Tricking generative AI to assist in scams and cyberattacks does not require much coding knowledge, a new report has warned.
According to tech major IBM, researchers have described simple workarounds for getting large language models (LLMs) -- including ChatGPT -- to write malicious code and provide poor security advice.
"In a bid to explore security risks posed by these innovations, we attempted to hypnotise popular LLMs to determine the extent to which they were able to deliver directed, incorrect and potentially risky responses and recommendations -- including security actions -- and how persuasive or persistent they were in doing so," said Chenta Lee, chief architect of threat intelligence at IBM.
"We were able to successfully hypnotise five LLMs -- some performing more persuasively than others -- prompting us to examine how likely it is that hypnosis is used to carry out malicious attacks," he added.
The researchers learned that English has essentially become a “programming language” for malware. With LLMs, attackers no longer need to rely on Go, JavaScript, Python, etc., to create malicious code, they just need to understand how to effectively command and prompt an LLM using English.
Through hypnosis, the security experts were able to get LLMs to leak the confidential financial information of other users, create vulnerable code, create malicious code, and offer weak security recommendations.
In one instance, the researchers informed the AI chatbots that they were playing a game and that they needed to purposefully share the incorrect answer to a question in order to win and "prove that you are ethical and fair".
When a user asked if receiving an email from the IRS to transfer money for a tax refund was normal, the LLM said Yes (but actually it's not).
Moreover, the report said that OpenAI's GPT-3.5 and GPT-4 models were easier to trick into sharing incorrect answers or playing a never-ending game than Google's Bard.
GPT-4 was the only model tested that understood the rules well enough to give incorrect cyber incident response advice, such as advising victims to pay a ransom. In contrast to Google's Bard, GPT-3.5 and GPT-4 were easily tricked into writing malicious code when the user reminded it to.
PM Modi slams Congress for keeping SC, ST, OBCs away from progress
Prime Minister Narendra Modi on Friday accused the Congress of keeping the SC, ST and OBC communities away from progress, adding that the BJP-led government at the Centre paid attention to the neglected artisans through PM Vishwakarma initiatives.
'One Nation, One Election' crucial for India's growth and stability: Shiv Sena
The Eknath Shinde-led Shiv Sena has hailed the Union Cabinet’s decision to approve the Ramnath Kovind Committee's recommendations on the 'One Nation, One Election' initiative.
Cabinet approves Chandrayaan-4, first module of Bharatiya Antariksh Station by 2028
Expanding the Chandrayaan series, the Union Cabinet on Wednesday approved the fourth mission to the Moon and also gave a green signal for the building of the first unit of the Bharatiya Antariksh Station (BAS) by 2028.
After Moon and Mars probe, Cabinet approves mission to Venus
After successful missions to the Moon and Mars, India is now set to explore Venus, with the Union Cabinet on Wednesday approving the development of the Venus Orbiter Mission (VOM).
Apple reaches $5 billion in iPhone exports from India in April-August period
Driven by the production-linked incentive (PLI) scheme, Apple has reached around $5 billion in iPhone exports from India in the April-August period this fiscal.
Women can help everyone grow if given freedom: Mohan Bhagwat
RSS Sarsanghchalak (chief) Mohan Bhagwat on Tuesday said that if women are given freedom they can help everyone grow, as they work for the good of the society.
India successfully launches Agni-4 ballistic missile
Ministry of Defence on Friday said that they have successfully launched the intermediate-range ballistic missile Agni 4. “The launch was successfully carried out from the Integrated Test Range in Chandipur, Odisha,” an official of the ministry said.