AI PCs might solve a real problem: The 'friction' that sees users ignore security

Trend Micro says cloudy email scans trigger GDPR warnings that deter users. Local models that use NPUs don't

Computex Trend Micro has outlined how it will tailor its desktop security software for AI PCs, and thinks it might improve security in ways that normal, bog-standard PCs can't match.

As explained to The Register by Trend's veep for product management Eric Shulze at Computex in Taiwan today, the company's email security tools use a cloud-hosted AI service that scans messages to detect threats. Because emails contain personal info, uploading messages to that service is an act that means Trend Micro must comply with the European Union's General Data Protection Regulation. To do so, the company's wares present a popup that asks if users approve their emails being uploaded.

Infosec types describe that sort of popup as a source of "friction" because it means users are being asked to make a choice about their security and can't be relied on to choose wisely. Sometimes, friction causes users to opt out of services entirely – they can't be bothered clicking on anything other than a button that makes popups go away forever. If they make that choice for cloudy email scanning, friction has therefore seen them opt out of a service designed to protect them.

As such, Trend Micro has adapted the AI used in its cloud to run locally on AI PCs – machines that include a neural processing unit (NPU) capable of handling at least 40 trillion operations a second (TOPS).

If Trend's software is running, incoming emails are assessed by that model. And because the model runs locally, there's no need to seek users' permission.

Shulze thinks that's a win because it reduces resistance, meaning users might not opt out of having their emails assessed.

AI PCs can scan mails without working up a sweat, he added, showing The Register a Windows utility that tracks CPU load, and which now also tracks NPUs. The latter showed occasional brief and small spikes of activity – each representing a scan of a single incoming email without exceeding five percent NPU usage.

The NPU was otherwise idle – as you'd expect on a vendor's demo machine. But Shulze said Trend Micro doesn't see much competition for NPU resources at present – it seems buyers of AI PCs, or Copilot+ PCs, or whatever they are called, aren't yet running many apps that require NPUs.

Trend's update also monitors attacks on AI applications. Shulze outlined a scenario in which malware could attack a local model by inserting text such as the wrong address for a bank's website – mybank.com instead of the real site bank.com – in the hope that users visit the first site and fall for a phishing lure.

The company intends to deliver this tech in its consumer-grade desktop products "in late 2024." There's no word on when business users might enjoy the same protections. ®

More about

TIP US OFF

Send us news


Other stories you might like