Biden’s AI Security Memo Needs a More Solid Technical Foundation

The National Security Memorandum (NSM) on AI from the Biden administration caught my attention – but not for the reasons you might think. As I wrote with two co-authors in a recent Fordham Law Review paper on federalizing data privacy infrastructure, AI governance requires a comprehensive national security strategy. While many of my peers seem focused on legal and compliance implications, I see a more crucial technical gap that needs addressing: data architecture and sovereignty.

The Security Elephant in the Room

Let’s be frank – we’re building AI systems on shaky ground. The NSM talks about “safe, secure, and trustworthy AI,” but as any security professional knows, you want to avoid bolting security onto a system late in development. We need to build it into the foundation, and that’s where I believe the W3C Solid standard for data wallets plays a transformative role.

Currently, our AI systems are like fortified castles built on quicksand. We’re focusing on securing algorithms and models while leaving fundamental questions about underlying data ownership, access, and control largely unaddressed. Have you tried to safely apply your Claude project artifacts into ChatGPT, for example, reliably detecting any loss of integrity or confidentiality? While the NSM’s designation of the AI Safety Institute as the primary industry contact is promising, without a standardized data architecture, we’re setting ourselves up for a security nightmare.

Why Solid Matters for AI Security

For those unfamiliar, Solid is a set of protocols and standards developed by the W3C since 2016 that enables true data owner sovereignty with greater transparency in processing. Think of it as the difference between having hundreds of different keys for hundreds of different locks versus having a single, secure master key system that logs every use. That’s what we’re dealing with in AI security right now – a mess of proprietary systems that don’t talk to each other.

Let me break this down with a real-world scenario. Imagine you’re trying to secure an AI system that processes customer data across multiple cloud providers. Currently, you’re juggling different authentication systems, piecing together audit trails, and hoping your access controls are properly configured across all systems. It’s a nightmare that keeps many of us up at night, given how few if any security vendors are ready to offer real AI breach solutions.

With Solid’s standardized approach, this all changes. Instead of proprietary authentication systems, you get a unified standard for data ownership that works everywhere – like bringing OAuth-level standardization to AI data access. Your audit trails become comprehensive and automated, not pieced together from different systems. And perhaps most importantly, data stays compartmentalized with granular permissions, so a breach in one area doesn’t compromise everything. Solid offers a whole new level of safe AI efficacy because of natural data integrity enhancements through ownership, with far less risk of privacy loss.

What the NSM Gets Right (And Where It Falls Short)

Reading through the NSM, I found myself nodding along with its emphasis on “mechanisms for risk management, evaluations, accountability, and transparency.” These are exactly the principles we need. The document shows a solid understanding of supply chain security for AI chips and makes competitor intelligence collection a priority – both crucial for our national security posture.

But here’s where it falls short: it’s missing the architectural foundation. While it talks about securing AI systems, it doesn’t address the fundamental need for a standardized data architecture. It’s like trying to secure a city without agreeing on how to build the roads, walls and gates. We need more than just guidelines – we need a common framework for how data moves and who controls it.

A Strategic Roadmap for Security Leaders

If you’re a CISO reading this, you’re probably wondering how to actually implement these ideas. I’ve been working with security teams on this transition, and here’s what the most effective approach looks like: Start with a pilot project in a controlled environment – perhaps your internal AI development platform. Use this to demonstrate how standardized data wallets can simplify access control while improving security posture.

Over the next six months, focus on building out the infrastructure for standardized authentication and data governance. This isn’t just about technology – it’s about establishing new processes that align with how AI actually uses data. You’ll find that many of your current security headaches around data access and audit trails simply disappear when you have a proper foundation.

The long-term vision should be a complete transition to wallet-based architecture for AI systems. Yes, it’s ambitious, but it’s also necessary. The CISOs I’ve talked to who consider this path find that it significantly reduces their attack surface while making compliance much more straightforward.

The Path Forward

The NSM is a step in the right direction, but as security leaders, we need to push for more concrete technical standards. Solid provides a ready-made framework that could address many of the security and privacy concerns the NSM raises.

My recommendation? Start experimenting with Solid now as a technical solution that brings huge efficiencies. Don’t wait for more regulations and costly cleanup of technical debt. The organizations that build their AI systems on a Solid foundation of data sovereignty will be better positioned to meet present and future security and compliance requirements.

Bottom line: AI security isn’t just about protecting models and algorithms – it’s about ensuring the entire data lifecycle is secure, traceable, and under proper control. The NSM gives us the “should do”; Solid gives us the “how to”.

War Crimes, 25K Dead and Over 10 Million Displaced: Sudan Gets Almost Zero News Attention

Through a security analyst’s lens specializing in post-colonial African conflicts, Sudan’s crisis has entered a phase of unprecedented escalation. The RSF’s operations, while ostensibly military in nature, bear the hallmarks of systematic ethnic cleansing – a pattern obscured by the fog of war but increasingly evident in their tactical choices. The violence manifests through a network of sophisticated alliances, where centuries-old tribal relationships and contemporary political objectives interweave, creating a conflict ecosystem where military strategy often serves as mere camouflage for deeper ethnic and political agendas.

The RSF’s methodical targeting of specific ethnic groups illuminates a cruel political calculus beyond conventional military objectives. Their response to Abu Aqla Keikel’s defection exemplifies this approach: rather than purely military retaliation, their actions constitute a deliberate campaign of demographic restructuring. By targeting entire communities associated with defectors, they’re executing a dual strategy – eliminating potential opposition while sending an unmistakable message to other groups contemplating similar defections. This merger of military tactics with ethnic targeting represents a dangerous evolution in their operational doctrine.

Over 100 people were just brutally killed by the Sudanese RSF in an ethnic “revenge” attack, which doesn’t seem to be making any headlines. The UN has reported some details.

According to [UN human rights chief Volker Türk] rights office (OHCHR) the violence intensified following the 20 October defection of RSF commander Abu Aqla Keikel to the forces of the ruling military Government.

In apparent retaliation, the RSF launched a series of attacks targeting members of his ethnic group, killing at least 124 people on Friday in Al-Seriha village…

The deployment of sexual violence as a weapon in this conflict mirrors tactics documented in Rwanda and DRC, but with a crucial distinction: the RSF has refined these methods into a precise instrument of psychological warfare and territorial control. These aren’t sporadic acts of violence but rather calculated components of a broader strategy of social destruction. The Sudan crisis is further detailed by WashPo.

A rights group reports women being gang-raped in front of their families, the shame driving some to suicide. Men who tried to protect them were shot, a witness tells The Washington Post. One villager describes terrified residents fleeing into fields that were later raked with gunfire…

The scale of violence documented by German DW, drawing from local NGO sources, provides crucial context about the systematic nature of attacks:

Fikra said the paramilitary group killed 300 people in the city of Tamboul on a single day, October 22, after launching a similar attack on Rufaa the day before, “resulting in 100 deaths, rape of women, and numerous cases of kidnapping and disappearance of girls.” Some 100 other villages in the east Gezira were raided in the multiday rampage, Fikra reported.

The meteoric rise in casualties and displacement – from 5 million displaced and 12,000 killed to 11 million displaced and 25,000 killed in just one year – exemplifies the catastrophic impact of proxy warfare in the modern era. The current geopolitical alignment, with Egypt and Saudi Arabia supporting SAF while the UAE backs RSF, has created a deadly equilibrium reminiscent of the protracted conflicts in Libya and Yemen. This balance of external support ensures neither side can achieve decisive victory, leading instead to an escalating cycle of civilian targeting.

The conspicuous absence of sustained mainstream media coverage of these escalating atrocities reflects more than just typical news fatigue – it represents a systemic failure in international crisis response mechanisms. This media vacuum creates a feedback loop where reduced visibility leads to diminished diplomatic pressure, which in turn enables further escalation with minimal international consequence.

The destabilizing effects of this conflict are reverberating across the Horn of Africa with increasing intensity. Chad’s eastern regions, already struggling with resource scarcity, now face unprecedented refugee flows that threaten to overwhelm local infrastructure and social services. Ethiopia confronts a more complex challenge: its western regions, historically volatile, are now experiencing increased arms proliferation while cross-border ethnic affiliations create potential flash points for conflict expansion. The situation in South Sudan is particularly precarious – its recent emergence from civil war leaves it uniquely vulnerable to both refugee-related pressures and the opportunistic exploitation of its territory by armed groups seeking strategic depth. Egypt, despite its relative stability, faces long-term strategic challenges from potential demographic shifts along the Nile corridor that could reshape regional power dynamics.

Without decisive international intervention targeting both proxy supporters and local belligerents, this conflict risks triggering a humanitarian catastrophe that could fundamentally alter northeastern Africa’s demographic and political landscape for generations. The current trajectory suggests not just a localized civil war, but the potential unraveling of post-colonial state structures across the region, with implications far beyond Sudan’s borders.

Rwandan Modern Medical Centers Rapidly Respond to Marburg Virus

NPR is reporting dramatic advances in Rwandan healthcare infrastructure, leading to rapid success in stopping the deadly Marburg virus.

For this outbreak, there was the know-how and infrastructure to set up a separate Marburg treatment facility. That’s been a boon for other patients and medical staff, preventing exposure to the virus — which crosses over from bats to humans and can be transmitted through bodily fluids like blood, sweat and diarrhea.

And even though there aren’t approved medications to treat Marburg, patients in Rwanda have received good supportive care for all their symptoms — like the IV fluids critical for symptoms like high fevers, nausea, vomiting and diarrhea.

Instead of the 90% fatality rate experienced in past outbreaks, the responders say today it’s almost down to 20%.

German President Meets With Greek Survivors of Nazi Massacres

Germans could and should cast even more light on the present-day problems from Nazism, using state visits and official statements like this.

“The brutality, the cruelty, the inhumanity of the German occupiers, they take my breath away, especially today,” he continued. “And yet you offered us the hand of reconciliation, and for that I am grateful to you.”

Steinmeier apologized as well for Germany having “dragged its heels for decades when it came to punishing the crimes” and that post-war governments “looked the other way and remained silent.”

[…]

The Nazi occupation of Greece lasted between 1941 and 1944 and was among the bloodiest in Europe, amid famine and the extermination of some 90% of the Greek Jewish community. The Nazis imposed a forced loan on Greece’s central bank, which was never repaid.

With this in mind, key figures in American industrial sectors today, particularly those overseeing critical infrastructure and national security-adjacent technologies, warrant careful analysis when they signal potential financial instability or express extremist political preferences for the kind of shameless racism that affects market confidence and national interests.

Some recent statements regarding debt obligations in America merit particular attention given Tesla and SpaceX’s strategic importance to automotive/energy independence and space capabilities. Elon Musk’s public commentary on race, electoral preferences and governance systems introduces additional variables that institutional stakeholders and regulators must factor into their risk assessments.

Nazism is here again. Will the banks and factories stop fueling it this time before it becomes a global catastrophe?

Germany needs to step up their game and call people out more directly when asking why the investigation and prosecution of Nazism still faces delays even today.