AI is rapidly growing and evolution is generative AI like ChatGPT, Gemini, Copilot, and many more coming. We are grab by a web of artificial intelligence-power platforms that offer solutions to most of our problems.
But this growing dependence on and spreading of the AI ecosystem is also harbouring new threats that can potentially harm you to a great extent.
One such threat is the development of AI worms, which can steal your confidential data and break the security walls put up by generative AI systems.
As per a report, researchers from Cornell University, Technion-Israel Institute of Technology, and Intuit have create a new type of malware call as “Morris II” or what they call it as the first generative AI worm, which can steal data and spread itself between different systems.
This malware named after the first-ever internet worm launch on the internet in 1988, Morris II can potentially exploit security weaknesses in popular AI models like ChatGPT and Gemini.
Ben Nassi, a Cornell Tech researcher said :
“It basically means that now you have the ability to conduct or to perform a new kind of cyberattack that hasn’t been seen before,”.
As the development and study around this new AI malware were conduct in a control environment and no such malware has seen in the real world yet, researchers are concern that this new type of malware could be use to steal data or send spam emails to millions of people through AI assistants.
Researchers warn that it’s a potential security risk and developers and tech companies should address it as soon as possible.
How does Morris II Work?
You can see this Morris II like a sneaky computer worm.
And this do mess with email assistants that use artificial intelligence (AI).
At first, Morris II uses a sneaky trick call as “adversarial self-replication.”
It bombards the email system with messages, making it go in circles by forwarding messages over and over.
This makes the AI models behind the email assistant get confuse.
They end up accessing and changing data.
This can lead to either stealing information or spreading harmful stuff like malware.
As per researchers, Morris II has two ways to sneak in:
- Text-Based: It hides bad prompts inside emails, fooling the assistant’s security.
- Image-Based: It uses images with secret prompts to make the worm spread even more. Morris II is a sneaky computer worm that messes with email systems using tricky tactics and confuses the AI behind them.
What happens after Morris II is Tricked?
When Morris II manages to sneak into AI assistants, it not only breaches security protocols within AI assistants but also poses a threat to user privacy.
By exploiting the capabilities of generative AI, the worm can extract sensitive information from emails, including names, phone numbers, credit card details, and social security numbers.
What You can Do to stay Safe by Morris II?
As of now, it’s important to note that this AI worm is a new concept and hasn’t been observe.
- Secure Design: Developers should design AI systems with security in mind, using traditional security practices and avoiding blindly trusting the output of AI models.
- Human Oversight: Keeping humans involve in the decision-making process and preventing AI systems from taking actions without approval can help mitigate the risks.
- Monitoring: Monitoring AI systems for unusual activity, like prompts being repeat excessively, can help detect potential attacks.
But researchers believe it’s a potential security risk that developers and companies need to be aware of, especially as AI systems become more interconnect and capable of taking actions on our behalf.
