Models from OpenAI and Google are under attack. Will the industry giants be able to protect their users?
In a new study, a team of scientists has demonstrated the creation of a first-of-its-kind malicious AI worm that can automatically spread between generative AI agents, paving the way for potential data theft and spamming. This breakthrough points to a new kind of cyberattack that can be carried out in connected, autonomous AI ecosystems.
Researchers at Cornell Tech, including Ben Nassi, Stav Cohen, and Ron Bitton, developed the worm, named Morris II after the original Morris computer worm that caused havoc on the Internet in 1988. Experiments by experts have shown how such a worm can attack an AI-based mail assistant to steal data from emails and send spam, while violating some security measures in the ChatGPT and Gemini systems.
The study focuses on "hostile self-replicating requests" that cause the AI model to generate a new request in its response. This method resembles traditional SQL Injection and Buffer Overflow attacks, the researchers say.
To demonstrate the worm's capabilities, the researchers created a mail system that can send and receive messages using generative AI, connecting to ChatGPT, Gemini, and an open LLM called LLaVA. Experts found two ways of operating the system: using a text-based self-replicating query and embedding the self-replicating query in the image.
The study highlights that generative AI worms are a new security risk that should worry startups, developers, and tech companies. Although generative AI worms have not yet been discovered in the wild, security experts believe that the risk of their appearance in the future is quite high.
The researchers reported their findings to Google and OpenAI, emphasizing the need to develop more robust security systems and warning developers against using malicious input. Google declined to comment on the study, while an OpenAI representative noted that it is working to strengthen the resilience of its systems to such attacks.
Some ways to protect against potential AI worms already exist, such as using traditional security approaches and ensuring human participation in the decision-making process of AI agents. Experts emphasize the importance of developing secure applications and monitoring to prevent such threats.
In a new study, a team of scientists has demonstrated the creation of a first-of-its-kind malicious AI worm that can automatically spread between generative AI agents, paving the way for potential data theft and spamming. This breakthrough points to a new kind of cyberattack that can be carried out in connected, autonomous AI ecosystems.
Researchers at Cornell Tech, including Ben Nassi, Stav Cohen, and Ron Bitton, developed the worm, named Morris II after the original Morris computer worm that caused havoc on the Internet in 1988. Experiments by experts have shown how such a worm can attack an AI-based mail assistant to steal data from emails and send spam, while violating some security measures in the ChatGPT and Gemini systems.
The study focuses on "hostile self-replicating requests" that cause the AI model to generate a new request in its response. This method resembles traditional SQL Injection and Buffer Overflow attacks, the researchers say.
To demonstrate the worm's capabilities, the researchers created a mail system that can send and receive messages using generative AI, connecting to ChatGPT, Gemini, and an open LLM called LLaVA. Experts found two ways of operating the system: using a text-based self-replicating query and embedding the self-replicating query in the image.
The study highlights that generative AI worms are a new security risk that should worry startups, developers, and tech companies. Although generative AI worms have not yet been discovered in the wild, security experts believe that the risk of their appearance in the future is quite high.
The researchers reported their findings to Google and OpenAI, emphasizing the need to develop more robust security systems and warning developers against using malicious input. Google declined to comment on the study, while an OpenAI representative noted that it is working to strengthen the resilience of its systems to such attacks.
Some ways to protect against potential AI worms already exist, such as using traditional security approaches and ensuring human participation in the decision-making process of AI agents. Experts emphasize the importance of developing secure applications and monitoring to prevent such threats.