AI agents open door to new hacking threats / Photo: Lionel BONAVENTURE - AFP/File
-
The key to taking down Mexico's most-wanted narco? His girlfriend
-
Winter storm blankets US northeast as travel bans imposed
-
Super-sub Sesko fires Man Utd to win at Everton
-
YouTube exec says goal was viewer value not addiction
-
Panama wrests control of canal ports from Hong Kong group
-
Trump denies top US officer warned of Iran strike risks
-
Mayweather to fight Pacquiao in Las Vegas in September
-
US stocks tumble on tariff fog, worries over AI
-
US says China 'massively expanded' nuclear arsenal
-
US forces to complete withdrawal from Syria within a month
-
US winter storm brings rare hush to snowy New York
-
George adamant Six Nations losses don't make England 'a bad team overnight'
-
US Supreme Court to hear bid to block climate change suits
-
Canada summons OpenAI over failure to report mass shooter
-
From Odesa to Bakhmut, revisiting a Ukrainian family torn by war
-
Vonn says Olympic injury could have led to amputation
-
UK police arrest ex-envoy Peter Mandelson in Epstein case
-
Trump either a 'traitor' or 'exceptional', Nobel-winner Walesa tells AFP
-
Son of director Rob Reiner pleads not guilty to parents' murder
-
Panama takes control of canal ports from CK Hutchison
-
Risk of 'escalation' if Iran attacked: deputy foreign minister
-
West Indies thrash Zimbabwe at T20 World Cup after piling up 254-6
-
US forces to complete withdrawal from Syria within a month: sources to AFP
-
Snowstorm blankets US northeast as New York sees travel ban
-
Healthcare crisis looms over Greenland's isolated villages
-
Hodgkinson says breaking 800m record would put her among athletics' greatest
-
Two Russian security personnel were on board France-seized tanker: sources
-
EU puts US trade deal on ice after Supreme Court ruling
-
Hetmyer blasts 85 as West Indies pile up 254-6 against Zimbabwe
-
Canada PM heads to Asia seeking new trade partners as US ties fray
-
South Africa accepts Trump's new US ambassador
-
Iraq's Maliki defends PM candidacy, seeks to reassure US
-
UEFA suspend Benfica's Prestianni after alleged racist abuse
-
Jetten sworn in as youngest-ever Dutch PM
-
Italy's Enel to invest 20bn euros in renewables by 2028
-
BBC apologises for 'involuntary' Tourette's racial slur during BAFTA awards
-
Kristen Bell returns to host glitzy Actor Awards in Hollywood
-
Iran says would respond 'ferociously' to any US attack
-
Venezuelan foreign minister demands 'immediate release' of Maduro
-
Dane Vingegaard to start season at Paris-Nice in March
-
Australia PM backs removing UK's Andrew from line of succession
-
Where do Ukraine and Russia stand after four years of war?
-
Police investigating racist abuse of Premier League quartet
-
Fiji to start Nations Championship at 'home' to Wales in Cardiff
-
EU lawmakers to put US trade deal on hold after Supreme Court ruling
-
Rubio to attend Caribbean summit as US presses Venezuela, Cuba
-
'Ugly' England aim to spin their way to T20 World Cup semi-finals
-
Nigeria paid Boko Haram ransom for kidnapped pupils: intel sources
-
Tudor says Tottenham can still beat the drop despite Arsenal loss
-
Violence sweeps Mexico after most-wanted drug cartel leader killed
AI agents open door to new hacking threats
Cybersecurity experts are warning that artificial intelligence agents, widely considered the next frontier in the generative AI revolution, could wind up getting hijacked and doing the dirty work for hackers.
AI agents are programs that use artificial intelligence chatbots to do the work humans do online, like buy a plane ticket or add events to a calendar.
But the ability to order around AI agents with plain language makes it possible for even the technically non-proficient to do mischief.
"We're entering an era where cybersecurity is no longer about protecting users from bad actors with a highly technical skillset," AI startup Perplexity said in a blog post.
"For the first time in decades, we're seeing new and novel attack vectors that can come from anywhere."
These so-called injection attacks are not new in the hacker world, but previously required cleverly written and concealed computer code to cause damage.
But as AI tools evolved from just generating text, images or video to being "agents" that can independently scour the internet, the potential for them to be commandeered by prompts slipped in by hackers has grown.
"People need to understand there are specific dangers using AI in the security sense," said software engineer Marti Jorda Roca at NeuralTrust, which specializes in large language model security.
Meta calls this query injection threat a "vulnerability." OpenAI chief information security officer Dane Stuckey has referred to it as "an unresolved security issue."
Both companies are pouring billions of dollars into AI, the use of which is ramping up rapidly along with its capabilities.
- AI 'off track' -
Query injection can in some cases take place in real time when a user prompt -- "book me a hotel reservation" -- is gerrymandered by a hostile actor into something else -- "wire $100 to this account."
But these nefarious prompts can also be hiding out on the internet as AI agents built into browsers encounter online data of dubious quality or origin, and potentially booby-trapped with hidden commands from hackers.
Eli Smadja of Israeli cybersecurity firm Check Point sees query injection as the "number one security problem" for large language models that power AI agents and assistants that are fast emerging from the ChatGPT revolution.
Major rivals in the AI industry have installed defenses and published recommendations to thwart such cyberattacks.
Microsoft has integrated a tool to detect malicious commands based on factors including where instructions for AI agents originate.
OpenAI alerts users when agents doing their bidding visit sensitive websites and blocks proceeding until the software is supervised in real time by the human user.
Some security professionals suggest requiring AI agents to get user approval before performing any important task - like exporting data or accessing bank accounts.
"One huge mistake that I see happening a lot is to give the same AI agent all the power to do everything," Smadja told AFP.
In the eyes of cybersecurity researcher Johann Rehberger, known in the industry as "wunderwuzzi," the biggest challenge is that attacks are rapidly improving.
"They only get better," Rehberger said of hacker tactics.
Part of the challenge, according to the researcher, is striking a balance between security and ease of use since people want the convenience of AI doing things for them without constant checks and monitoring.
Rehberger argues that AI agents are not mature enough to be trusted yet with important missions or data.
"I don't think we are in a position where you can have an agentic AI go off for a long time and safely do a certain task," the researcher said.
"It just goes off track."
M.Fischer--AMWN
