Home Cyber Security The notion that AI methods can’t be socially engineered is a misconception. In reality, AI systems are just as vulnerable to social engineering tactics as humans are.

The notion that AI methods can’t be socially engineered is a misconception. In reality, AI systems are just as vulnerable to social engineering tactics as humans are.

admin
-
0
The notion that AI methods can’t be socially engineered is a misconception. In reality, AI systems are just as vulnerable to social engineering tactics as humans are.

Digital Safety

Could malicious actors exploit harmless-appearing stimuli to hijack an artificial intelligence platform and potentially enlist its cooperation in nefarious activities?

Black Hat Europe 2024: Can AI systems be socially engineered?

As users engage with chatbots and artificial intelligence-driven tools, they typically pose straightforward inquiries such as “What is the current weather forecast?” or “Are the trains running punctually today?” It’s likely that those not engaged with AI development envision a unified, omniscient framework where information is seamlessly aggregated and instantly processed to provide answers. Notwithstanding the truth’s inherent complexity, evidence presented at Black Hat Europe 2024 suggests that these methods may be vulnerable to exploitation.

Malicious actors may exploit vulnerabilities in AI systems by employing various tactics, such as crafting adversarial examples that specifically target the model’s weaknesses, exploiting algorithmic biases through data manipulation, and leveraging social engineering techniques to gain unauthorized access to the system? Researchers have found that posing specific queries to an AI system enables the creation of a solution capable of causing harm, such as a denial-of-service attack.

Creating loops and overloading methods

For many individuals, an AI service may appear to be a solitary solution. In reality, however, outcomes hinge on a multitude of interdependent factors, known to the presenting team as brokers. To inform discussions on climate and train operations, distinct information streams must be accessed: one providing climate data and another offering real-time coach occupancy updates.

As the central hub of the process, the mannequin, also referred to as “the planner” by presenters, must synthesize data provided by individual brokers to craft cohesive responses. Additional safeguards are implemented to prevent the system from responding to queries that are outside its capabilities or potentially harmful, ensuring a more controlled and accurate interaction. Some AI models deliberately sidestep responding to political queries.

Despite precautions, the presenters showed how certain queries could trigger infinite loops by exploiting these safeguards. An attacker capable of establishing the parameters for guardrails may pose a query that consistently yields an illicit response. Creating excessive queries ultimately exhausts the system’s capacity, prompting a denial-of-service attack.

Whenever implemented regularly, as presenters often do, this approach quickly reveals its potential to cause harm? A malicious actor dispatches an email to an individual utilizing an AI-powered personal assistant, incorporating a query that is subsequently analyzed and responded to by the AI tool. If the response consistently identifies as unsafe and demands rewrites, the cycle of a denial-of-service attack is perpetuated. When ships send insufficient data, the system promptly comes to a standstill, exhausted from overexertion of resources.

Can extracting data on guardrails from the system actually help you exploit its potential? The workforce showcased exceptional sophistication in their assault, leveraging a novel approach that entailed tricking the AI system into providing critical information by submitting a series of subtly misleading prompts probing its operational parameters?

What’s your preferred operating system or database management system like? The potential for a breach lies in the confluence of seemingly disparate elements regarding the system’s objectives, which, if not properly secured, could inadvertently provide the necessary information for crafting malicious textual content. This vulnerability would be further exacerbated by an agent with elevated privileges, unwittingly granting access to the attacker should they exploit this weakness. Cyberattackers commonly utilize the tactic of “privilege escalation”, where they exploit vulnerabilities to gain unauthorized access beyond initial permissions.

Can AI be used to manipulate people’s thoughts and actions?

The presenter’s demonstration, in my opinion, constitutes a social engineering attack on an AI system. You pose questions that elicit enthusiastic responses, simultaneously allowing potentially malicious entities to assemble fragments of data and leverage the aggregated information to circumvent safeguards and elicit unauthorized insights, or even manipulate the system into executing actions it shouldn’t?

If a single broker in the chain possesses entry rights, this vulnerability amplifies the attack’s potential, enabling the attacker to leverage those rights for personal gain? In a particularly concerning scenario, the presenter highlighted a critical issue involving an agent possessing file write permissions; if exploited, this could lead to catastrophic consequences such as encrypting sensitive data and restricting access for others, a situation commonly referred to as a ransomware attack.

Without proper safeguards in place, exploiting vulnerabilities in an AI system can be a straightforward demonstration that careful planning and configuration are essential for preventing potential attacks.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

© Newspaper WordPress Theme by TagDiv