog including information to protect organizations from attack is available on Legit Security’s website. The discovered pipeline vulnerability could allow any GitHub user to replace legitimate development artifacts with malicious ones, enabling attackers to modify source code, steal secrets and create CodeCov-like wide-reaching software supply chain attacks. Rust, an extremely popular programming language used by millions of developers, acknowledged and fixed the vulnerability after initial disclosure by the Legit Security Research Team. GitHub Actions is part of the extremely popular GitHub source code management system at the heart of many organization’s software supply chains and used by software developers globally. The vulnerability affects the GitHub Actions artifacts storage mechanism, which is used to store and transfer build artifacts between software development build jobs. Due to a limitation in the cross-workflow artifact communication mechanism, vulnerable workflows cannot distinguish between legitimate project artifacts and artifacts that were created by the project’s forks or copies, allowing any user to create a fork, and then craft a malicious artifact that will be treated as a legitimate one. “This is a different class of vulnerability that can lead to attacks and modification of the development pipeline itself, not just modification of the code. “A simple analogy could be made to a car assembly line. This is an attack on the assembly line itself that could include stealing sensitive parts, turning off certain steps, or substituting any valid part for a malicious one. It’s a powerful attack vector that gives cyber criminals a lot of options to inflict damage. In this case, the vulnerable targets are software supply chains that use GitHub Action.” Liav Caspi, co-founder and CTO, Legit Security The Legit Security Research Team also disclosed the security issue to the GitHub security team. GitHub responded by simply updating their API to include information that could help prevent this vulnerability. It should be noted that GitHub didn’t address the root cause of the issue, thus leaving many other GitHub Action projects vulnerable to the aforementioned software supply chain attacks. Legit Security’s technical disclosure blog includes important information on how to protect organizations from this type of attack. More information about general GitHub security best practices can also be found here. Legit Security Legit Security protects an organization's software supply chain from attack and ensures secure application delivery, governance and risk management from code to cloud. The platform’s unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments, and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Read More