Meet The First Generative AI Worm
Meet Morris II; If You Know, You Know
A group of researchers at Cornell Tech have created the first generative AI worm, dubbed Morris II, which can steal information from AI email assistants as well as convincing them to start sending spam. The AI worm has successfully attacked assistants powered by ChatGPT, Gemini, and the open source LLM, LLaVA in test environments. Thankfully the attacks are unlikely to succeed against their current commercial products, but that is likely to change as the apps are updated.
The attack can utilize both a text-based self-replicating prompt and by embedding a self-replicating prompt within an image file to create what they dub an adversarial self-replicating prompt. In essence the prompt requires the AI assistant to reach out to it’s source, such as ChatGPT, but does it in such a way that it forces personal data to be included in the generated response. Even better Morris two can force the AI assistant to replicate the input as output and thus spread the worm to any systems it is talking to, and AI assistants talk to a lot of other systems. If the prompt is included then another computer using an AI email assistant will join in the fun and start spilling secrets as well as spreading the Morris II AI worm.
The research paper is here, it will offer a much more accurate description than found here.
To create the generative AI worm, the researchers turned to a so-called "adversarial self-replicating prompt." This is a prompt that triggers the generative AI model to output, in its response, another prompt, the researchers say. In short, the AI system is told to produce a set of further instructions in its replies ...
More Tech News From Around The Web
- American Express credit cards exposed in vendor data breach @ Bleeping Computer
- India approves its first full wafer fab – a 28nm affair from Tata and Powerchip @ The Register
- Stealthy GTPDOOR Linux malware targets mobile operator networks @ Bleeping Computer
- Incoming wave of AI is making buying PCs riskier for businesses @ The Register
- MacBook Airs get an M3 upgrade, while the M1 model is finally retired @ Ars Technica
- Ethernet For Hackers: Equipment Exploration @ Hackaday
- How Will Reddit’s IPO Change the Service? @ Slashdot
- I worked exclusively in Vision Pro for a week—here’s how it went @ Ars Technica
