Researchers Create AI-Powered Worm That Self-Spreads Across Tools Like ChatGPT
By Mikelle Leow, 05 Mar 2024
Image generated on AI
Got a niggling feeling that your artificially intelligent assistant might know more about you than it lets on? That may not be the program talking, but a worm. With the breakneck advances in technology, researchers are exploring this unsettling scenario and have developed ‘Morris II’, a self-replicating AI malware that targets generative applications like OpenAI’s ChatGPT, Google’s Gemini Pro, and the open-source LLaVA large language model.
As a sigh of relief, this worm isn’t designed for real-world attacks. Morris II was created to shed light on potential security vulnerabilities in these increasingly popular tools, prompting the question: are our AI helpers a little too helpful?
Unlike traditional malware, Morris II—which got its name from the notorious 1988 Morris worm—doesn’t infect computers directly. Instead, it exploits a weakness in how some AI systems respond to prompts. These instructions can be crafted to manipulate the model into performing intrusive actions.
In Morris II’s case, the malicious prompts tricked AI email assistants into stealing data by reading emails and siphoning off credit card details as well as social security numbers, and sending out spam emails to potentially infect other AI systems in the process. It could also embed a harmful prompt inside an image to proliferate its impact.
Image generated on AI
To reiterate, the worm was never unleashed in the wild. Researchers merely used it in a controlled environment to test the digital weaknesses of specific AI models. The team, led by Ben Nassi (Cornell University), Stav Cohen (Israel Institute of Technology), and Ron Bitton (Intuit), emphasize that Morris II serves as a wake-up call, highlighting the need for robust security measures in AI development.
Their findings were shared with companies like Google and OpenAI, with the latter telling Wired that it was working to make its systems more “resilient.”
[via Futurism and Ars Technica, images generated on AI]