I agree with critics of the letter who say that worrying about future risks distracts us from the real damage that AI is already causing today. Biased systems are used to make decisions about people’s lives that trap them in poverty or lead to wrongful arrests. Human content moderators are forced to sift through mountains of traumatic AI-generated content for just $2 a day. Language AI models use so much computing power that they remain huge polluters.
But the systems that are rapidly being pushed out today will wreak havoc of an entirely different kind in the near future.
I just published a story that outlines some of the ways AI language models can be abused. I have a bad news. it’s stupidly easy, it requires no programming skills, and there are no known fixes. For example, for a type of attack called indirect rapid injection, all you have to do is hide the message in a cleverly crafted message on a website or email, with white text that (on a white background) is not visible to the website. human eye. Once you’ve done that, you can command the AI model to do whatever you want.
Tech companies are building these deeply flawed models into all sorts of products, from software that generates code to virtual assistants that sift through our emails. emails and calendars.
In doing so, they torture us into a broken, spammy, fraudulent, AI-powered internet.
Allowing these language models to extract data from the Internet enables hackers to turn them into a “super engine of spam and phishing,” says Florian Tramer, an assistant professor of computer science at the University of Zurich who works on computer security and privacy. and machine learning.
Let me show you how it works. First, an attacker hides a malicious message in an email that is opened by an AI-powered virtual assistant. The attacker’s prompt to the virtual assistant asks the attacker to send the victim’s contact list or email. emails, or spread the attack to everyone in the recipient’s contact list. Unlike today’s spam and fraud email emails where people have to be tricked into clicking on links, these new types of attacks will be invisible to the human eye and automated.
This is a recipe for disaster if the virtual assistant has access to sensitive information such as banking or health information. The ability to change the behavior of an AI-powered virtual assistant means that people can be tricked into confirming transactions that are close enough to the real thing, but actually set up by an attacker.