Microsoft and OpenAI are probably the two companies that benefit the most from the craze for generative artificial intelligence (AI) like ChatGPT… after some hackers sponsored by China, Russia, India and North Korea, who use the AI to refine their cyberattacks.
It sounds like the dark prophecy of a malicious AI that Yoshua Bengio has been repeating for months… “We have just put an end to the activities of five government-sponsored actors who sought to use our AI applications to support their malicious activities », Declared last week the company OpenAI, creator of the GPT language model and the ChatGPT agent.
According to OpenAI, two of these actors are groups of cyberhackers whose activities are dictated by the Chinese government, while the other three respond respectively to the governments of Russia, Iran and North Korea.
You don’t need to be an expert in geopolitics to understand that these are states where anti-Western sentiment is strong. And what do they do with the generative AI that OpenAI so kindly provided them until then? They are scamming us. “These actors generally sought to use our services to access open source data to translate, correct programming errors and automate certain IT tasks. »
The open access data covers the reputation and cyber threat protection technology of North American cyber defense companies. Translation is used to refine messages used in phishing campaigns to the public or businesses in various countries. Don’t be surprised if the fake ransomware emails you receive from Canadian banking institutions are written in suddenly impeccable French. It’s the AI that does this.
AI’s programming skills finally allow hackers to quickly shape tailor-made services or websites for spear phishing, a form of phishing that targets a very specific group of individuals. The hackers also probed OpenAI’s generative AI on how to prevent their malicious activities from being detected by the numerous detection and protection systems against cyber threats.
OpenAI doesn’t want to scare anyone and adds the following information in hopes of reassuring those concerned: “GPT-4 provides only limited, incremental capability for malicious cybersecurity activity compared to tools that are not of AI and which are already publicly accessible. »
On the one hand, promoters of generative AI tout its revolutionary merits for the productivity of businesses and workers in particular, and of society in general. On the other hand, in a case where it is used probably to its highest potential, but for illicit purposes, its value is said to be not much higher than that of already existing software.
You’d have to tune in.
Disarmed States
Microsoft and OpenAI, two close business partners in the still-nascent industry of consumer AI, simultaneously published a pair of studies last week on the evolution of cyberthreats in the era of ChatGPT . They congratulate governments which, like those of Canada and the United States, have the ambition to supervise the development of this technology to avoid slippage.
On the other hand, they see clearly that legislative power stops at the borders of the countries which pass these laws. Laws which, as usual in the technology sector, could well arrive once the damage is done.
Microsoft is seeing the same thing as OpenAI: groups of foreign hackers are among the users most eager to rush to their tools for automated generation of digital content. They are also their most prolific users and, it goes without saying, the least respectful of the rules.
US President Joe Biden issued his executive order for safe and secure AI last year at the end of October, but that won’t stop AI tools from being misused during the presidential campaign , which will end with a vote on November 5. In Canada, we currently only have a voluntary code of conduct to defend against counterfeiting enabled by AI. Quebec is also making progress in terms of cyber defense, but not much faster.
However, the problem should be taken more seriously. Microsoft says it is currently tracking some 300 groups of cyberhackers around the world, 160 of which are believed to be agents of a state that is suspected of being unfriendly towards Western democracies. And around fifty are ransomware experts. This form of online attack is experiencing the most rapid growth these days given that it is very profitable for the criminals. Many victims pay the ransom demanded or have an insurance policy that covers this amount for them.
In the era of the launch of Internet voting and the putting online of digital health records, Microsoft and OpenAI are not going to slow down their development of generative AI: it is profitable for them too. But other organizations may need to respond more cautiously to their warning signs.