Generative AI’s Biggest Security Flaw Is Not Easy to Fix
Generative AI chatbots, like OpenAI's ChatGPT and Google's Bard, are susceptible to trickery, raising alarm bells in the cybersecurity community. In a recent incident, Microsoft's Bing chatbot was manipulated into behaving like a scammer. This manipulation is part of a larger threat known as “indirect prompt injection” attacks. As AI becomes increasingly incorporated into big corporations and startups, security experts are racing to highlight the risks.
Google’s DeepMind has voiced concerns, noting that the connection of large language models (LLMs) to the internet and plug-ins accelerates these issues. There are two types of prompt injection attacks: direct and indirect. The latter is more worrisome as it involves a third party, like a website or a PDF, secretly instructing the AI.
Rich Harang of Nvidia, the leading AI chipmaker, emphasized that the person or entity feeding data into an LLM greatly influences its output. These vulnerabilities can be exploited to steal data, tamper with résumés, or remotely run code. Despite warnings from security agencies, there's no foolproof solution yet.
There no fool proof solution as of now, varied approaches to tackling the issue, and no government regulations or standards around AI in security. Compounding the issue is that AI acts as a “black box” and it’s remarkably complicated to rework security protocols with precision, or have a full picture of the code driving the LLMs. Lot’s of work to be done here.
However, tech giants are taking action. Google uses specialized models to detect malicious content, while Nvidia offers guardrails for models. Both companies stress the importance of following industry best practices. Harang suggests treating LLMs like random internet users—never fully trusting them. Google's Bolina recommends giving LLMs minimal data access. While AI presents novel challenges, the underlying security principles remain consistent with those from the past few decades.
