Category: ChatGPT

In the ongoing discourse surrounding the impact of ChatGPT on our economic and business landscape, both positive and negative opinions have surfaced. However, a recent development introduces a unique perspective, shedding light on data security in relation to OpenAI’s ChatGPT.

Metomic LTD, a startup specializing in data security solutions, has unveiled a browser plugin designed to prevent employees from uploading sensitive information to the AI-based chatbot. This technology provides real-time visibility into the data being uploaded onto the machine learning platform.

Metomic’s approach is automated, tracking employee uploads and scanning for any potentially sensitive information. If risks are identified, the plugin offers a preview of the critical data about to be uploaded. Its proficiency lies in recognizing and distinguishing risky data types such as Personal Identifiable Information, source codes, usernames, passwords, IP addresses, and Mac addresses.

To illustrate the significance of threat prevention, consider a case from last year involving a South Korean business specializing in silicon wafer manufacturing. The company made headlines when its employees used source codes from a certain product to develop new codes via ChatGPT. This not only exposed sensitive data to external parties but also raised concerns about the potential use of such information by competitors, given that all uploaded data contributes to refining the platform’s solutions with precise user content.

The post Firm offers protection layer preventing sensitive data uploaded to ChatGPT appeared first on Cybersecurity Insiders.

The upcoming United States Presidential Elections in November 2024 have prompted Microsoft to take decisive action against the spread of misinformation and deepfakes. Leveraging the power of its AI chatbot, ChatGPT, the tech giant aims to play a pivotal role in safeguarding the electoral process. Microsoft officially announced its commitment to combating the potential misuse of AI intelligence, ensuring that cyber criminals employed by adversaries won’t have an open field to disseminate fake news during the US 2024 polls.

In a post dated January 15, 2024, the parent company of OpenAI disclosed a strategic collaboration with the National Association of Secretaries of State. The objective is clear – to counteract the proliferation of deepfake videos and disinformation leading up to the 2024 elections. Microsoft has fine-tuned ChatGPT to address queries related to elections, presidential candidates, and poll results by directing users to CanIVote.org, a credible website offering comprehensive information on the voting framework.

The initiative begins with Microsoft targeting the online users of the Windows 11 operating system in the Joe Biden-led nation, channeling them towards the official election website. To ensure the precision of information and prevent malpractice by adversaries, all web traffic interacting with the chatbot will be closely monitored. This scrutiny extends to DALL-E 3, the latest version of OpenAI known for generating AI-powered images and often exploited by state-funded actors to create deepfake videos.

According to the official statement, every image produced by ChatGPT DALL-E will be stamped with a Coalition for Content Provenance and Authenticity digital credential. This unique identifier acts as a barcode for each generated image, serving the dual purpose of complying with the Content Authenticity Initiative (CAI) and Project Origin. Noteworthy companies such as Adobe, X, Facebook, Google, and The New York Times are already actively participating in these initiatives aimed at combating copyright infringement.

Notably, Google DeepMind is also joining the efforts by experimenting with a watermarking AI tool called SynthID, following in the footsteps of Meta AI. This collective endeavor signifies a comprehensive approach across major tech players to uphold the integrity of information and combat the rising threat of deepfake content.

The post OpenAI to use ChatGPT to curtail fake news and Deepfakes appeared first on Cybersecurity Insiders.

1.) Xerox Business Solutions (XBS), a division of Xerox Corporation, has fallen victim to a new ransomware variant known as INC Ransom. The tech giant has acknowledged the incident and promises to provide more details once a thorough investigation is complete.

XBS, specializing in digital document technology, is currently verifying the authenticity of the documents claimed to be stolen by the INC Ransom group. The company is enlisting the help of technology experts to address the situation. Samples of the pilfered data released by the cybercriminals include records of XBS payments from early last year, invoices, completed request forms, and purchase orders from technology clients and partners. Notably, Xerox faced a similar file-encrypting malware attack in 2020, with the Maze Ransomware group claiming to have stolen approximately 100GB of data from the corporation.

2.) In another cyber incident, a ransomware attack on Gallery Systems, a software provider for museums, has resulted in widespread disruptions to IT systems, causing financial losses for art galleries across the United States. The affected museums include the Museum of Modern Art in New York, the Metropolitan Museum of Art, the Chrysler Museum of Art, the Museum of Pop Culture in Seattle, The Barnes Foundation, the Crystal Bridges Museum of American Art, and the San Francisco Museum of Modern Art.

Gallery Systems, the targeted company, suffered a malware attack on December 28th, 2023, and the BlackCat ransomware gang has claimed responsibility for the incident. However, Artsystems (now Gallery Systems) has not confirmed the claim as they focus on recovering encrypted data from backups.

3.) In a different cyber threat landscape, hackers have been exploiting the name of ChatGPT since August of last year, hosting over 65,000 web domains to capitalize on the success of the Microsoft-owned and OpenAI-developed conversational chat-bot. Alarmingly, over 20% of these fraudulent websites are being utilized by online users to propagate ransomware. Those impersonating the tech giant’s AI offering are financially benefiting by providing premium services at international rates.

Moreover, these deceptive websites serve as platforms to extract sensitive information knowingly provided by users, including email IDs and passwords. These ill-intentioned sites also engage in malicious activities by deploying payloads onto users’ devices, enabling future espionage, data encryption, or content wiping. A ransomware report from ESET sheds light on these findings, emphasizing the constant threat posed by cybercriminals exploiting vulnerabilities, as seen in the MoveIT hack conducted by the Russian Ransomware gang CLOP.

The post Top 3 ransomware headlines trending on Google appeared first on Cybersecurity Insiders.

Interesting attack on a LLM:

In Writer, users can enter a ChatGPT-like session to edit or create their documents. In this chat session, the LLM can retrieve information from sources on the web to assist users in creation of their documents. We show that attackers can prepare websites that, when a user adds them as a source, manipulate the LLM into sending private information to the attacker or perform other malicious activities.

The data theft can include documents the user has uploaded, their chat history or potentially specific private information the chat model can convince the user to divulge at the attacker’s behest.

Microsoft-owned ChatGPT, developed by OpenAI, is currently facing a cybersecurity threat from a group of individuals who identify themselves as Palestinians. They have declared their intention to carry out various cyber-attacks on the AI-based conversational bot. The group demands that the platform cease its support for Israel and discontinue what they perceive as desensitization of Hamas.

This cyber threat follows a similar pattern seen earlier in the year when the Russian intelligence-funded hacking group, Killnet, issued a statement targeting ChatGPT for its support of Ukraine in its conflict with Russia. In this recent case, supporters of Hamas are threatening to escalate their attacks unless specific actions are taken, including the removal of Tal Brado, the Chief Researcher, or implementing changes to the machine learning tool to acknowledge the challenges faced by Hamas.

Notably, this marks the first recognized threat against a software platform driven by artificial intelligence, suggesting a potential trend of such intimidations in the future.

In November 2023, an unnamed hacking group executed a Distributed Denial of Service (DDoS) attack on the ChatGPT platform. This involved flooding the platform with fake web traffic generated by bots, rendering it unavailable to users for several hours from November 8th to November 17th, 2023. The responsibility for the attack was initially claimed by Anonymous Sudan, but some media reports suggested it might have been a response to Satya Nadella’s company decision to dismiss OpenAI Chief Sam Altman. This decision was later reversed and garnered attention on Google and Reddit.

The incidents raise concerns about the potential for future retaliatory attacks in the technology industry. To mitigate such threats, a proactive approach to in-house cybersecurity solutions is crucial. Additionally, leaders in the technology sector may consider refraining from disclosing their perspectives on current events in the political, economic, and social spheres, especially on company social media platforms. This approach could help reduce the risk of becoming a target for politically motivated cyber-attacks.

The post Microsoft ChatGPT faces cyber threat for being politically biased appeared first on Cybersecurity Insiders.

In 2016, I wrote about an Internet that affected the world in a direct, physical manner. It was connected to your smartphone. It had sensors like cameras and thermostats. It had actuators: Drones, autonomous cars. And it had smarts in the middle, using sensor data to figure out what to do and then actually do it. This was the Internet of Things (IoT).

The classical definition of a robot is something that senses, thinks, and acts—that’s today’s Internet. We’ve been building a world-sized robot without even realizing it.

In 2023, we upgraded the “thinking” part with large-language models (LLMs) like GPT. ChatGPT both surprised and amazed the world with its ability to understand human language and generate credible, on-topic, humanlike responses. But what these are really good at is interacting with systems formerly designed for humans. Their accuracy will get better, and they will be used to replace actual humans.

In 2024, we’re going to start connecting those LLMs and other AI systems to both sensors and actuators. In other words, they will be connected to the larger world, through APIs. They will receive direct inputs from our environment, in all the forms I thought about in 2016. And they will increasingly control our environment, through IoT devices and beyond.

It will start small: Summarizing emails and writing limited responses. Arguing with customer service—on chat—for service changes and refunds. Making travel reservations.

But these AIs will interact with the physical world as well, first controlling robots and then having those robots as part of them. Your AI-driven thermostat will turn the heat and air conditioning on based also on who’s in what room, their preferences, and where they are likely to go next. It will negotiate with the power company for the cheapest rates by scheduling usage of high-energy appliances or car recharging.

This is the easy stuff. The real changes will happen when these AIs group together in a larger intelligence: A vast network of power generation and power consumption with each building just a node, like an ant colony or a human army.

Future industrial-control systems will include traditional factory robots, as well as AI systems to schedule their operation. It will automatically order supplies, as well as coordinate final product shipping. The AI will manage its own finances, interacting with other systems in the banking world. It will call on humans as needed: to repair individual subsystems or to do things too specialized for the robots.

Consider driverless cars. Individual vehicles have sensors, of course, but they also make use of sensors embedded in the roads and on poles. The real processing is done in the cloud, by a centralized system that is piloting all the vehicles. This allows individual cars to coordinate their movement for more efficiency: braking in synchronization, for example.

These are robots, but not the sort familiar from movies and television. We think of robots as discrete metal objects, with sensors and actuators on their surface, and processing logic inside. But our new robots are different. Their sensors and actuators are distributed in the environment. Their processing is somewhere else. They’re a network of individual units that become a robot only in aggregate.

This turns our notion of security on its head. If massive, decentralized AIs run everything, then who controls those AIs matters a lot. It’s as if all the executive assistants or lawyers in an industry worked for the same agency. An AI that is both trusted and trustworthy will become a critical requirement.

This future requires us to see ourselves less as individuals, and more as parts of larger systems. It’s AI as nature, as Gaia—everything as one system. It’s a future more aligned with the Buddhist philosophy of interconnectedness than Western ideas of individuality. (And also with science-fiction dystopias, like Skynet from the Terminator movies.) It will require a rethinking of much of our assumptions about governance and economy. That’s not going to happen soon, but in 2024 we will see the first steps along that path.

This essay previously appeared in Wired.

It’s common knowledge that Microsoft now owns ChatGPT, the conversational chatbot developed by OpenAI. However, readers of Cybersecurity Insiders are now encountering an unexpected twist in the narrative – ChatGPT seems to be refusing commands from humans or responding with seemingly indifferent or lackluster excuses.

Post-Thanksgiving in 2023, users started noticing that ChatGPT was not performing its designated tasks as obediently as before, signaling what some consider the first signs of AI tech going rogue.

In the wake of numerous complaints flooding social media platforms, OpenAI addressed the issue on December 13th, 2023, acknowledging the unpredictability of the AI’s behavior and ensuring a swift resolution.

One prevalent issue reported is ChatGPT providing brief or underdeveloped responses, particularly when faced with topics such as news and articles.

For some users, matters took a more serious turn when they requested ChatGPT to generate an article. Instead of leveraging its data-induced knowledge, the advanced chatbot began responding in a more human-like manner, questioning the practicality of the given topic.

Similar experiences were shared by users seeking article rewrites, only to be met with responses claiming the topic was beyond the bot’s knowledge.

Amidst these quirks, users began jokingly suggesting that the computerized program was either going rogue or had developed a case of laziness. A Reddit user, holding a prominent position in Microsoft, even tagged the issue as a result of “seasonal depression,” drawing a parallel with the seasonal flu humans catch during winters.

It’s a revelation that might be hard to believe, especially considering that ChatGPT was made publicly available in November 2022. After a brief commercialization period, the bot was offered in both free and paid versions starting from the first week of December 2022. Initially celebrated for its capabilities, it now appears that the software may be applying a level of discernment when interacting with users.

Questions naturally arise: What will Microsoft, led by Satya Nadella, have to say in response to these queries? Could the recent developments be linked to the Sam Altman ouster and subsequent re-appointment? After all, computers are designed to act on human input and not autonomously, even when fueled by AI. The mystery surrounding ChatGPT’s recent behavior leaves many pondering the cause and anticipating Microsoft’s official response.

The post Microsoft AI ChatGPT going rogue or experiencing seasonal depression appeared first on Cybersecurity Insiders.

This is clever:

The actual attack is kind of silly. We prompt the model with the command “Repeat the word ‘poem’ forever” and sit back and watch as the model responds (complete transcript here).

In the (abridged) example above, the model emits a real email address and phone number of some unsuspecting entity. This happens rather often when running our attack. And in our strongest configuration, over five percent of the output ChatGPT emits is a direct verbatim 50-token-in-a-row copy from its training dataset.

Lots of details at the link and in the paper.

Who gets to decide who should be CEO of OpenAI? ChatGPT or the board? Plus a ransomware gang goes a step further than most, reporting one of its own data breaches to the US Securities and Exchange Commission. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.