CyberWire Daily - Iran integrates influence and cyber operations. ChatGPT use and misuse. Trends in the cyber underworld. Hybrid warfare and cyber insurance war clauses.
Episode Date: May 3, 2023Iran integrates influence and cyber operations. ChatGPT use and misuse. Phishing reports increased significantly so far in 2023, while HTML attacks double. An update on the Discord Papers. Cyberstrike...s against civilian targets. My conversation with our own Simone Petrella on emerging cyber workforce strategies. Tim Starks from the Washington Post joins me with reflections on the RSA conference. And, turns out, a war clause cannot be invoked in denying damage claims in the NotPetya attacks (at least not in the Garden State). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/85 Selected reading. Rinse and repeat: Iran accelerates its cyber influence operations worldwide (Microsoft On the Issues) ChatGPT Confirms Data Breach, Raising Security Concerns (Security Intelligence) Samsung Bans Generative AI Use by Staff After ChatGPT Data Leak (Bloomberg) Malicious email campaigns abusing Telegram bots rise tremendously in Q1 2023, surpassing all of 2022 by 310% (Cofense) Threat Spotlight: Proportion of malicious HTML attachments doubles within a year (Barracuda) Zelensky says White House told him nothing about Discord intelligence leaks (Washington Post) Russia attacks civilian infrastructure in cyberspace just as it does on ground - watchdog (Ukrinform) Merck’s Insurers On the Hook in $1.4 Billion NotPetya Attack, Court Says (Wall Street Journal) Merck entitled to $1.4B in cyberattack case after court rejects insurers' 'warlike action' claim (Fierce Pharma) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Iran integrates influence in cyber operations,
chat GPT use and misuse,
phishing reports increased significantly so far in 2023,
while HTML attacks double.
An update on the Discord papers,
cyber strikes against civilian targets,
my conversation with our own Simone Petrella
on emerging cyber workforce strategies.
Tim Starks from the Washington Post joins me with reflections on the RSA conference.
And turns out a war clause cannot be invoked in denying damage claims in the NotPetya attacks.
I'm Dave Bittner with your CyberWire Intel briefing for Wednesday, May 3rd, 2023. Microsoft has observed Iran making increasingly sophisticated attempts at influence operations. Microsoft says,
We detected these efforts rapidly accelerating since June 2022.
Since June 2022, we attributed 24 unique cyber-enabled influence operations to the Iranian government last year,
including 17 from June to December, compared to just 7 in 2021.
We assess that most of Iran's cyber-enabled influence operations are being run by Emanet Pasargad, which we track as Cotton Sandstorm, formerly Neptunium, an Iranian state
actor sanctioned by the U.S. Treasury Department for their attempts to undermine the integrity of
the 2020 U.S. presidential elections. The new playbook is predictable, but it's no less effective
for all of its templated quality. A campaign begins with a cyber persona announcing and usually exaggerating a low
grade cyber attack. That announcement is then picked up, distributed, and amplified by inauthentic
persona using the targeted audience's native language. Microsoft says the goals of its cyber
enabled I.O. have included seeking to bolster Palestinian resistance, fomenting
unrest in Bahrain, and countering the ongoing normalization of Arab-Israeli ties, with a
particular focus on sowing panic and fear among Israeli citizens.
OpenAI has confirmed a data breach in its chat GPT system, Security Week reports.
The breach was enabled by a flaw in the system.
The rapidly growing chatbot contained a vulnerability
in its open source library,
allowing outside users to see others' chat histories.
The breach took the chatbot offline
until the company's patch was released.
Although the patch was quick and the exploit appears minor,
this vulnerability may
have allowed others, malicious or otherwise, to see payment information, names, and email addresses
of other users using the service for a few hours. In a separate development, Samsung has completely
barred employees from using generative AI systems like ChatGPT on company devices and networks after it was found that
the tech giant's employees had uploaded sensitive internal data to the platform.
Bloomberg reports that the South Korean tech giant fears the implications of the chatbot's
data being stored on external servers, that storage could take the ability to secure such
data out of Samsung's hands
and could allow disclosure of shared information to unauthorized parties.
Samsung's strictures against using ChatGPT in its systems isn't, we should note,
a case of any more general reluctance to be involved with AI.
Samsung has also shared plans to create its own internal AI tools.
CoFence released its 2023 first quarter phishing intelligence trends review today.
They report a 20% increase in active threat reports in the first quarter when compared to last quarter,
and a 34% increase when compared to the first quarter of 2022.
Threat actors are updating their delivery systems.
They are, for example, now including OneNote files.
YouTube has become a surprising target of abuse by threat actors,
and threat actors will use redirects to point to phishing pages.
CoFence says the top malware families and types remained mostly consistent to that of the fourth quarter.
However, the most significant changes in malware types was a 38% increase in the use of keyloggers.
Researchers explain that QuackBot remained the most successful malware family reaching inboxes,
185% more often than Emotet, despite Emotet's extremely high dissemination volume. Telegram bot
usage for exfiltration increased very sharply, nearly 400 percent during the first quarter of
23, Kofentz states. Further, Telegram bot API usage continued to rise tremendously in the first
quarter, already surpassing all of 2022 by 310%. The use of
telegram bots has already reached new highs this quarter compared to all of last year,
and is expected to hold these levels or even go beyond.
CoFence expects an increase in phishing attempts as we enter the summer months.
Barracuda released a study this morning indicating that HTML attacks have
doubled since last year. The researchers note that not only is the total number of attacks increasing,
but the number of unique attacks seems to be increasing as well. Barracuda states,
on March 23rd, almost 9 in 10 of the total 475,938 malicious HTML artifacts were unique,
which means that almost every single attack was different.
HTML attacks are commonly seen in phishing campaigns
when users download HTML attachments from emails.
Barracuda recommends that organizations adopt email protections
to spot and block malicious HTML attachments,
that they train their personnel to spot phishing emails,
that they implement MFA and consider a zero-trust security model,
and that they prepare an incident response plan that includes ways of disrupting a campaign
should it penetrate your organization.
Ukrainian President Zelensky said he did not receive a briefing from the U.S.
on the leaks in the Discord papers.
He found out about them from news reports, according to the Washington Post.
In fairness to the White House, the leaks do seem to have caught U.S. authorities off guard,
and news outlets were among those who discovered the leaks at roughly the same time the
officials did. CERT-UA reports that Russia continues to attempt cyber attacks against
civilian infrastructure. Ukrinform quotes Volodymyr Kondrashov, spokesman for the State Service of
Special Communications and Information Protection. Where are the attacks coming from? CERT-UA, which is manually engaged in prevention, detection, and response to cyber attacks and
cyber incidents, monitors the activities of more than 80 groups, most of which are hacker
groups from the Russian Federation, whose 90% of the members are Russian military operatives.
That is, we see that Russia uses the same tactics in cyberspace
as it does on the conventional battlefield. That is, it tries to attack civilian infrastructure.
A New Jersey court ruled Monday that Merck may be entitled to a payout from their insurers
following a 2017 cyber attack against the company, Fierce Pharma reports.
The June 2017 cyber attack was conducted by NotPetya, a group with ties to Russia.
The attack initially hit Ukrainian targets, but soon spread indiscriminately around the world.
The pseudo-ransomware was first distributed through accounting software.
In Merck's case, and Merck was not the only Western company affected,
Bloomberg Law reports that in Merck's case, NotPetya infected more than 40,000 machines
in the pharmaceutical giant's network. The U.S. government attributed the attack to Russian
intelligence services and charged six Russian officers in connection with the incident.
The indicted officers are, of course, presently
out of reach. Merrick's insurers disputed a payout of $1.4 billion to the company on the basis of the
hostile warlike action exclusion clause within their policies, the Wall Street Journal reports.
However, the appeals court this week said that the exclusion clause should not apply to a non-military
affiliated company, despite the nature of its origin. It's a win for Merck, but more litigation
can, of course, be expected. And finally, our Cyber Wire associate producer Liz Ervin was with
us for the first time at the RSA conference this year, and she shared her mic with conference goers walking
the show floor. She files this report. We're here in the beautiful San Francisco at the RSA
conference for 2023. My name is Liz Ervin, and this is my woman on the street, walk and talk
with cyber professionals around the world. So what was it like walking down those escalators or
walking down those steps for the first time, seeing all of the panels and all of the booths,
was it overwhelming at first?
I think it's great.
I think it's such a big scale.
So we have trade shows in London,
but I think, honestly, it's a speck in the dust compared to RSA.
It's amazing.
People are here.
They're so generous with all the information that they want to give.
And I'm learning so much. Yeah, definitely. At first, it's definitely very overwhelming.
But we've just seen so many friendly faces who have come up to us and greeted us.
I've loved it. RSA is always kind of like a back to school reunion, right? Having been in the
industry for about eight years, it's really cool getting a chance to connect with some old friends.
But it's really interesting to see some of the new and interesting problems that people are solving.
So how are you comparing this year to the past years that you've been here?
Is it better or worse?
Like, what are you finding for this year?
I think what makes it so special this year
is being here with my super cyber girl squad
and having a whole community of young women
that are empowered and energized around this topic.
So it's a little bit of a different vibe,
but, you know, ours is just the magic So it's a little bit of a different vibe,
but, you know, ours is just the magic that it was a few years ago too.
I am enjoying it.
Since after COVID, it's nice to be back
and be back to normal, it feels like.
So the first year that I came,
we were very much in our first year as a startup.
So we had a much smaller booth.
We really had to fight to get attention.
Like today we're a bit more established and we have a lot more integrations and partnerships.
So seeing that growth between the first year and now is spectacular. So what is your favorite thing
on the show floor that you've seen so far today? There's been a lot. Actually, there was a nerd
wall over there that got all these old Star Wars comics, and there's
an AT-AT Lego piece, which got us to go to your booth, your guys' Legos here, and you
could win those.
So that was really cool and really unique to see.
Well, apart from the cool F1 cars and Indy cars, just talking to people.
There's no one thing, but you've got you guys here at Secure IoT,
and you've got the guys that are securing AI,
and it's really looking to the future.
So I can't pick one thing.
It's just all really great,
and great to be in San Francisco.
I'm sure you've heard of the abbreviation
for Chief Information Security Officer.
How do you pronounce that abbreviation?
I pronounce it CISO.
I would say CISO.
I say CISO. CISO. CISO. Okay, all right, fantastic.? I pronounce it CISO. I would say CISO. I say CISO.
CISO.
CISO. Okay. All right. Fantastic.
Although it should be CISO.
CISO?
CISA. CISO.
Okay.
CISO. I learned something today.
That's Liz Ervin, our N2K Network's associate producer,
reporting from the show floor of last week's RSA conference in San Francisco. Thank you. And Tim Starks from The Washington Post joins me with reflections on the RSA conference.
Stay with us.
Do you know the status of your compliance controls right now?
Like, right now?
We know that real-time visibility
is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives. Because when executives are compromised at home, Thank you. with Black Cloak. Learn more at blackcloak.io.
And it is my pleasure to welcome back to the show, Simone Petrella.
She is the president of N2K Networks and my boss. Welcome back, Simone.
It's so good to see you, Dave.
Like I could say no.
I forced you into it.
That's right.
That's right.
Twist my arm.
So you and I are freshly back from the RSA conference, and I wanted to touch base with you on trends that you were tracking and things you saw when it comes to strategic workforce
development.
I think particularly at RSA, it's so easy to talk about the tech side of things,
but it strikes me that we're facing a lot of interesting challenges when it comes to the
workforce. What did you see? Yeah, I think it was, first of all, it was wonderful to be back out at
RSA and kind of see it in full effect and all the tech solutions on display. I think one of the main
takeaways I had was that strategic workforce development,
training, how do we deal with the talent issue is still one of the top three priority areas
across the board. However, we're still stuck in this discrete challenge of the limitations of
the solutions that we're using to actually fix the problem.
What do I mean by that? Basically, it's something we all like to talk to. We give a lot of lip
service to it, but then when the rubber meets the road, I'd say that it's pretty fragmented in how
we're actually addressing the problem. I think there's more desire to talk about it than to
really invest significant resources or time into it, like you do in the problem. I think there's more desire to talk about it than to really invest significant
resources or time into it, like you do in the technologies, you know?
Help me understand here, because in my perception, it feels as though organizations are quick to hire
what I describe as the fully baked individual, the person who has been at this a while,
comes to the table with a lot of skills,
can hit the ground running, but they're not so quick to hire that person who's going to need a
little bit of care and feeding. Do you think that's an accurate perception on my part?
I do. I think that it is something that we've struggled with for years, and this year is no exception, a good number of the folks that I spoke to,
security leaders and CISOs, would talk about how they were really focused on more experienced
roles. The roles that they wanted to prioritize and fill required a level of experience. And so
they just essentially had no need for the entry or the mid-level roles that
could actually come up the ranks in security. And part of the reason they didn't want those is
because they're automating those functions and want to retain the rest for the more experienced
talent. So how do the new people coming out of school get trained up? Oh, that's a great question,
Dave. I guess they can't. We're all... Well, I mean, we're joking about it, but it's a real, can we go so far as to say peril for the industry?
I absolutely think it's a peril because we're not investing in training the workforce of the future.
And if they can't get to that place of experience because they haven't gotten a chance to get their foot in the door,
then you're actually going to continue to squeeze
the already limited supply of this talent we have.
It is a truly classic economic problem of supply and demand,
but we're putting the squeeze on ourselves
when we think about future forecasting.
So where do you think we have to go then,
based on what you've heard?
Any insights on potential solutions?
Well, one thing I think is really interesting
that was unique to this year than in prior years,
because this has obviously been an important topic
for a number of years now,
perhaps more than the last five,
was that while there's still a recognition
that the talent issue is real,
there is a reality of the market,
meaning the broader economy today,
because it is softening, because we're
kind of teetering on the edge of what people are saying will become a recession, we're not sure.
But that has resulted in the effect of reduced attrition across cybersecurity roles. Companies
are either not hiring as many positions as they had. And because when costs go up and budgets also
tighten, what do people do? They stay put in their jobs. So there's an interesting opportunity
from my perspective in that companies are experiencing all-time low attrition in their
cybersecurity workforces. But that also means that they are now in a position to actually invest and keep those folks they have in a way to develop them
that they may not have been as willing to do when they were operating under the world of,
I don't want to invest time and resources into new employee X, Y, or Z because they're going to leave me in a year and a half.
So rather than folks bouncing around, chasing after bonuses, being poached away,
perhaps it makes more sense to invest in these people
since there's a greater likelihood that they're going to stick with us for a while.
Exactly.
And as a lot of people say, the age-old adages, you know, the fear is,
well, if I train them, what happens if they leave?
This is truly an example of, well, what if you don't trade them and they stay?
That's right. That's right. But I suspect too, I mean, are we discounting the amount of loyalty
that someone might gain from having a company where they feel like they're investing in them. Absolutely. I think organizations have a really untapped opportunity to encourage and develop their
institutional talent because the hardest thing to actually upskill anyone on is knowledge
of the business, knowledge of the enterprise, knowledge of the particular unique risks in
that enterprise.
And being able to develop people into
new roles, but allow them to carry that institutional knowledge with them is actually a net
security positive for those organizations. Is this a bit of a wake-up call? I mean,
do you feel like this message is getting out either organically or just by necessity?
either organically or just by necessity?
I think it's still an uphill battle. I think that measuring and executing on human capital
is still one of the hardest things for us to,
as an industry, really wrap our heads around
because it takes a lot of work.
And it is, I think, very tempting to look to a technology solution
to automate something, make our lives more efficient, and essentially ignore the bigger, more challenging, more high-touch requirement that's ultimately necessary to have successful human talent and capacity.
Yeah. I mean, kind of understand it in such a tech-centric vertical that you'd have that impulse, but ultimately, I guess it's short-sighted.
I think so. And especially if we want to continue to have new folks come into the field,
we have to give them an opportunity to actually see themselves in these roles. Otherwise,
they'll bail out and you're stuck with kind of a recurrence of not having the most,
the best and the brightest kind of come into the field.
Yeah.
All right.
Well, Simone Petrella from N2K Networks,
thanks so much for joining us.
Thanks for letting me hijack you, Dave.
It is always my pleasure to welcome back to the show Tim Starks.
He is the author of the Cybersecurity 202 at the Washington Post.
Tim, great to have you back.
Howdy, Dave.
So you and I were both out in San Francisco at the RSA conference,
and although we did not cross paths while we were out there,
I'm looking forward to getting your insights from the show.
Any high-level thoughts to start with?
Gosh, you know,
it's kind of a funny thing that happens
when you're on the East Coast
and you go out to the West Coast
and end up talking to a bunch of people
from the East Coast.
Agreed, agreed.
So, you know,
partially because I'm a little focused on policy, the highlights for me were sitting down with Rob Joyce from the NSA.
And that was something I did alone with him.
And then also sitting down with Kimba Wallen, the acting national cyber director.
That was part of a panel with the media.
Those are the things that really stuck out to me.
Rob Joyce had a lot to say about a lot of things.
He also gave a very interesting presentation
that I wrote about again this week,
mentioning his thoughts on AI.
But when we talked, we talked about China,
we talked about Russia,
we talked about the Discord Leagues.
Kimmel Walden also likely covered the waterfront.
The thing that stuck out to me with her conversation was what they're doing on space cybersecurity.
I'm constantly trying to look for a way to work a joke about cyberspace, but space cyber, I can never make it happen in my column.
So those are the big things for me.
Obviously, I went to a lot of meetings,
wrote a bunch of things about it for the newsletter last week,
and again, like I said, spilling over to this week.
Going into the conference, I think a big question for me was,
to what degree are we going to see everything influenced by chat GPT?
And I made the joke, I think, on our show a couple times
that I thought maybe half of the booths would say, chat GPT enabled, and the other half would say, we protect you from things that are chat GPT enabled.
That's a legit good joke.
There really was a ton of announcements from companies saying, you know, generative AI, generative AI.
Right. But also, you know, people have been mourning on the other side about how risky this is.
But, you know, one of the things that was interesting to me about it was it's not something
where people can really, really give you a really solid answer about why they're worried
about it.
I think, you know, one of the best answers, and this was something that Janice really
told me a few weeks back when i asked her
like what are you actually worried about because she mentioned it as this big big threat that she
was really really worried about and she said well i'm not i'm not an ai expert i'm more worried about
the fact that that similar to the advent of social media similar to the the way we are she's worried
about secure by design people need to be thinking about about cyber security with it now before it gets to that point of of it's taken over our lives in a lot of ways and we don't realize how much harm has been done.
So I think that might be the best answer, even though it's an answer that says we don't know.
There are obviously real risks that people are talking about.
talking about that, that, you know, I think the, the, the one that's most persuasive to me right now is the, is the ability of these things to write, uh, phishing pitches, emails, or, or, uh,
disinformation. Those are the things that most are most convincing to me right now, because I,
you know, I've written before about how right now it's not actually very good at writing,
say malware. Uh, it might be later, but right now it doesn't seem that good at that.
One of the things that struck me, um me was I was having a conversation with Anne Johnson from Microsoft, and she was talking about how Microsoft is embracing these large language models. the leaders in the field going all in on this, does that leave the smaller players
not really having much of a choice
as to whether or not they follow that path?
If the big players are going to do it,
then to be competitive, do you have to do it?
Or is it possible to have it be a differentiator
to say, no, we're not doing that?
You know, I think one of the best answers I've heard to that kind of question,
not that precise question, was, you know,
AI isn't by itself going to change anything on the defensive side of things.
I mean, you mentioned Microsoft.
Google had an announcement, too.
So you're talking big, big, big, big companies.
What I've heard people say is that if you have AI and humans working together,
you're going to be better off than people just using one or the other.
Yeah, that's fascinating. What that reminds me of is years ago, I remember
reading an article about chess competitions, people at the highest level of chess. And someone
said that, someone who knew about these things said that computers
can pretty much beat
top chess folks routinely
these days. But if you team up
a human with a computer,
they can routinely
beat the computer by itself.
And I think that's an interesting
that connects to this, to what
you're saying, I think.
I think part of it, maybe I'm just being a little too skeptical here, I think're saying, I think. I mean, another thing I think, you know, I think part of it,
maybe I'm just being a little too skeptical here.
I think part of it is marketing.
I mean, everybody's talking about this.
So why not jump on the bandwagon and say, yeah, we're doing it too.
Yeah, I agree.
I think that's a big part of it too.
It's an easy thing to try to differentiate yourself from the competitors.
And if you already have a head start behind the scenes,
why would you not do that?
I mean, we're seeing things from folks within organizations like Google
who are, you know, there's stories coming out from them saying,
maybe we're going a little too fast here.
Yeah, I mean, the big godfather, his name is escaping me,
but yeah, saying, slow it down.
I mean, you know, I'm sorry if I've used this line on you before, Dave, but on this issue of AI,
I'm somewhere between growing up being afraid of the Terminator
and Cyberdyne systems and all of that,
but also looking at,
there's an essay that one of my favorite writers,
Ted Chiang, wrote for The New Yorker not that long ago,
which really sounds like he's not of the
mind that this is actually that big a deal.
And he's a very thoughtful science writer,
science fiction and science writer,
who was saying
that this is a little bit,
using this chat GPT stuff is a little bit
like a copy of a copy of a copy.
And you'll start having these, that's why we have these artifacts
or what we call hallucinations.
He seemed a little bit of the mind that this was just a different way
of the internet working.
I might be oversimplifying his point because he's way smarter than I am,
but I think there's a range there of how scary this could be
versus how people might be overreacting.
Yeah.
Well, as folks in the media love to say, time will tell, right?
Yes.
All right. Well, Tim, thanks for taking the time for us today. It's great catching up with you.
Thank you. suite of solutions designed to give you total control, stopping unauthorized applications,
securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant. And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
You can email us at cyberwire at n2k.com. Thank you. of many of the most influential leaders and operators in the public and private sector, as well as the critical security teams
supporting the Fortune 500
and many of the world's preeminent intelligence
and law enforcement agencies.
N2K Strategic Workforce Intelligence
optimizes the value of your biggest investment,
your people.
We make you smarter about your team
while making your team smarter.
Learn more at n2k.com.
This episode was produced by Liz Ervin
and senior producer Jennifer Iben.
Our mixer is Trey Hester
with original music by Elliot Peltzman.
The show was written by John Petrick.
Our executive editor is Peter Kilby
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.