- The Weekend Byte
- Posts
- Are LLMs Making You Stupid?
Are LLMs Making You Stupid?
New research gives a surprising answer.
The Weekend Byte is a weekly overview of the most important news and events in cybersecurity and AI, captured and analyzed by Jason Rebholz.
I’m always on the hunt for deepfakes in the wild. A tech recruiter recorded a portion of a candidate interview where the candidate was clearly a deepfake. I hope more of these surface.
Today, we’re covering:
Are LLMs making you stupid, or at least less creative?
Does remote work increase security?
Even LLMs try to fill awkward silence, and it’s still weird.
-Jason
p.s. the only thing more terrifying than robots taking over the world is robots taking over the world while dressed as a hotdog.
AI Spotlight
LLMs are Making You Stupid…Or at Least Less Creative
Recent research asked the question, are LLMs making us stupid? Or at least less creative. The answer is yes…ish.
The research involved 1,110 participants tasked with thinking exercises that tested divergent and convergent thinking.
Divergent thinking involves developing many different ideas or solutions to a specific problem. Your mind probably went to brainstorming, as did mine. That’s a way to facilitate divergent thinking. The outcome of this cognitive practice fosters innovation.
Convergent thinking involves finding the best or most effective solution to a problem. After divergent thinking, it can be a second step to identify which option to move forward with.
The test split the participants into three groups. One that used human brain power only, one that used the AI-provided solution, and one that coached the humans in their thinking.
After engaging in the exercises and a short delay, all three groups performed a test round without AI assistance.
Here’s what the test results found:
Divergent Thinking: An Alternate Uses Test (AUT) asked participants to develop creative uses for common objects.
“We found that exposure to LLM assistance—whether providing ideas or strategies—did not enhance participants’ originality or fluency in subsequent unassisted tasks. In some cases, it even led to decreased originality and reduced diversity of ideas, suggesting a potential homogenization effect where individuals generate more similar ideas after using LLM assistance.”
Convergent Thinking: A Remote Associates Test (RAT) asked participants to find a word that connected three given words.
Our findings indicate that while LLM assistance improved performance during the assisted tasks, it did not translate into better performance in subsequent unassisted tasks. Participants who received guidance from LLMs performed worse in the unassisted test rounds compared to those with no prior LLM exposure.
Overall, the study found that LLM assistance can provide a short-term boost in creative thinking but may hinder future independent creative thinking when the LLMs aren’t there.
Most interesting to me was the researchers found that in divergent thinking, using LLMs distracted users because participants were over-relying on the LLMs. With convergent thinking, LLMs could steer participants to a specific solution too quickly, where the user just relied on the first answer, effectively fully outsourcing the decision-making process.
Security Deep Dive
Does Remote Work = Better Security?
Nerd time! Okta released its 2024 Secure Sign-In Trends report. I loved last year’s report, and I loved this year’s report, too. Why? Because it gives you a real sense of how organizations are adopting MFA and leaning toward a passwordless future.
To set the stage, Okta is a huge Identity Provider (IdP). This is often seen as Single-Sign-On, where you get an Okta account, and all your other applications sit behind that. It’s convenient for users and more secure when configured properly (and not socially engineered like in the case of the MGM breach.)
Okta just released their annual review of MFA implementation among their customers. Given their market share in the IdP space, they can be a good lens into how companies are implementing MFA.
Let’s dig into their major findings.
Remote Work Drives MFA Adoption: Remote workers have a new argument for staying remote. It improves security. Or, at least, it has driven organizations to adopt MFA. Following COVID, there was a huge spike in MFA adoption, but it slowed to just 2% growth from 2023. Right now, 66% of Okta users authenticate with MFA.
Large Companies Suck at MFA: This was the most surprising for me. In one aspect, I get that the larger the company is, the harder it is to roll out MFA. But wow, they are lagging behind more than I thought. Just 59% of companies with 20K employees are using MFA. But, they did jump up 5% from last year. So, we’ll cut them some slack as they’re still warming up.
Administrator accounts lead the pack for MFA adoption. Okta found that 91% of administrator accounts required MFA. While that’s something to celebrate, what are the remaining 9% doing? That might be because in August 2024, Okta started rolling out MFA requirements for admin accounts…the type of kick that the remaining 9% of admin accounts will need to enable MFA.
Phishing-resistant MFA is the fastest and most secure MFA option. Similar to last year, Okta provided an overview of the adoption rate, time to enroll the MFA factor, how long it took for someone to complete the MFA challenge, and the failure rate.
The phishing-resistant options, Okta’s Fast Pas (resides on the user’s device to prove possession as well as uses biometrics) and WebAuthn (e.g. Mac TouchID, Windows Hello, or your fingerprint on your phone), are growing in adoption (1% for WebAuthn and 4% for FastPass).
Auth Type | Adoption Rate | Enrollment Time | Challenge Time | Failure Rate |
---|---|---|---|---|
Password | 96% | 35s | 6s | 9.8% |
Push | 29% | 38s | 9s | 0.5% |
SMS | 17% | 15s | 12s | 3.2% |
Soft Token (OTP) | 14% | 38s | 14s | 4.5% |
Fast Pass | 6% | 38s | 4s | 1.1% |
WebAuthn | 3% | 24s | 4s | 0% |
The good news is that phishing-resistant MFA is available to everyone for major tech platforms. If you’re a Google user, check out this video guide for setting it up.
Security News
What Else is Happening?
🇷🇺 Microsoft reported that Russia is sending RDP connection files to target victims in spearphishing attacks. While RDP configurations are used legitimately to connect to systems, Russian attackers are setting configuration options to over-share permissions, allowing the infection of the target’s system or even their network.
😶 Even LLMs feel the need to fill an awkward silence. But that becomes a problem when OpenAI’s Whisper is used to transcribe medical visits. Researchers found that 1% of the audio transcriptions could include hallucinated phrases and sentences.
📉 The Dutch National Police and other law enforcement agencies took down the Redline and META infostealer infrastructure. They seized all of the logs and source code and created a nice short video that let users of the infostealers know that they look forward to seeing them soon.
🤔 In Google’s Q3 2024 earnings call, Google’s CEO commented that 25% of new Google code is AI-generated. That code is still being human-reviewed by Google engineers, but the time savings are still impressive.
📲 If you’re an Android user and, for some strange reason, still feel the need to call your bank, be on the lookout for new mobile malware dubbed FakeCall. The malware will intercept the call and direct it to cybercriminals. Naturally, if you’re talking to what you think is your bank, you’re more likely to give up sensitive information that the fraudsters can use to steal your money.
If you enjoyed this, forward it to a fellow cyber nerd.
If you’re that fellow cyber nerd, subscribe here.
See you next week, nerd!
Reply