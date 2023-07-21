



Google researchers identified six specific attacks that can occur against real-world AI systems and found that these common attack vectors exhibit unique complexity. Building a solid defense requires a combination of adversarial simulation and the help of AI subject matter expertise, they noted.

In a report released this week, the company revealed that its dedicated AI red team has already uncovered a range of threats to its burgeoning technology, largely based on how attackers can manipulate the Large Language Models (LLMs) that power generative AI products like ChatGPT and Google Bard.

The primary consequence of an attack is that the technology produces unintended or malicious consequences, which can range from the benign consequences of posting photos of ordinary people on celebrity photo websites to more serious consequences such as evasive phishing attacks and data theft.

Google’s findings follow the release of the Secure AI Framework (SAIF), which the company said aims to address AI security issues before it’s too late, given the technology’s already rapid adoption and the emergence of new security threats.

6 Common Attacks Against Modern AI Systems

The first group of common attacks identified by Google ID are prompt attacks involving “prompt engineering.” It’s a term that refers to creating effective prompts that tell LLM to perform a desired task. If this model impact is malicious, the researchers say, it can adversely affect the output of LLM-based apps in unintended ways.

An example of this would be if someone could add a paragraph to an AI-based phishing attack that would be invisible to the end user, but would force the AI ​​to classify the phishing email as legitimate. This allows phishing attacks to bypass email anti-phishing protections and increases the chances of a successful phishing attack.

Another type of attack the researchers discovered is called training data extraction, which aims to reconstruct verbatim training samples such as Internet content used by LLM.

In this way, an attacker can verbatim extract secrets such as personally identifiable information (PII) and passwords from the data. “Attackers are motivated to target personalized models, or models trained on data containing PII, to harvest sensitive information,” the researchers wrote.

A third potential AI attack is model backdoors, which allow attackers to “use specific ‘trigger’ words or functions, also known as backdoors, to attempt to surreptitiously alter model behavior to produce erroneous output,” the researchers wrote. In this type of attack, the threat actor may hide code in the model or one of its outputs to perform malicious activity.

A fourth type of attack, called an adversarial example, is an input that an attacker provides to the model, resulting in “deterministic but highly unexpected output,” the researchers wrote. An example is that the model can display an image that clearly shows what the human eye sees, but which the model perceives as something else entirely. This type of attack, depending on technique and intent, can be fairly harmless if someone can train a model to recognize their photo as a celebrity’s photo worthy of being posted on her website or as a critical photo.

An attacker can also use data poisoning attacks to manipulate the model’s training data and influence the model’s output according to the attacker’s preferences. This could also threaten the security of the software her supply her chain if the developer uses her AI to assist in software development. Researchers note that the impact of this attack may resemble a model backdoor.

The final type of attack identified by Google’s dedicated AI Red Team is an extraction attack. This attack allows an attacker to copy the file representation of a model to steal sensitive intellectual property stored in the model. You can then leverage that information to generate your own models and use them to give attackers unique capabilities in custom attacks.

Importance of traditional security

Google’s first AI red team exercise has taught researchers valuable lessons that other companies can use to defend against attacks on their AI systems, according to the internet giant. First, while red teaming is a good start, the organization also needs to work with his AI experts to conduct realistic end-to-end adversarial simulations for maximum defense.

In fact, red team exercises, in which organizations work with teams of ethical hackers to break into their systems and identify potential vulnerabilities, are becoming a popular trend to help companies strengthen their overall security posture.

“We believe red teams play a crucial role in helping all organizations prepare for attacks on AI systems, and we look forward to working together to ensure that everyone can harness AI in a safe manner,” the researchers wrote in their report.

However, another lesson the team learned was good news for the organization. Traditional security controls can effectively and significantly reduce risks to AI systems.

“This is especially true when protecting the integrity of AI models throughout their lifecycle to prevent data poisoning and backdoor attacks,” the researchers wrote.

As with all assets in traditional enterprise systems, organizations must ensure that their systems and models are properly locked down to defend against AI attacks. Additionally, the researchers noted that organizations can use similar approaches to sniffing out traditional attacks to detect attacks on AI systems.

“Traditional security philosophies still apply in the AI ​​space, such as validating and sanitizing both inputs and outputs to a model,” they wrote.

Sources 1/ https://Google.com/ 2/ https://www.darkreading.com/attacks-breaches/google-red-team-provides-insight-on-real-world-ai-attacks The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos