It seems like every company is scrambling to stake their claim in the AI goldrush–check out the CEO of Kroger promising to bring LLMs into the dairy aisle. And front line workers are following suit–experimenting with AI so they can work faster and do more.

In the few short months since ChatGPT debuted, hundreds of AI-powered tools have come on the market. But while AI-based tools have genuinely helpful applications, they also pose profound security risks. Unfortunately, most companies still haven’t come up with policies to manage those risks. In the absence of clear guidance around responsible AI use, employees are blithely handing over sensitive data to untrustworthy tools. 

AI-based browser extensions offer the clearest illustration of this phenomenon. The Chrome store is overflowing with extensions that (claim to) harness ChatGPT to do all manner of tasks: punching up emails, designing graphics, transcribing meetings, and writing code. But these tools are prone to at least three types of risk.

1. Malware: Security researchers keep uncovering AI-based extensions that steal user data. These extensions play on users’ trust of the big tech platforms (“it can’t be dangerous if Google lets it on the Chrome store!”) and they often appear to work, by hooking up to ChatGPT et al’s APIs. 
2. Data Governance: Companies including Apple and Verizon have banned their employees from using LLMs because these products rarely offer a guarantee that a user’s inputs won’t be used as training data.
3. Prompt Injection Attacks: In this little known but potentially unsolvable attack, hidden text on a webpage directs an AI tool to perform malicious actions–such as exfiltrate data and then delete the records. 

Up until now, most companies have been caught flat-footed by AI, but these risks are too serious to ignore. 

At Kolide, we’re taking a two-part approach to governing AI use.

1. Draft AI policies as a team. We don’t want to totally ban our team from using AI, we just want to use it safely. So our first step is meeting with representatives from multiple teams to figure out what they’re getting out of AI-based tools, and how we can provide them with secure options that don’t expose critical data or infrastructure.
2. Use Kolide to block malicious tools. Kolide lets IT and security teams write Checks that detect device compliance issues, and we’ve already started creating Checks for malicious (or dubious) AI-based tools. Now if an employee accidentally downloads malware, they’ll be prevented from logging into our cloud apps until they’ve removed it.

Every company will have to craft policies based on their unique needs and concerns, but the important thing is to start now. There’s still time to seize the reins of AI, before it gallops away with your company’s data.

To learn more about how Kolide enforces device compliance for companies with Okta, click here to watch an on-demand demo.

Our thank to Kolide for sponsoring MacStories this week.

WinterFest 2023: The Festival of Artisanal Software is back with a fantastic collection of carefully crafted software for writing, research, thinking, and more at tremendous prices.

Innovative software often comes from small teams, fired with imagination and a vision of a better way to work. There are no bundles, games, or prices that are too good to be true: just fresh software with fantastic support at great, sustainable prices.

Software artisans from around the globe have come together for this time-limited event to bring you innovative systems to assist you with everyday knowledge work. This incredible catalog of productivity software includes:

• Bookends: The reference manager you’ve been looking for 
• DEVONagent Pro: Your smart research assistant 
• DEVONthink: Your powerful information and knowledge manager 
• Easy Data Transform: Merge, clean, and reformat data without coding 
• EagleFiler: Capture and organize files, emails and web pages
• Hookmark: Supplies the missing links 
• HoudahSpot: Powerful file search 
• HyperPlan: Flexible visual planner 
• ImageFramer Pro: Add creative borders and frames to photos 
• Mellel: A real word processor
• Nisus Writer Pro: The powerful Mac word processor
• Panorama X: Collect, organize, and understand your data
• Photos Workbench: Organize, rate, & compare your photos
• Scapple: Quickly capture and connect ideas 
• Scrivener: Your complete writing studio 
• SpamSieve: powerful e-mail spam filtering
• Tinderbox: Visualize and organize your notes, plans, and ideas 
• Trickster: Your recently used files at your fingertips

These sorts of amazing deals don’t come around often, so act today to start 2024 off with the best software available from this terrific group of developers.

Visit the WinterFest website to learn more and for links to these amazing deals, or use the coupon code Winterfest2023 at checkout.

Our thanks to Winterfest for sponsoring MacStories this week.

If you’re a MacStories reader, you probably know about Setapp. It’s a simple, effective way to discover the best apps for every task, no matter what you do. Setapp is also an amazing value. I bet you also have someone in your life who could benefit from Setapp but hasn’t tried it yet, which makes it the perfect gift this holiday season.

A Setapp gift card is the perfect way to help your loved ones get more out of their Mac and iOS devices by helping them:

• Save time
• Complete tasks
• Find the perfect solution to every digital challenge

Best of all, your Setapp gift won’t gather dust or sit in a forgotten corner of a closet. With a dedicated team that has curated a diverse collection of over 240 of the best apps available, your gift will get used and become a daily reminder of your assistance and generosity.

And right now, Setapp is spotlighting a special collection of apps: The Jolly Sleighing Toolkit includes Spark Mail, Luminar Neo, Diarly, Busy Call, and other great apps that will help users track holiday to-dos, connect with others, and spruce up their photos.

So, head on over to Setapp right now to gift your loved ones the relief of checked-off tasks and more with a Setapp gift card.

Our thanks to Setapp for sponsoring MacStories this week.

Getting OS updates installed on end user devices should be easy. After all, it’s one of the simplest yet most impactful ways that every employee can practice good security. 

On top of that, every MDM solution promises that it will automate the process and install updates with no user interaction needed.

Yet in the real world, it doesn’t play out like that. Users don’t install updates and IT admins won’t force installs via forced restart.

Let’s talk about the second problem first. Sure, you could simply schedule updates for all your users, and have them restart during non-work hours. But this inevitably leads to disruptions and lost work. This, in turn, leads to users (especially executives) who simply demand to be left out of your update policy. The bottom line is: any forced restarts without user approval will lead to data loss events, and that makes them so unpopular that they are functionally unusable.

There is another class of tools that claim to get users to install updates themselves, through “nudges.” These reminders pop up with increasing frequency until users relent or the timer runs out. This is an improvement, since it involves users in the process, but users still tend to delay updating as long as possible (which for some tools can be indefinitely).

At Kolide, OS updates are the single most common issue customers want us to solve. They come to us because we have a unique (and uniquely effective) approach to device compliance.

With Kolide, when a user’s device–be it Mac, Windows, Linux, or mobile–is out of compliance, we reach out to them with instructions on how to fix it.

The user chooses when to restart, but if they don’t fix the problem by a predetermined deadline, they’re unable to authenticate with Okta. (At present, Kolide is exclusive to Okta customers, but we plan to integrate with more SSO providers soon.)

If your fleet is littered with devices that stubbornly refuse to update, then consider these two principles:

1. You can’t have a successful patch management policy without involving users.
2. You can’t get users to install patches unless you give them both clear instructions and real consequences.

Installing OS updates is a top priority for both security and IT, and when you make it part of conditional access, you can finally get it done without massive lists of exemptions or massive piles of support tickets.

To learn more about how Kolide enforces device compliance for companies with Okta, click here to watch an on-demand demo.

Our thank to Kolide for sponsoring MacStories this week.

With Drafts, you can capture text on any Apple platform, wherever you are. There are iPhone, iPad, Mac, and Apple Watch versions of Drafts, which makes capturing notes, ideas, messages, tasks, and links fast and simple.

Moreover, Drafts incorporates a powerful actions system for automating your workflows. Integrate Drafts with hundreds of apps and services, including tools like:

• Obsidian
• Airtable
• Notion
• Things

Drafts also has deep support for Apple’s Shortcuts app, with over two dozen actions for manipulating text, managing Drafts, and integrating your captured text with other OS-level features. This combination makes Drafts one of the most sophisticated ways to create text automations on Apple’s platforms.

To help you get started, Drafts offers extensive documentation and guides for integrating with a wide variety of other tools. Plus, there’s a directory of user-created and curated actions and a vibrant community of users who are always around to help each other.

It’s easy to see why Drafts won last year’s MacStories Selects Lifetime Achievement award. The app is flexible, customizable, and has been regularly updated since the early days of the App Store to support the latest technologies of Apple’s OSes. That’s why if you’re looking to capture text and love to automate your workflows, Drafts is the app you need.

Right now, MacStories readers who are new to Drafts Pro or resubscribing can get a 3-month trial for free. This deal is available until December 14, 2023. For all the details and suggestions on where to get started with the app, visit the Drafts forums here.

So, download Drafts Pro today and start tinkering over the winter holidays. It’s a great way to jumpstart your workflows for the New Year.

Our thanks to Drafts for sponsoring MacStories this week.

It seems like every company is scrambling to stake their claim in the AI goldrush–check out the CEO of Kroger promising to bring LLMs into the dairy aisle. And front line workers are following suit–experimenting with AI so they can work faster and do more.

In the few short months since ChatGPT debuted, hundreds of AI-powered tools have come on the market. But while AI-based tools have genuinely helpful applications, they also pose profound security risks. Unfortunately, most companies still haven’t come up with policies to manage those risks. In the absence of clear guidance around responsible AI use, employees are blithely handing over sensitive data to untrustworthy tools. 

AI-based browser extensions offer the clearest illustration of this phenomenon. The Chrome store is overflowing with extensions that (claim to) harness ChatGPT to do all manner of tasks: punching up emails, designing graphics, transcribing meetings, and writing code. But these tools are prone to at least three types of risk.

1. Malware: Security researchers keep uncovering AI-based extensions that steal user data. These extensions play on users’ trust of the big tech platforms (“it can’t be dangerous if Google lets it on the Chrome store!”) and they often appear to work, by hooking up to ChatGPT et al’s APIs. 
2. Data Governance: Companies including Apple and Verizon have banned their employees from using LLMs because these products rarely offer a guarantee that a user’s inputs won’t be used as training data.
3. Prompt Injection Attacks: In this little known but potentially unsolvable attack, hidden text on a webpage directs an AI tool to perform malicious actions–such as exfiltrate data and then delete the records. 

Up until now, most companies have been caught flat-footed by AI, but these risks are too serious to ignore. 

At Kolide, we’re taking a two-part approach to governing AI use.

1. Draft AI policies as a team. We don’t want to totally ban our team from using AI, we just want to use it safely. So our first step is meeting with representatives from multiple teams to figure out what they’re getting out of AI-based tools, and how we can provide them with secure options that don’t expose critical data or infrastructure.
2. Use Kolide to block malicious tools. Kolide lets IT and security teams write Checks that detect device compliance issues, and we’ve already started creating Checks for malicious (or dubious) AI-based tools. Now if an employee accidentally downloads malware, they’ll be prevented from logging into our cloud apps until they’ve removed it.

Every company will have to craft policies based on their unique needs and concerns, but the important thing is to start now. There’s still time to seize the reins of AI, before it gallops away with your company’s data.

To learn more about how Kolide enforces device compliance for companies with Okta, click here to watch an on-demand demo.

Our thank to Kolide for sponsoring MacStories this week.

Getting OS updates installed on end user devices should be easy. After all, it’s one of the simplest yet most impactful ways that every employee can practice good security. 

On top of that, every MDM solution promises that it will automate the process and install updates with no user interaction needed.

Yet in the real world, it doesn’t play out like that. Users don’t install updates and IT admins won’t force installs via forced restart.

Let’s talk about the second problem first. Sure, you could simply schedule updates for all your users, and have them restart during non-work hours. But this inevitably leads to disruptions and lost work. This, in turn, leads to users (especially executives) who simply demand to be left out of your update policy. The bottom line is: any forced restarts without user approval will lead to data loss events, and that makes them so unpopular that they are functionally unusable.

There is another class of tools that claim to get users to install updates themselves, through “nudges.” These reminders pop up with increasing frequency until users relent or the timer runs out. This is an improvement, since it involves users in the process, but users still tend to delay updating as long as possible (which for some tools can be indefinitely).

At Kolide, OS updates are the single most common issue customers want us to solve. They come to us because we have a unique (and uniquely effective) approach to device compliance.

With Kolide, when a user’s device–be it Mac, Windows, Linux, or mobile–is out of compliance, we reach out to them with instructions on how to fix it.

The user chooses when to restart, but if they don’t fix the problem by a predetermined deadline, they’re unable to authenticate with Okta. (At present, Kolide is exclusive to Okta customers, but we plan to integrate with more SSO providers soon.)

If your fleet is littered with devices that stubbornly refuse to update, then consider these two principles:

1. You can’t have a successful patch management policy without involving users.
2. You can’t get users to install patches unless you give them both clear instructions and real consequences.

Installing OS updates is a top priority for both security and IT, and when you make it part of conditional access, you can finally get it done without massive lists of exemptions or massive piles of support tickets.

To learn more about how Kolide enforces device compliance for companies with Okta, click here to watch an on-demand demo.

Our thank to Kolide for sponsoring MacStories this week.

It seems like every company is scrambling to stake their claim in the AI goldrush–check out the CEO of Kroger promising to bring LLMs into the dairy aisle. And front line workers are following suit–experimenting with AI so they can work faster and do more.

In the few short months since ChatGPT debuted, hundreds of AI-powered tools have come on the market. But while AI-based tools have genuinely helpful applications, they also pose profound security risks. Unfortunately, most companies still haven’t come up with policies to manage those risks. In the absence of clear guidance around responsible AI use, employees are blithely handing over sensitive data to untrustworthy tools. 

AI-based browser extensions offer the clearest illustration of this phenomenon. The Chrome store is overflowing with extensions that (claim to) harness ChatGPT to do all manner of tasks: punching up emails, designing graphics, transcribing meetings, and writing code. But these tools are prone to at least three types of risk.

1. Malware: Security researchers keep uncovering AI-based extensions that steal user data. These extensions play on users’ trust of the big tech platforms (“it can’t be dangerous if Google lets it on the Chrome store!”) and they often appear to work, by hooking up to ChatGPT et al’s APIs. 
2. Data Governance: Companies including Apple and Verizon have banned their employees from using LLMs because these products rarely offer a guarantee that a user’s inputs won’t be used as training data.
3. Prompt Injection Attacks: In this little known but potentially unsolvable attack, hidden text on a webpage directs an AI tool to perform malicious actions–such as exfiltrate data and then delete the records. 

Up until now, most companies have been caught flat-footed by AI, but these risks are too serious to ignore. 

At Kolide, we’re taking a two-part approach to governing AI use.

1. Draft AI policies as a team. We don’t want to totally ban our team from using AI, we just want to use it safely. So our first step is meeting with representatives from multiple teams to figure out what they’re getting out of AI-based tools, and how we can provide them with secure options that don’t expose critical data or infrastructure.
2. Use Kolide to block malicious tools. Kolide lets IT and security teams write Checks that detect device compliance issues, and we’ve already started creating Checks for malicious (or dubious) AI-based tools. Now if an employee accidentally downloads malware, they’ll be prevented from logging into our cloud apps until they’ve removed it.

Every company will have to craft policies based on their unique needs and concerns, but the important thing is to start now. There’s still time to seize the reins of AI, before it gallops away with your company’s data.

To learn more about how Kolide enforces device compliance for companies with Okta, click here to watch an on-demand demo.

Our thank to Kolide for sponsoring MacStories this week.

Getting OS updates installed on end user devices should be easy. After all, it’s one of the simplest yet most impactful ways that every employee can practice good security. 

On top of that, every MDM solution promises that it will automate the process and install updates with no user interaction needed.

Yet in the real world, it doesn’t play out like that. Users don’t install updates and IT admins won’t force installs via forced restart.

Let’s talk about the second problem first. Sure, you could simply schedule updates for all your users, and have them restart during non-work hours. But this inevitably leads to disruptions and lost work. This, in turn, leads to users (especially executives) who simply demand to be left out of your update policy. The bottom line is: any forced restarts without user approval will lead to data loss events, and that makes them so unpopular that they are functionally unusable.

There is another class of tools that claim to get users to install updates themselves, through “nudges.” These reminders pop up with increasing frequency until users relent or the timer runs out. This is an improvement, since it involves users in the process, but users still tend to delay updating as long as possible (which for some tools can be indefinitely).

At Kolide, OS updates are the single most common issue customers want us to solve. They come to us because we have a unique (and uniquely effective) approach to device compliance.

With Kolide, when a user’s device–be it Mac, Windows, Linux, or mobile–is out of compliance, we reach out to them with instructions on how to fix it.

The user chooses when to restart, but if they don’t fix the problem by a predetermined deadline, they’re unable to authenticate with Okta. (At present, Kolide is exclusive to Okta customers, but we plan to integrate with more SSO providers soon.)

If your fleet is littered with devices that stubbornly refuse to update, then consider these two principles:

1. You can’t have a successful patch management policy without involving users.
2. You can’t get users to install patches unless you give them both clear instructions and real consequences.

Installing OS updates is a top priority for both security and IT, and when you make it part of conditional access, you can finally get it done without massive lists of exemptions or massive piles of support tickets.

To learn more about how Kolide enforces device compliance for companies with Okta, click here to watch an on-demand demo.

Our thank to Kolide for sponsoring MacStories this week.