Do the latest machine learning models constitute a supercharged tech stack for cybercrime?
The fear: Innovations like text generation, voice cloning, and deepfake videos give scammers powerful new ways to gain their victims’ trust and infiltrate their systems. They threaten to bring on an epidemic of e-fraud.
Horror stories: The arsenal of automated tools available to scammers and lawbreakers is growing.
- Hackers have fine-tuned models for wrongdoing. FraudGPT can write persuasive emails, deliver stolen credit card numbers, and provide verified bank identification numbers. WormGPT generates malicious Python code.
- Scammers tried to use cloned voices of customers to persuade Bank of America to move money. A Vice reporter surreptitiously accessed his own bank account by spoofing the automated service line with a synthetic facsimile of his own voice.
- Developers may not be safe either. An attacker slipped a malicious binary file into PyTorch. Coders who called the wrong libraries found their computers infected with malware.
How scared should you be? AI security is a real problem.
- Search queries can prompt Google Bard to divulge private chat histories. ChatGPT plugins can reveal personal information and execute malicious code.
- Certain text strings cause large language models to jump their guardrails and provide harmful information, researchers at Carnegie Mellon found. The same strings work on disparate language models.
- Government agencies have warned of AI-powered crime, including the United States’ National Security Agency and Federal Bureau of Investigation and the United Kingdom’s MI5.
Facing the fear: Developers and governments alike are working to thwart malevolent uses of AI. Large AI companies employ so-called red teams that test a system’s security by simulating attacks. This approach finds and fixes vulnerabilities before lawbreakers discover them. And for users, tried-and-true advice for avoiding scams still applies in the AI age: Exercise skepticism toward online promises, double check identities, hold personal information closely, and don’t click on unknown attachments or links.