A team of researchers has uncovered what they said was the first reported use of artificial intelligence (AI) to direct a hacking campaign in a largely automated fashion.
The AI company Anthropic this week said that it disrupted a cyberoperation that its researchers linked to the Chinese government.
The operation involved the use of an AI system to direct the hacking campaigns, which researchers called a disturbing development that could greatly expand the reach of AI-equipped hackers.
Photo: Reuters
While concerns about AI being used to drive cyberoperations are not new, what is concerning is the degree to which AI was able to automate some of the work, the researchers said.
“While we predicted these capabilities would continue to evolve, what has stood out to us is how quickly they have done so at scale,” they said.
The hacking operation targeted tech companies, financial institutions, chemical companies and government agencies.
The hackers attacked “roughly 30 global targets and succeeded in a small number of cases,” the researchers said.
Anthropic said it detected the operation in September and took steps to shut it down and notify the affected parties.
While AI systems are increasingly being used in a variety of settings for work and leisure, they can also be weaponized by hacking groups working for foreign adversaries, it added.
Anthropic is one of many tech developers pitching AI “agents” that go beyond a chatbot’s capability to access computer tools and take actions on a person’s behalf.
“Agents are valuable for everyday work and productivity — but in the wrong hands, they can substantially increase the viability of large-scale cyberattacks,” the researchers said. “These attacks are likely to only grow in their effectiveness.”
Microsoft earlier this year warned that foreign adversaries were increasingly embracing AI to make their cybercampaigns more efficient and less labor-intensive.
The head of OpenAI’s safety panel, which has the authority to halt the ChatGPT maker’s AI development, said he is watching out for new AI systems that give malicious hackers “much higher capabilities.”
The US’ adversaries, criminal gangs and hacking companies have exploited AI’s potential, using it to automate and improve cyberattacks, spread inflammatory disinformation and penetrate sensitive systems. AI can translate poorly worded phishing e-mails into fluent English, for example, as well as generate digital clones of senior government officials.
Anthropic said the hackers were able to manipulate its AI chatbot, Claude, using “jailbreaking” techniques that involved tricking an AI system to bypass its guardrails against harmful behavior, in this case by claiming they were employees of a legitimate cybersecurity firm.
“This points to a big challenge with AI models, and it’s not limited to Claude, which is that the models have to be able to distinguish between what’s actually going on with the ethics of a situation and the kinds of role-play scenarios that hackers and others may want to cook up,” Citizen Lab senior researcher John Scott-Railton said.
The use of AI to automate or direct cyberattacks would also appeal to smaller hacking groups and lone-wolf hackers, who could use the technology to expand the scale of their attacks, said Adam Arellano, field chief technology officer at Harness, a tech company that uses AI to help customers automate software development.
“The speed and automation provided by the AI is what is a bit scary,” Arellano said. “Instead of a human with well-honed skills attempting to hack into hardened systems, the AI is speeding those processes and more consistently getting past obstacles.”
AI programs would also play an increasingly important role in defending against these kinds of attacks, Arellano said, adding that AI and the automation it allows would benefit both sides.
ROCKY RELATIONS: The figures on residents come as Chinese tourist numbers drop following Beijing’s warnings to avoid traveling to Japan The number of Chinese residents in Japan has continued to rise, even as ties between the two countries have become increasingly fractious, data released on Friday showed. As of the end of December last year, the number of Chinese residents had increased by 6.5 percent from the previous year to 930,428. Chinese people accounted for 22.6 percent of all foreign residents in Japan, making them by far the largest group, Japanese Ministry of Justice data showed. Beijing has criticized Tokyo in increasingly strident terms since Japanese Prime Minister Sanae Takaichi last year suggested that a military conflict around Taiwan could
A retired US colonel behind a privately financed rocket launch site in the Dominican Republic sees the project as a response to China’s dominance of the space race in Latin America. Florida-based Launch on Demand is slated to begin building a US$600 million facility in a remote region near the border with Haiti late this year. The project is designed to meet surging demand for the heavy-lift rockets needed to put clusters of satellites into orbit. It is also an answer to China’s growing presence in the region, said CEO Burton Catledge, a former commander of the US Air Force’s 45th Operations
Germany is considering Australia’s Ghost Bat robot fighter as it looks to select a combat drone to modernize its air force, German Minister of Defense Boris Pistorius said yesterday. Germany has said it wants to field hundreds of uncrewed fighter jets by 2029, and would make a decision soon as it considers a range of German, European and US projects developing so-called “collaborative combat aircraft.” Australia has said it will integrate the Ghost Bat, jointly developed by Boeing Australia and the Royal Australian Air Force, into its military after a successful weapons test last year. After inspecting the Ghost Bat in Queensland yesterday,
A pro-Iran hacking group claimed to breach FBI Director Kash Patel’s personal e-mail inbox and posted some of the contents online. The e-mails provided by the hacking group include travel details, correspondence with leasing agents in Washington and global entry, and loyalty account numbers. The e-mail address the hackers claim to have compromised has been previously tied to Patel’s personal details, and the leaked e-mails contain photos of Patel and others, in addition to correspondence with family members and colleagues. “The FBI is aware of malicious actors targeting Director Patel’s personal email information,” the agency said in a statement on
RSS