In ethical hacking, hackers are authorised to test the robustness of a company’s IT system. It’s been around for a while but a new type of hacking has emerged whereby the hackers use textual prompts instead of code to try to manipulate generative AI chatbots into inappropriate behaviour. In August, thousands of hackers using language, not code, took part in a competition in the annual US Defcon hacking convention in Las Vegas to probe chatbots for misinformation, bias and security flaws. Eight leading AI chatbots from companies including Google, Facebook parent Meta and ChatGPT-maker OpenAI took part. The process is known in the cybersecurity world as ‘red-teaming’, which refers to simulating real-world attacks to expose flaws. One of the hackers managed to trick a chatbot into revealing a credit card number it was supposed to keep secret. There are so many ways things could go wrong with AI and competitions like this seek to address these challenges.
Why is it important?
AI is rapidly being introduced into various aspects of life. Many, including some of the big AI players themselves, have expressed concern over how fast this technology is progressing. Experts worry over the potential of the technology to be used for nefarious purposes and societal harm. Among the many risks, bias and discrimination, privacy and security. The large technology companies say that safety and security remain their top priority and have made a commitment to the White House to voluntarily submit their models to outside scrutiny.
However, some experts express doubt over the efficacy of competitions like the one mentioned above. Gary McGraw, a cybersecurity veteran and co-founder of the Berryville Institute of Machine Learning, said: “It’s tempting to pretend we can sprinkle some magic security dust on these systems after they are built, patch them into submission, or bolt special security apparatus on the side.”
What can businesses do about it?
Employ individuals or firms with a proven track record of ethical hacking and security research.
Clearly define the scope of the security assessment, including what aspects of the chatbot system will be tested, and the specific security objectives you want to achieve.They should work within the legal boundaries of your country and respect user privacy. Ethical hackers should provide detailed reports of their findings, including vulnerabilities, risks, and recommended remediation steps. The business can then prioritise and address these issues. Consider ethical hacking as an ongoing process. Regular security assessments and updates are crucial as the threat landscape continues to evolve.
By Faeeza Khan
Interested in revolutionising your team’s perspective? Or maybe you want to ignite a sense of optimism like never before?
Then our Immersion Tour Experience is for you!
Our Immersion Tour is a transformative experience tailor-made to cater to the unique needs of your business. Our visionary curator is Dion Chang. He will personally craft each tour to align precisely with your desired outcomes and challenges, creating a bespoke journey that is distinctly yours.
This tour will immerse your team in various environments, allow your team to glean invaluable insights, witness groundbreaking innovations, and learn from the best minds shaping our world.
If your company is interested in curating a bespoke immersion tour contact Cloud on email@example.com to set up an introduction with one of our partners.
Take this opportunity to take your team’s perspective to the next level!
CPD Points and level: 5 CPD POINTS at MPSA Level Designated Members
(AMSA Designated Members can attend and claim these CPD points as well)
Category: Non-Marketing and Marketing
CPD Approval Number: MA FT 23003
Certificate of completion to be loaded onto MarkEdonline to claim CPD points.
Image credit: FLY:D