In an innovative yet alarming display of technological prowess, a team of researchers has drawn attention to the potential dangers of artificial intelligence by creating AI “worms” that possess the capability to hijack data or deploy malware across systems. This revelation comes amid growing concerns about the security implications of rapidly advancing AI technologies.
The findings, first exclusively shared with WIRED, indicate that these generative AI worms represent an unprecedented threat in the cybersecurity landscape, capable of spreading autonomously from one system to another. According to Ben Nassi, a Cornell Tech researcher involved in the study, this advancement heralds a new era of cyber threats previously unseen, thereby amplifying the need for robust cybersecurity measures.
Named Morris II as a homage to the original computer worm that initiated one of the first significant attacks on computer systems nearly three decades ago, these generative AI entities operate based on the prompts fed into them. The researchers engineered the worm by employing what they describe as an “adversarial self-replicating prompt.” This technique essentially prompts the generative AI model to reproduce another prompt in its output, thereby enabling the worm to replicate and spread across systems.
The study outlined the method attackers could utilize to embed such prompts into inputs processed by generative AI (GenAI) models. This process triggers the model to not only replicate the initial input but also to execute malicious activities. This dual functionality of replication and delivering a payload aligns with the traditional characteristics of computer worms but is augmented with the capabilities of AI, making it particularly insidious.
To demonstrate the practical application of their theoretical work, the researchers crafted an email system powered by generative AI, which could autonomously send and receive messages. One of their tests involved embedding a malicious prompt within an image sent via email. This prompt caused the email assistant to forward the message to other recipients, highlighting the potential for widespread dissemination of harmful content under the guise of legitimate communication.
Further emphasizing the risk, Nassi explained how embedding the self-replicating prompt into images could enable the propagation of spam, abusive material, or even propaganda, thereby amplifying the harm caused by such attacks. This scenario showcases the dual-edged nature of technological advancement, where innovative applications can be subverted for malicious purposes.
Although the researchers employed specific AI companies’ technologies in their study, they clarified that their findings spotlight general vulnerabilities within the architecture of AI ecosystems rather than shortcomings of individual firms. Nonetheless, in the spirit of responsible disclosure, the teams reported their findings to tech giants Google and OpenAI, underscoring the critical need for collaboration between researchers and industry leaders in addressing these emerging threats.
As the digital landscape continues to evolve, this study serves as a stark reminder of the need for vigilant cybersecurity practices and the development of AI technologies that prioritize security by design to mitigate the risks posed by such novel cyber threats.
Source