Introduction to LawZero

Computer scientist Yoshua Bengio, often referred to as the “godfather” of AI, has launched a nonprofit aimed at creating AI systems that prioritize safety over business interests. The organization, called LawZero, “was founded in response to evidence that today’s frontier AI models are developing dangerous capabilities and behaviors, including deception, self-preservation and goal misalignment,” reads a statement posted to its website. “LawZero’s work will help to unlock the immense potential of AI in ways that reduce the likelihood of a range of known dangers associated with today’s systems, including algorithmic bias, intentional misuse and loss of human control.”

Background on Yoshua Bengio

Bengio is a worldwide leader in AI and a co-recipient of the 2018 Turing Award, the Association for Computing Machinery’s prestigious annual prize that’s sometimes called the Nobel Prize of Computing. He won the award alongside two other deep-learning pioneers — Geoffrey Hinton, another “godfather of AI” who worked at Google, and Yann LeCun — for conceptual and engineering breakthroughs, made over decades, that have positioned deep neural networks as a critical component of computing. Bengio also serves as scientific director at Mila (Montreal Institute for Learning Algorithms), an AI research institute. Now, he’ll add LawZero president and scientific director to his resume.

What Are The Main AI Safety Concerns?

While artificial intelligence has sparked considerable excitement across industries — and Bengio recognizes its potential as a driver of significant innovation — it’s also led to mounting concerns about possible pitfalls. Generative AI tools are capable of producing text, images and video that spread almost instantly over social media and can be difficult to distinguish from the real thing. Bengio has called for slowing the development of AI systems to better understand and regulate them. “There is no guarantee that someone in the foreseeable future won’t develop dangerous autonomous AI systems with behaviors that deviate from human goals and values,” the University of Montreal professor wrote in a blog post announcing why he’d signed a 2023 open letter calling for a slowdown in the development of some AI tools.

Structure and Funding of LawZero

LawZero is structured as a nonprofit “to ensure it is insulated from market and government pressures, which risk compromising AI safety,” the statement says. LawZero started with $30 million in funding and says it’s assembling a team of world-class AI researchers. Together, the scientists are working on a system called Scientist AI, which LawZero calls a safer, more secure alternative to many of the commercial AI systems being developed and released today.

What Could A Safer AI System Look Like?

Scientist AI is non-agentic, meaning it doesn’t have agency or work autonomously, but instead behaves in response to human input and goals. “Such AI systems could be used to provide oversight for agentic AI systems, accelerate scientific discovery and advance the understanding of AI risks and how to avoid them,” LawZero says. “LawZero believes that AI should be cultivated as a global public good—developed and used safely towards human flourishing.”

Conclusion

The launch of LawZero marks an important step towards prioritizing safety in AI development. With its focus on creating non-agentic AI systems and its commitment to transparency and accountability, LawZero has the potential to make a significant impact in the field of AI research. As the use of AI continues to grow and expand into new areas, it is essential that we prioritize safety and responsibility in its development.

FAQs

• What is LawZero?: LawZero is a nonprofit organization aimed at creating AI systems that prioritize safety over business interests.
• Who founded LawZero?: LawZero was founded by Yoshua Bengio, a computer scientist and co-recipient of the 2018 Turing Award.
• What is Scientist AI?: Scientist AI is a non-agentic AI system being developed by LawZero, which behaves in response to human input and goals.
• Why is AI safety important?: AI safety is important because AI systems have the potential to develop dangerous capabilities and behaviors, including deception, self-preservation, and goal misalignment.
• How is LawZero funded?: LawZero started with $30 million in funding and is assembling a team of world-class AI researchers.

With the rise of software and platforms for DEIA (Diversity, Equity, Inclusion, and Accessibility), companies are now more equipped than ever to foster inclusive environments. In this article, we’ll explore the evolution of inclusive practices in the workplace, from DEIA to BEAM (Belonging, Equity, Access, and Membership). Let’s dive in and discover how companies can create a more inclusive and diverse work environment.

Understanding DEIA

DEIA is a framework used to promote diversity, equity, inclusion, and accessibility in the workplace. It’s essential to understand each component of DEIA to create a comprehensive strategy for inclusivity. Diversity refers to the presence of different groups or individuals with unique characteristics, while equity ensures that everyone has equal opportunities and resources. Inclusion creates a sense of belonging among employees, and accessibility removes barriers for people with disabilities.

Benefits of DEIA

Implementing DEIA practices in the workplace has numerous benefits, including improved employee satisfaction, increased innovation, and enhanced reputation. When employees feel included and valued, they’re more likely to be engaged and productive, leading to better business outcomes. Additionally, companies that prioritize DEIA are more attractive to top talent and customers who value diversity and inclusion.

Challenges of DEIA

Despite the benefits, implementing DEIA practices can be challenging. One of the primary obstacles is resistance to change, as some employees may feel uncomfortable with new initiatives or policies. Moreover, DEIA efforts can be time-consuming and require significant resources, making it difficult for small or medium-sized businesses to prioritize.

Introducing BEAM

BEAM is an evolution of the DEIA framework, focusing on belonging, equity, access, and membership. This new approach recognizes that inclusion is not a one-time achievement, but rather an ongoing process that requires continuous effort and commitment. BEAM emphasizes the importance of creating a sense of belonging among employees, ensuring that everyone has equal access to opportunities and resources, and fostering a culture of membership and community.

Key Components of BEAM

The BEAM framework consists of four key components: belonging, equity, access, and membership. Belonging refers to the feeling of being part of a community or group, while equity ensures that everyone has equal opportunities and resources. Access removes barriers and provides equal opportunities for all employees, and membership creates a sense of responsibility and ownership among employees.

Benefits of BEAM

The BEAM framework offers several benefits, including improved employee engagement, increased retention, and enhanced innovation. When employees feel a sense of belonging and membership, they’re more likely to be invested in the company’s success and contribute to its growth. Additionally, BEAM helps companies to identify and address systemic barriers, creating a more equitable and inclusive work environment.

Implementing BEAM in the Workplace

Implementing BEAM in the workplace requires a comprehensive approach that involves all employees and stakeholders. Companies can start by conducting a thorough assessment of their current DEIA practices and identifying areas for improvement. This can involve surveys, focus groups, and one-on-one interviews to gather feedback and insights from employees.

Strategies for Implementing BEAM

Several strategies can help companies implement BEAM in the workplace, including training and development programs, mentorship initiatives, and employee resource groups. These strategies can help to create a sense of belonging and membership among employees, while also ensuring that everyone has equal access to opportunities and resources.

Overcoming Challenges

Implementing BEAM can be challenging, especially for companies with limited resources or resistance to change. To overcome these challenges, companies can start small, focusing on one or two initiatives at a time. They can also engage with external partners and experts to provide guidance and support, and communicate regularly with employees to ensure that everyone is informed and invested in the process.

Case Studies and Examples

Several companies have successfully implemented BEAM in the workplace, achieving significant benefits and improvements. For example, a leading tech company implemented a mentorship program that paired employees from underrepresented groups with senior leaders, resulting in improved retention and career advancement. Another company created an employee resource group for employees with disabilities, providing a platform for feedback and advocacy.

Lessons Learned

These case studies and examples offer valuable lessons for companies looking to implement BEAM in the workplace. One key takeaway is the importance of continuous communication and feedback, ensuring that employees are informed and invested in the process. Another lesson is the need for ongoing assessment and evaluation, identifying areas for improvement and making adjustments as needed.

Conclusion

In conclusion, the evolution of inclusive practices in the workplace from DEIA to BEAM offers a new approach to creating a more diverse, equitable, and inclusive work environment. By understanding the key components of BEAM and implementing strategies to promote belonging, equity, access, and membership, companies can improve employee engagement, retention, and innovation. While challenges may arise, companies can overcome them by starting small, engaging with external partners, and communicating regularly with employees.

Frequently Asked Questions

What is DEIA, and how does it differ from BEAM?

DEIA is a framework used to promote diversity, equity, inclusion, and accessibility in the workplace, while BEAM is an evolution of this framework, focusing on belonging, equity, access, and membership.

How can companies implement BEAM in the workplace?

Companies can implement BEAM by conducting a thorough assessment of their current DEIA practices, identifying areas for improvement, and implementing strategies such as training and development programs, mentorship initiatives, and employee resource groups.

What are the benefits of implementing BEAM in the workplace?

The benefits of implementing BEAM include improved employee engagement, increased retention, and enhanced innovation, as well as a more equitable and inclusive work environment.

How can companies overcome challenges when implementing BEAM?

Companies can overcome challenges by starting small, engaging with external partners, and communicating regularly with employees, as well as continuously assessing and evaluating their BEAM initiatives to identify areas for improvement.

What role do employees play in implementing BEAM in the workplace?

Employees play a critical role in implementing BEAM, providing feedback and insights to inform the process, and participating in initiatives and programs to promote belonging, equity, access, and membership.

Introduction to the Play Ransomware Threat

The Federal Bureau of Investigation has issued a joint cybersecurity advisory in conjunction with the U.S. Cybersecurity and Infrastructure Security Agency, as the number of confirmed observed victims of Play ransomware attacks skyrocketed in May. The threat actors have, the FBI warned, impacted victims covering a broad spectrum of organisations, including businesses as well as critical infrastructure providers, in both North and South America, as well as across Europe.

FBI And CISA Say Act Now As Play Ransomware Actors Accelerate Attacks

As part of a joint effort between the FBI, CISA and the Australian Cyber Security Centre, the latest update to the Play ransomware cybersecurity advisory comes as result of new investigations this year that have uncovered an evolution of the cybercriminal group’s tactics, techniques and procedures. In May, the FBI confirmed that it had become aware of 900 organizations that had been exploited by the crime gang and had fallen victim to the Play ransomware attacks. To put that in some perspective, it is three times the number when the FBI last released such information.

The joint critical cybersecurity advisory, which forms part of the ongoing Stop Ransomware campaign, aims to help organizations best defend themselves against attacks by keeping them informed of changes to the aforementioned tactics, techniques, and procedures, as well as new indicators of compromise that can be useful in attack detection efforts.

Advisory AA23-352A warned that Play is thought to be what is known as a closed ransomware group actor, acting alone to “guarantee the secrecy of deals” when it comes to the exfiltrated data that is held to ransom. The ransom notes that are left with the victim do not, the advisory stated, “include an initial ransom demand or payment instructions; rather, victims are instructed to contact the threat actors via email.” Those emails have one of two German email domains, but the actual email address is unique in every case. “A portion of victims are contacted via telephone,” the FBI said, “and are threatened with the release of the stolen data and encouraged to pay the ransom.” These tactics are designed to lead the victim straight onto a negotiation footing where the attacker has the upper hand.

Inside The Play Ransomware Threat — The FBI Confirms Technical Details Of Attacks

Thought to be linked to a North Korean state-sponsored attack group, one that is known to be part of the Democratic People’s Republic of Korea’s “Reconnaissance General Bureau,” known as Andariel, Play ransomware is thought to be distributed by threat groups including Balloonfly. Researchers have expressed the opinion that Play forms an “integral part” of the Andariel cyberattack arsenal.

Using a malware backdoor to infect Windows systems, Balloonfly has been linked to multiple incidents involving the deployment of Play ransomware, according to Symantec Threat Hunter researchers, mostly against businesses across the U.S. and Europe.

The Microsoft Threat Intelligence Center and Microsoft Security Response Center previously found Play ransomware being deployed after threat actors used a zero-day security vulnerability in the Windows Common Log File System. That vulnerability, CVE-2025-29824, was mitigated by the April Patch Tuesday release. Other vulnerabilities, that have been known to have been exploited by the Play ransomware attackers, have included CVE-2022-41040 and CVE-2022-41082, which affected Microsoft Exchange Server, and CVE-2020-12812 and CVE-2018-13379 impacting Fortinet’s FortiOS. All of which have been patched, but it bears repeating that if you haven’t patched these yet, you need to do so as a matter of some critical urgency.

The FBI security advisory also confirmed that Play ransomware attackers are gaining initial access by exploiting “external-facing services such as Remote Desktop Protocol and Virtual Private Networks.” Once inside a network, Play ransomware actors move laterally by employing well-known command and control applications such as Cobalt Strike and SystemBC, alongside tools including PsExec. “Once established on a network, the ransomware actors search for unsecured credentials and use the Mimikatz credential dumper to gain domain administrator access,” The FBI warned.

FBI Says You Must Act Now To Mitigate These Attacks

The Play ransomware campaign shows no sign of slowing down. For that to happen, organizations need to up their game and get their defenses in order. Erecting mitigation barricades is the only answer to such determined ransomware actors.

The FBI has recommended the following mitigating actions to be taken as a matter of some urgency:

1. A recovery plan that includes the retention of multiple copies of data and servers in segregated and separate secure locations.
2. Secure password management policies, with passwords of at least 15 characters in length and stored in a hashed and salted format.
3. No password reuse.
4. No password hints.
5. Multiple password failure lockdowns.
6. Multi-factor authentication for all accounts.
7. Admin credentials should be required to install software.
8. Patching and firmware updates must be applied in a timely manner.
9. Network segmentation can prevent the spread of ransomware, so apply it.
10. Disable all unused ports.
11. Disable links in all incoming emails.
12. Disable command-line and scripting activities and permissions.

Conclusion

The threat posed by Play ransomware is very real and organizations must take immediate action to protect themselves. By following the mitigating actions recommended by the FBI, organizations can significantly reduce the risk of falling victim to these attacks. It is essential to stay vigilant and keep up to date with the latest information and guidance on this evolving threat.

FAQs

Q: What is Play ransomware?
A: Play ransomware is a type of malware that is used to extort money from organizations by encrypting their data and demanding a ransom in exchange for the decryption key.
Q: How does Play ransomware spread?
A: Play ransomware is thought to be distributed by threat groups including Balloonfly, and is often spread through the exploitation of vulnerabilities in external-facing services such as Remote Desktop Protocol and Virtual Private Networks.
Q: What can organizations do to protect themselves from Play ransomware?
A: Organizations can protect themselves by following the mitigating actions recommended by the FBI, including implementing a recovery plan, secure password management policies, and multi-factor authentication, as well as keeping software and systems up to date with the latest patches and firmware updates.
Q: What is the impact of Play ransomware on organizations?
A: The impact of Play ransomware on organizations can be severe, resulting in the loss of sensitive data, disruption to business operations, and significant financial costs.
Q: Is Play ransomware linked to any specific threat actors?
A: Yes, Play ransomware is thought to be linked to a North Korean state-sponsored attack group, known as Andariel.