Connect with us

Startups

Could AI be used to cheat on programming tests?

Published

on

Plagiarism isn’t limited to essays. Programming plagiarism — where a developer copies code deliberately without attribution — is an increasing trend. According to a New York Times article, at Brown University, more than half of the 49 allegations of academic code violations in 2016 involved cheating in computer science. At Stanford, as many as 20% of the students in a single 2015 computer science course were flagged for possible cheating, the same piece reports.

Measure of Software Similarity, or MOSS, has remained one of the most popular systems to detect plagiarism in software since its development in 1994. MOSS can analyze code in a range of languages including C, C++, and Java, automatically listing pairs of programs with similar code and highlighting individual passages in programs that appear to be the same.

But a new study finds that freely available AI systems could be used to complete introductory-level programming assignments without triggering MOSS. In a paper coauthored by researchers at Booz Allen Hamilton and EleutherAI, a language model called GPT-J was used to generate code “lacking any particular tells that future plagiarism detection techniques may use to try to identify algorithmically generated code.”

“The main goal of the paper was to contextualize the fact that GPT-J can solve introductory computer science exercises in a realistic threat model for plagiarism in an education setting,” Stella Biderman, an AI researcher at Booz Allen Hamilton and coauthor of the study, told VentureBeat via email. “[Our] findings demonstrated that a student with access to GPT-J and very minimal knowledge of computer science can deliver introductory-level assignments without triggering MOSS.”

Biderman and Edward Raff — the other coauthor — had GPT-J answer questions that required it to code programs that could create conversion tables from miles to kilometers, calculate a person’s BMI given weight and height, and more. GPT-J made minor mistakes that needed correction in most cases, but these mistakes often didn’t require programming beyond the ability to run code and search the web for error codes.

While Biderman didn’t find evidence that GPT-J is, in fact, being used to cheat on assignments, the work raises questions about whether it (or tools like it) might be abused in professional coding tests. Many tech companies rely on exams, either in-house or third-party, to assess the knowledge of software hires. Depending on the design, these could be susceptible — at least in theory — to AI-generated code.

“MOSS was developed long before things like GPT were a possibility, but this illustrates the importance of understanding the way digital tools evolve over time to introduce new risks and limitations,” Biderman added.

Rick Brownlow, the CEO and cofounder of Geektastic, a technical assessment platform, says he hasn’t seen any evidence of plagiarism by a test-taker using AI. He notes that for most companies, a coding test forms only a part of a hiring process. Candidates are generally expected to be able to explain their solutions in a way that makes it apparent whether they were dishonest about their programming abilities.

“[O]ur plagiarism tools will pick up when someone has copied another solution either outright or in part, [even spotting] when someone has obfuscated some of the copied code to try and avoid detection. If — and this is a big if — AI could write a ‘good’ solution to one of our take home-challenges and this was original (i.e., didn’t trawl and copy the solution from the web), then this is going to be as hard to spot as someone using their developer friend from Google to help,” Brownlow told VentureBeat. “I think when we get to a point where AI is solving take home coding challenges, we’ll be at the point where you won’t be hiring software engineers anymore.”

Qualified.io’s CEO Jake Hoffner says that his company, too, detects cheating based on aspects like “lack of coding effort (e.g., copy-paste, minimal editing)” and recommends that customers have candidates walk through their code. But he sees a future in which AI changes the nature of programming assessments, shifting the focus away from actual coding to code management skills.

Emerging AI-powered suggestion and review tools, indeed, promise to cut development costs while allowing coders to focus on less repetitive tasks. During its Build developer conference in May 2021, Microsoft detailed a feature in Power Apps that taps OpenAI’s GPT-3 language model to assist people in choosing formulas. OpenAI’s Codex system, which powers GitHub’s Copilot service, can suggest whole lines of code. Intel’s ControlFlag can automatically detect coding errors. And Facebook’s TransCoder converts code from one programming language into another.

“[At] the point that AI starts to write more quality code, the industry as a whole starts to move towards developers …. directing machines to write code but less involvement in the actual coding,” Hoffner said. “[T]he need for any code to be involved starts to take a back seat for many of the ‘reinvent the wheel’ tasks that developers still perform today, such as assembling a mobile app that retrieves and writes data. Coders move on from these common tasks and onto things that are less defined and that are novel. These are areas where there won’t be enough existing code for AI systems to learn from, so coders will still need to perform it — and these are the tasks that we will begin to test on assessment wise.”

Nis Frome, GM at coding challenge and tutorial platform Coderbyte, says he sees less of a risk in AI used to cheat on coding exams than employers “[sacrificing] great candidate experiences for honest candidates.” Too much of a focus on preventing cheating typically comes at the expense of recruitment and sourcing, he says, with the consequence of turning candidates away.

A 2022 survey from CoderPad and CodinGame puts the problem into sharp relief. Nearly half of recruiters cite finding qualified developers as their number one challenge, with 39% claiming that they’ve now broadened their applicant pool to developers from non-academic backgrounds — up from 23% in 2021.

“We see countless techniques for cheating, from sending another person the assessment to copying answers online. We have little doubt that candidates have tried to use GPT-J or copilot when taking code assessments on Coderbyte,” Frome told VentureBeat via email. “[But] cheating will always be a game of cat-and-mouse … Odds are that if most of your candidates are cheating, you have a sourcing problem! Perhaps you need more senior candidates and shouldn’t be posting roles on university job boards. The solution isn’t to make an authoritarian and tedious experience for all candidates.”

Biderman points out that policing integrity, whether involving AI or not, isn’t a new endeavor. Along the same vein as Hoffner’s prediction, the advent of easy-to-use code-generating AI might simply require new evaluations where debugging tasks are done with AI-generated solutions, she says.

“We can still teach students the important computer science skills they need and find new applications for [AI]. These structural changes could deliver better outcomes to mitigate plagiarism and shortcuts, while paving the way for a future in which more AI-powered development tools are in the hands of a wider set of users,” Biderman added. This also helps us prepare for a potential future in which AI and machine learning might be able to do more than just introductory level assignments, and we should begin to prepare for it.”

Source link

Startups

Cyber Monday shopping expected to set record but annual growth has slowed | Adobe

Published

on

Cyber Monday shopping sales hit at least $6.3 billion through part of the day in the U.S. today, according to the latest online shopping data from Adobe Analytics.

It’s not unusual for Cyber Monday and Black Friday online shopping results to break records, but it this economic climate it’s encouraging to see it happen. Still, growth has slowed from 2021 and 2020 holiday seasons.

Consumers spent $6.3 billion up through 3:00 pm Pacific time for Cyber Monday. Adobe expects that when the final tally is in, consumers will spend between $11.2 billion and $11.6 billion for the day, making Cyber Monday the biggest online shopping day of the year (and of all time).

Today, the top 15 hot sellers (not in ranked order) have included Legos, Hatchimals, Disney Encanto, Pokémon cards, Bluey, Dyson products, strollers, Apple Watches, drones, and digital cameras. Gaming consoles also remain popular, along with games including Mario Party, FIFA 23, Madden 23 and Call of Duty: Modern Warfare II.

Over the past weekend, the top sellers were included Hot Wheels, Cocomelon, Bluey, Disney Encanto, L.O.L. Surprise dolls, Roblox, and Fortnite in the toys category. Nintendo Switch, Xbox Series X and PlayStation 5 remain the top selling gaming consoles, with popular games including FIFA 23, God of War Ragnarök, Call of Duty: Modern Warfare II, Madden 23, and NBA 2k23. Other hot sellers included Apple iPads, Apple MacBooks, digital cameras, Roku devices, drones, gift cards and Instapots.

Black Friday online shopping sales were $9.12 billion, up 2.3% from a year ago, and Thanksgiving itself came in at $5.29 billion, up 2.9% from a year ago. Those were above Adobe’s projections. Last year, consumers spent $10.7 billion on Cyber Monday.

Strong consumer spend has been driven by net-new demand, and not just higher prices. The Adobe Digital Price Index, which tracks online prices across 18 product categories (complements the Bureau of Labor Statistics’ Consumer Price Index, which also includes prices for offline only products and services like gasoline and rent) shows that prices online have been nearly flat in recent months (down 0.7% YoY in October 2022).

Adobe Analytics says Cyber Monday will set a record.

Adobe’s numbers are not adjusted for inflation, but if online inflation were factored in, there would still be growth in underlying consumer demand, the company said.

On a category basis, toys were a major growth driver in the days leading up to Cyber Monday, with online sales up 452% over the average day in October 2022. Appliances (up 305%) and baby/toddler products (up 289%) also saw strong demand, in addition to electronics (up 276%) and apparel (up 258%).

Shoppers will find record discounts today for computers (peaking at 27% off listed price). Deals will also be found in nearly all categories tracked, including apparel (19%), toys (33%), electronics (25%), sporting goods (16%), televisions (15%), and furniture (11%). Those looking to buy an appliance should consider waiting until Thursday (December 1), when discounts are set to peak at 18% on average.

Weekend spending remained strong

Consumers spent over a Black Friday’s worth of ecommerce over the weekend at $9.55 billion, up 4.4% YoY ($4.59 billion on November 26, up 2.6% YoY / $4.96 billion on November, up 6.1% YoY). Season-to-date (November 1 to November 27), consumers have spent a total of $96.42 billion online, up 2.1% YoY.

And while the big days (Thanksgiving Day, Black Friday) have reached new heights, consumers spent at record levels all season. Since November 1, shoppers spent over $2 billion every single day, with 19 days above $3 billion in online spend. Broad, early discounts were the main drivers for the shift in consumer spending.

“Shoppers have seen massive discounts this past week, which is the exact opposite situation from last season when supply chain constraints kept prices elevated,” said Vivek Pandya, lead analyst at Adobe Digital Insights, in a statement. “While discounting will have an impact on margins for retailers, it is also driving a level of demand that can help brands build long-term loyalty and net some short-term gains.”

Additional Adobe Analytics Insights

Over the weekend, online sales of toys were up 383% (compared to average daily sales for the category in October 2022), with baby toys seeing strong demand (up 252%). Other categories that surged over the weekend include jewelry (up 230%), sporting goods (up 239%), and apparel (up 217%).

With online spending hitting new records and inflation impacting consumers, flexible payments have become a big story this season. In the last week (November 21 to November 27), “buy now, pay later” orders have risen 68% and revenue has increased 72%, when compared to the week prior.

Over the weekend, smartphones drove over half of online sales for the first time (52%, up from 48% last year). Adobe expects mobile shopping to dip on Cyber Monday however, based on historical trends. Many people are back at work and using laptops, which will be the preferred device for shopping online.

Forecast for Cyber Week

Adobe expects Cyber Week (the five days from Thanksgiving Day through Cyber Monday) to generate $34.8 billion in online spend, up 2.8% YoY, and represent 16.3% share of the full November through December holiday season.

Cyber Monday is expected to remain the season’s and year’s biggest online shopping day, bringing in between $11.2 billion and $11.6 billion. Black Friday generated a record $9.12 billion in online spend, up 2.3% YoY, while Thanksgiving brought $5.29 billion in online spend, up 2.9% YoY.

Adobe analyzes direct consumer transactions online. The analysis covers over one trillion visits to U.S. retail sites, 100 million SKUs, and 18 product categories.

Source link

Continue Reading

Startups

Snowflake 101: 5 ways to build a secure data cloud 

Published

on

Today, Snowflake is the favorite for all things data. The company started as a simple data warehouse platform a decade ago but has since evolved into an all-encompassing data cloud supporting a wide range of workloads, including that of a data lake

More than 6,000 enterprises currently trust Snowflake to handle their data workloads and produce insights and applications for business growth. They jointly have more than 250 petabytes of data on the data cloud, with more than 515 million data workloads running each day.

Now, when the scale is this big, cybersecurity concerns are bound to come across. Snowflake recognizes this and offers scalable security and access control features that ensure the highest levels of security for not only accounts and users but also the data they store. However, organizations can miss out on certain basics, leaving data clouds partially secure. 

Here are some quick tips to fill these gaps and build a secure enterprise data cloud.

Event

Intelligent Security Summit

Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.


Register Now

1. Make your connection secure

First of all, all organizations using Snowflake, regardless of size, should focus on using secured networks and SSL/TLS protocols to prevent network-level threats. According to Matt Vogt, VP for global solution architecture at Immuta, a good way to start would be connecting to Snowflake over a private IP address using cloud service providers’ private connectivity such as AWS PrivateLink or Azure Private Link. This will create private VPC endpoints that allow direct, secure connectivity between your AWS/Azure VPCs and the Snowflake VPC without traversing the public Internet. In addition to this, network access controls, such as IP filtering, can also be used for third-party integrations, further strengthening security.

2. Protect source data

While Snowflake offers multiple layers of protection – like time travel and fail-safe – for data that has already been ingested, these tools cannot help if the source data itself is missing, corrupted or compromised (like malicious encrypted for ransom) in any way. This kind of issue, as Clumio’s VP of product Chadd Kenney suggests, can only be addressed by adopting measures to protect the data when it is resident in an object storage repository such as Amazon S3 – before ingest. Further, to protect against logical deletes, it is advisable to maintain continuous, immutable, and preferably air-gapped backups that are instantly recoverable into Snowpipe.

3. Consider SCIM with multi-factor authentication

Enterprises should use SCIM (system for cross-domain identity management) to help facilitate automated provisioning and management of user identities and groups (i.e. roles used for authorizing access to objects like tables, views, and functions) in Snowflake. This makes user data more secure and simplifies the user experience by reducing the role of local system accounts. Plus, by using SCIM where possible, enterprises will also get the option to configure SCIM providers to synchronize users and roles with active directory users and groups.

On top of this, enterprises also should use multi-factor authentication to set up an additional layer of security. Depending on the interface used, such as client applications using drivers, Snowflake UI, or Snowpipe, the platform can support multiple authentication methods, including username/password, OAuth, keypair, external browser, federated authentication using SAML and Okta native authentication. If there’s support for multiple methods, the company recommends giving top preference to OAuth (either snowflake OAuth or external OAuth) followed by external browser authentication and Okta native authentication and key pair authentication.

4. Column-level access control

Organizations should use Snowflake’s dynamic data masking and external tokenization capabilities to restrict certain users’ access to sensitive information in certain columns. For instance, dynamic data masking, which can dynamically obfuscate column data based on who’s querying it, can be used to restrict the visibility of columns based on the user’s country, like a U.S. employee can only view the U.S. order data, while French employees can only view order data from France.

Both features are pretty effective, but they use masking policies to work. To make the most of it, organizations should first determine whether they want to centralize masking policy management or decentralize it to individual database-owning teams, depending on their needs. Plus, they would also have to use invoker_role() in policy conditions to enable unauthorized users to view aggregate data on protected columns while keeping individual data hidden.

5. Implement a unified audit model

Finally, organizations should not forget to implement a unified audit model to ensure transparency of the policies being implemented. This will help them actively monitor policy changes, like who created what policy that granted user X or group Y access to certain data, and is as critical as monitoring query and data access patterns. 

To view account usage patterns, use system-defined, read-only shared database named SNOWFLAKE. It has a schema named ACCOUNT_USAGE containing views that provide access to one year of audit logs.

Source link

Continue Reading

Startups

WhatsApp rolls out new ‘Message Yourself’ feature globally • TechCrunch

Published

on

To get a roundup of TechCrunch’s biggest and most important stories delivered to your inbox every day at 3 p.m. PDT, subscribe here.

We’re joining the Cyber Monday fun with 25% off annual subscriptions to TechCrunch+ content and analysis starting today until Wednesday, November 30. Plus, today only, get 50% off tickets to discover the vast unknown and attend TechCrunch Sessions: Space in Los Angeles!

Okay, we haven’t done a newsletter since Wednesday, and while the U.S. team was chillin’ like villains, the rest of the team was hard at work, so here’s some of the highlights from the last half-week of TechCrunchy goodness! — Christine and Haje

The TechCrunch Top 3

  • Talking to yourself just went digital: Instead of having that internal monologue stay in your head, now you can play out all of your thoughts to yourself in WhatsApp, Jagmeet writes. The messaging platform began rolling out an easier way to talk to yourself today after completing beta testing.
  • Great Wall of porn: That’s how Rita and Catherine describe the bot surge in China that is making it difficult to get any legitimate Twitter search results when trying to find out something about Chinese cities. Why, you ask? Rita writes that “the surge in such bot content coincides with an unprecedented wave of (COVID) protests that have swept across major Chinese cities and universities over the weekend.”
  • Your calendar, only more productive: Get ready for your calendar to be more than just a place to record things you have to do that day. Romain writes about Amie, a startup that grabbed $7 million to link your unscheduled to-do list with your calendar. The app also enables users to be social with coworkers.

Startups and VC

Dubai-based mass transit and shared mobility services provider SWVL has carried out its second round of layoffs, affecting 50% of its remaining headcount, Tage reports. The news is coming six months after SWVL laid off 32% (over 400 employees) of its workforce in a “portfolio optimization program” effort geared toward achieving positive cash flow next year.

There’s a couple of new funds in town, too! Harri reports that Early Light Ventures plots a second, $15 million fund for software ‘underdogs,’ while Mike writes that BackingMinds raises a new €50 million fund to fund normally overlooked entrepreneurs. He also writes about Pact, an all-women led VC for mission-driven startups, backed by Anne Hathaway.

And we have five more for you:

Lessons for raising $10M without giving up a board seat

Blackboard showing soccer strategy

Image Credits: Ihor Reshetniak (opens in a new window) / Getty Images

Over the last two years, intelligent calendar platform Reclaim.ai raised $10 million “using a more incremental approach,” writes co-founder Henry Shapiro.

“We’ve done all this without giving up a single board seat, and Reclaim employees continue to own over two-thirds of the company’s equity,” rejecting conventional wisdom that founders should “raise as much as you can as fast as you can.”

In a TC+ post, Shapiro reviews the process they used to identify follow-on investors, shares the email template used to pitch the SAFE, and explains why “a larger cap table means more founder control.”

Three more from the TC+ team:

TechCrunch+ is our membership program that helps founders and startup teams get ahead of the pack. You can sign up here. Use code “DC” for a 15% discount on an annual subscription!

Big Tech Inc.

Amazon’s recent cost-cutting measures seem to be affecting more than just its delivery business. Manish writes that the company is shutting down its wholesale distribution business, called Amazon Distribution, in India. Amazon had started this unit to help neighborhood stores secure inventory. The company didn’t say why it was closing this particular business down, but Manish notes that this is the third such Amazon unit to be shuttered in India.

Meanwhile, Natasha L reports that Meta has gotten itself into trouble again with the European Union’s General Data Protection Regulation (aka, the agency that regulates data protection). Facebook’s parent company is being hit with $275 million in penalties for what the agency said was breaches in data protection that resulted in some 530 million users’ personal information being leaked.

Now enjoy six more:



Source link

Continue Reading

Trending

URGENT: CYBER SECURITY UPDATE