There has been a lot of recent hype surrounding generative AI, and rightfully so, considering how easily these tools can produce visual and written works. With the right prompts, AI tools can now generate passable content and designs within seconds. However, little do we know about the cybersecurity risks associated with this technology.
The buzz surrounding the use cases of generative AI has almost overshadowed its security risks, but this is not something we should overlook.
The first step to any kind of preventive measure is awareness. So, to start, let’s discuss a few of the cybersecurity risks associated with generative AI.
1. More malware
Generative AI is capable of generating computer code within a few seconds. Although it can also produce pieces of malicious code, you can’t simply ask an AI to write malicious code for you. Many of these tools will refuse to respond to illegal or nefarious prompts. Nevertheless, cybercriminals will try to find a way to trick these systems.
Cybersecurity researcher Aaron Mulgrew , managed to create malware using generative AI. He derived individual functions of the malware code from ChatGPT and compiled them to create the malware. Unaware of Mulgrew’s intentions, the platform’s generative AI responded to his prompts with the code.
According to Astra,”560,000 new pieces of malware are detected.” And Generative AI has made malware implementation a lot easier than it used to be.
One way to prevent malware from infecting your computer is by using powerful IT management solutions that can monitor, manage, and secure your entire IT infrastructure. These solutions automate secure software deployments and leave no room for malware.
2. Sophisticated social engineering attacks
The common giveaways in phishing attacks, such as spelling errors, unfamiliar or impersonal greetings, and grammatical mistakes, are becoming a thing of the past. Generative AI can now draft convincing, error-free emails, text messages, social media posts, and website content to trick users without leaving a trace.
Moreover, generative AI can assist with deepfake technology. A cybercriminal impersonated a man’s close friend in northern China and scammed him out of 4.3 million yuan. The scammer used an AI-powered face-swapping technology to impersonate the victim’s close friend, thereby convincing him to transfer the requested amount.
Due to these AI advancements, it has become more imperative than ever to double-check, and even triple-check, the source of information if it seems odd or suspicious. It has become all too common for cybercriminals to impersonate someone you already know in order to gain your trust.
3. Sensitive data exposure
Generative AI tools collect pretty much the same data that most websites collect, such as IP addresses, browser type and settings, and data related to users’ interactions with the site. However, they also collect the information entered into the interface, including any personal or sensitive information shared with the AI.
There are no restrictions or checking mechanisms for the input fed into generative AI. As a result, there is a high chance of users unknowingly providing personal information to the system, oblivious to the security risks. This is especially critical when employees use generative AI for work purposes.
According to Business Today, “Out of the 43 percent of professionals who use generative AI for work, around 70 percent claimed that they are using ChatGPT and other tools without disclosing their usage to their bosses. Of the 5,067 respondents who reported using ChatGPT at work, 68 percent said they do not tell their boss, while only 32 percent said they do.”
Moving forward with generative AI
In the age of AI,
employees should be educated on the importance of securing sensitive organizational data through regular training programs. This would encourage employees to be vigilant while using AI for work, preventing unnecessary data leaks. With that being said, AI has catapulted technological growth in ways nobody could’ve imagined, but not without its flaws.
In the coming years, tech enthusiasts and developers will hopefully find ways to eliminate these risks. But, until then, let’s watch out and stay alert to these risks.
If you liked reading this and want to know more about cybersecurity, check out ManageEngine’s webpage on cybersecurity.