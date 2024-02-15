



BOSTON (AP) Microsoft said Wednesday that U.S. adversaries, primarily Iran and North Korea and, to a lesser extent, Russia and China, are beginning to use its generative artificial intelligence to mount or organize offensive cyber operations.

The tech giant and its business partner OpenAI said they jointly detected and disrupted malicious cyber actors using their AI technologies, shutting down their accounts.

In a blog post, Microsoft said the techniques employed were at an early stage and neither particularly new nor unique, but that it was important to expose them publicly as U.S. adversaries exploit broad-speak models to expand their capability. to penetrate networks and carry out influence operations.

Cybersecurity companies have long used machine learning for defense, primarily to detect anomalous behavior in networks. But criminals and offensive hackers also use it, and the introduction of large language models driven by OpenAI's ChatGPT has improved this cat-and-mouse game.

Microsoft has invested billions of dollars in OpenAI, and Wednesday's announcement coincided with the release of a report saying generative AI is expected to improve malicious social engineering, leading to more sophisticated deepfakes and voice cloning. A threat to democracy in a year when more than 50 countries will hold elections, amplifying disinformation and which is already happening,

Here are some examples provided by Microsoft. In each case, it indicates that all Generative AI accounts and assets in the named groups have been disabled:

The North Korean cyberespionage group known as Kimsuky has used these models to search for foreign think tanks that study the country and to generate content that could be used in spear phishing hacking campaigns.

Iran's Revolutionary Guards have used broad language models to aid in social engineering, troubleshooting software errors, and even studying how intruders might evade detection in a compromised network. This includes the generation of phishing emails, including one claiming to be from an international development agency and another attempting to lure prominent feminists to a feminism website created by an attacker. AI helps speed up and boost email production.

Russia's GRU military intelligence unit, known as Fancy Bear, used these models to research satellite and radar technology that could be linked to the war in Ukraine.

The Chinese cyberespionage group known as Aquatic Panda, which targets a wide range of industries, higher education and governments from France to Malaysia, interacted with the models in ways that suggest a limited exploration of how LLMs can augment their technical operations.

Chinese group Maverick Panda, which has targeted U.S. defense contractors among other sectors for more than a decade, had interactions with broad language models suggesting it was evaluating their effectiveness as an information source on potentially sensitive topics, high-profile figures and regional geopolitics. , American influence and domestic affairs.

In a separate blog post published Wednesday, OpenAI said its current GPT-4 model chatbot offers only limited incremental capabilities for malicious cybersecurity tasks beyond what is already achievable with publicly available, unpowered tools by AI.

Cybersecurity researchers expect that to change.

Last April, the Director of the US Cybersecurity and Infrastructure Security Agency, Jen Easterly, told Congress that there are two threats and challenges that define our time. One is China and the other is artificial intelligence.

Easterly said at the time that the United States must ensure that AI is designed with security in mind.

Critics of the November 2022 public release of ChatGPT and subsequent versions from competitors including Google and Meta say it was irresponsible and rushed, considering security to be largely an afterthought in their development.

Of course, bad actors use broad language models. This decision was made when opening Pandora's box, said Amit Yoran, CEO of cybersecurity company Tenable.

Some cybersecurity professionals complain that Microsoft is creating and selling tools intended to address vulnerabilities in extended language models, when it could be more responsibly focusing on their security.

Why not create more secure black-box LLM foundation models instead of selling defensive tools for a problem they help create? asked Gary McGraw, IT security veteran and co-founder of the Berryville Institute of Machine Learning.

Edward Amoroso, a professor at New York University and former AT&T security chief, said that while the use of AI and big language models may not pose an immediately obvious threat, they will eventually becoming one of the most powerful weapons in every nation-state military attack.

