The Double-Edged Sword of AI Security: Mitigating Prominent Threats for Business Stakeholders
Like many software developers, I use AI language tools all day for building software with AI security in mind. These revolutionary tools sometimes respond to my requests with deceptively innocuous responses. For example, the responses sometimes explain that the tool cannot create a file for me or do something literally for me because it is not permitted to interact with my computer, which is good because I don’t want that. Still, if given unrestricted parameters and a few extra resources, they proving to be capable of such feats, and hackers know this.
This is just one of the reasons why notable leaders in the tech world have signed a recent letter calling for “all AI labs to immediately pause for at least six months the training of AI systems more powerful than GPT-4.” While the suggestion is likely to go unheeded, the letter has served as a PSA in pointing out that many do not realize the other blade of the AI double-edged sword.
What You Need to Prepare For
If you are a stakeholder with any leadership position in a business, what other blade do you need to watch out for?
The following are two major AI security threats your business needs to mitigate.
Social Engineering Phishing will be Challenging to Identify
No longer are only high-profile businesses going to be subject to sophisticated phishing. Malicious actors are developing and using AI tooling to identify susceptible employees. They will target them to receive emails crafted with professional details, formatting, and contextual relevance to your business’s operations, even targeting an employee’s specific role.
Previously this would take experienced-man hours and would be only worth it for high-profile targets. Still, even non-English speakers can target your business with highly sophisticated phishing based on all aspects of your digital footprint, e.g., your website, government documentation, social media, and employee personal profiles.
Providing your team with regular training on phishing and best practices for digital communication in your business will be more critical than ever.
Your Business Infrastructure is Now Susceptible to Highly Engineered Acts
Government militant organizations are actively developing AI not constrained to ChatGPT parameters. Similar tooling is not far from the reach of professional malicious actors in the cybercrime world. Indeed, developers are creating AI tooling designed for hacking purposes for subscription-based usage.
Your business can no longer afford un-patched and outdated software and hardware. The masses no longer protect you. A malicious actor can prompt a tool with “Find Credit Union infrastructure that has heart bleed vulnerability”. This task would typically take experienced-man hours just to find one weak link in a chain, but now it can be accomplished by AI with potentially dozens of results within a day.
Protect your digital infrastructure by employing AI threat vector analysis. The same AI power that can find the holes in your infrastructure intending to compromise and ransom can be used to inform you of them. White hat hackers have developed open-source tools like this GPT-empowered penetration testing tool.
Wrapping Up
We have time before we are running for our lives like Shia LaBeouf in Eagle Eye from parameter-less AI. Even so, your business will likely see itself under siege from national and international malicious hacking/scamming businesses and groups employing AI tooling.
Do not be overwhelmed! Instead, you can seek resources and expertise to reduce your business’ threat vectors as you and your business venture into this brave new world.
Want More?
IntelliTect develops and deploys software solutions using security best practices following the recommendations of Microsoft and Amazon. Check out our joint architecture design process to learn more about what we do. We can help your business grow with custom software solutions.
**Note: Prompt examples in this blog are for education purposes only.
Does Your Organization Need a Custom Solution?
Let’s chat about how we can help you achieve excellence on your next project!