The Real AI Threats

Your toaster is not rising up.

The ominous threat of AI makes for a good clickbait title these days. Although the subject itself is rather old, having been explored in science fiction and popular culture for a long time, it's beginning to feel more real now that AI is dominating the headlines. However, this threat can mean different things for different people, ranging from phishing emails and the generation of fake news to easier hacking, job displacement, and even the potential scenario of AI becoming the next Skynet in a "rise of the machines" scenario.

First-world countries are in a race to develop laws to regulate the use of AI and keep it under control. Various organizations, such as NIST, ISO, and CSA, are actively developing standards and frameworks to assist organizations and governments in addressing the challenges posed by AI. However, not all actors have benevolent intentions, and many entities, including some states, stand to gain from unrestricted use of AI technology.

While ChatGPT may be the obvious choice for pasta recipes, it's not the simplest if looking to perform illegal activities. Over the last year, we've all had fun trying to get ChatGPT to break its rules and say nonsensical things, which occasionally works. But most of the times it doesn't. The real threat is not coming from ChatGPT, Genesys, Midjourney and other prestigious Silicon Valley products. These commercial implementations of AI are owned by reputable companies and are usually highly regulated and restricted. They all have policies and filtering mechanisms preventing them from generating illegal, harmful or inappropriate content. Because the threat landscape is constantly evolving, these models are constantly trained to recognize such attempts. Although in some case these safety measures could be circumvented, it would not be the most effective way to get the information I wanted if I were a threat actor.

Here are a few risky scenarios in the world of AI that currently pose a threat and should be followed closely onward.

1. Deceiving GPT websites

Imagine a fake ChatGPT website, looking just like the real one, advertised through a carefully crafted email campaign that would have you believing it's from OpenAI: "For a limited time, get ChatGPT Plus for free. Click on this link."

Cloned, fake or simply deceiving GPT websites could trick users into entering their personal data, personal files, pictures, financial information for the promise of great productivity returns. Users could upload their files into such platforms who would use this information for malicious purposes.

The threat is not only limited to personal information. Employees use GPTs as a creative way to accomplish business tasks faster and better. Restricted company files could find their way in the wrong hands. Think contracts, financial data, employees lists, market strategies, prototypes, etc. The promise of a quick summarization could make an employee upload all sorts of files in what they believe is a safe resource.

2. Open source AI technology

Some LLMs are available freely on the internet as open source. Off course, running a large language model takes up a lot of computing power, but the time and resources needed to train some of these models are getting lower, plus you can get easily pre-trained models that only need to be tweaked. Apple researchers have already managed to squeeze a large language model onto a MacBook so we should be seeing more of that in the future.

Hosting can be easily procured in countries which do not adhere to strict laws governing content. Malicious actors could easily obtain the necessary infrastructure to power the aforementioned deceiving GPT sites in order to harvest valuable personal information.

One particular domain where AI shines is information retrieval. This is what most of the people do in ChatGPT, replacing Google to look for information. Imagine having a GPT that would allow you to research drug recipes without throwing the book at you for violating the policies.

Criminal organizations could use Ai to automate their criminal activities. Hacking will be made more accessible as an unrestricted AI could open up exploit creation to people with less and less technical knowledge.

With an unrestricted GPT the limit is only your imagination. And let's not forget that the internet has no boundaries. No matter the laws and regulations govern your part of the world, they don't prevent you from accessing content from across the globe. While it might be argued that potentially illegal AI applications could be filtered out, the sheer volume presents a significant challenge. It would be optimistic to assume that each one could be blocked before reaching the end user.

Continue reading