Navigate

A new network worm has emerged, operating through AI services — it replicates, distributes spam, and steals data.

AI robot using cyber security to protect information privacy . Futuristic concept of cybercrime prevention by artificial intelligence and machine learning process . 3D rendering illustration .

A novel type of cyber-attack, delivered through generative artificial intelligence (AI) services, has been developed by an international team of cybersecurity researchers. The self-propagating worm has the ability to infiltrate AI services, steal data, and distribute spam through email correspondence.

Observations on generative AI systems

Generative AI systems like OpenAI ChatGPT and Google Gemini are widely used for tasks such as event creation in calendars and product orders. However, cybersecurity researchers warn against potential threats posed by these systems. They have developed a new kind of worm attack, named Morris II after the first computer worm, Morris, which infected ten percent of all computers connected to the internet at the time in 1988. Morris II launches attacks on AI-based virtual assistants via email and steals data from these emails, avoiding protection measures put in place by ChatGPT and Gemini.

The researchers tested the new attack model in isolated environments and found that large language models’ multimodal characters, or their ability to work with text, images, and video, made the attack possible. Although generative AI worms have not yet been detected in practice, the researchers urge independent developers, startups, and tech companies to consider this threat.

Understanding the mechanism of these AI worms

Generative AI systems generally work by receiving textual commands, such as requests to answer a question or create an image. These commands can be used against the system, compelling it to ignore safety measures and generate inappropriate content. The working principle of generative AI worms revolves around ‘adversarial self-replicating prompts,’ where the AI model generates a command in response to a command, much like traditional SQL injection and buffer overflow attack schemes.

Demonstration of the worm attack

The researchers created an email service capable of receiving and sending messages through a generative AI. The service connects to ChatGPT, Gemini, and an open model called LlaVA, and then uses self-replicating textual instructions, or similar instructions embedded within an image file, to exploit AI vulnerabilities. A trial attack induced the compromised email service to carry out an online search and generate a response, facilitating ‘AI heist’ and data theft.

Possibility of data theft and the way forward

The researchers warned that this technique could be exploited to extract personal information, such as phone numbers, credit card numbers, and social security numbers from emails. They attributed the method’s success to flaws in AI ecosystem design and shared their findings with Google and OpenAI. While OpenAI confirmed the threat and their ongoing measures to strengthen system robustness, Google refused to comment. Experts recommend that users not grant AI privileges such as issuing emails on their behalf. All actions should require human approval. Even so, researchers predict that such generative AI worms will be operational within the next two or three years.

This post was last modified on 03/03/2024

Julia Jackson: Hey there! I'm Julia Jackson, your friendly neighborhood tech geek, always navigating the exciting realms of technology with unbridled enthusiasm. Born and raised in the digital age, I've been on a relentless quest to understand and unravel the intricacies of the ever-evolving tech landscape. Hailing from a generation that witnessed the meteoric rise of the internet, I've been a digital native since the dial-up days. From the nostalgic hum of connecting to the World Wide Web to the lightning-fast speeds of today's fiber optics, I've witnessed and adapted to the digital evolution with a keen eye and a passion for all things tech. My love affair with technology goes beyond just using gadgets; I'm driven by an insatiable curiosity to understand the nuts and bolts that power our digital world. Whether it's coding languages, emerging technologies, or the latest in artificial intelligence, I'm always eager to delve deeper and unravel the mysteries that make our digital existence possible. Beyond my personal pursuits, I'm deeply committed to fostering a sense of community in the tech world. Whether through sharing knowledge on online forums, attending tech meetups, or mentoring aspiring techies, I believe in the power of collaboration and knowledge sharing to propel us all forward.
Related Post
  1. Nvidia and Synopsys Embed Artificial Intelligence in Lithographic Preparation for Chip Manufacturing
  2. NVIDIA Presents the World’s Most Powerful Chip – Blackwell B200, Paving the Way for Gigantic Neural Networks
  3. Hackers Breach Fujitsu – Customer Data Potentially Stolen
  4. YouTube Requires Labeling for Realistic Content Generated by AI
  5. The GhostRace vulnerability allows data theft from any modern x86, Arm, and RISC-V processor.