CS Nov-Dec 2023
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
artificial intelligence<br />
deep into the<br />
ethical murk<br />
of future technologies<br />
through<br />
both fiction and<br />
entrepreneurship,<br />
I can't<br />
stress enough<br />
how vital it is<br />
that we develop<br />
a collective understanding<br />
of the<br />
risks involved -<br />
especially when it<br />
comes to employing AI<br />
in tackling monumental<br />
challenges like climate<br />
change. It's not merely<br />
about drafting safety<br />
protocols; it's about<br />
questioning the very<br />
mandate we give to<br />
these technologies."<br />
The latest N<strong>CS</strong>C<br />
guidance is quite<br />
rightfully<br />
suggesting the<br />
pressing need to 'exercise caution' when<br />
building Large Language Models (LLM),<br />
with the explanation that our understanding<br />
of LLMs is still 'in beta' mode.<br />
Cautions Kev Breen, director of cyber threat<br />
research at Immersive Labs: "As an industry,<br />
we are becoming more accomplished at<br />
using and making the most of the benefits of<br />
LLM, but there is more to learn about them,<br />
their full capabilities, and where their usage<br />
could leave individuals and indeed large<br />
organisations vulnerable to attack."<br />
As organisations rush to embed AI into their<br />
applications, and startups begin to pop up<br />
with new and interesting ways to use this<br />
new form of AI; Language Models, such<br />
as OpenAI's ChatGPT, it is important that<br />
developers understand how these models and<br />
their APIs work before building them, he<br />
points out. "Prompt Injection is currently<br />
the most common form of attack observed<br />
against LLMs, by focusing on defeating<br />
the protections they offer against sharing or<br />
creating information that could be damaging<br />
- for example, instructions on how to create<br />
malicious code.<br />
This is not the only danger, he says, "OpenAI<br />
has introduced ‘function calling’, a method<br />
for the AI to return data in a structured<br />
format that can be used by the application,<br />
making it easier for developers to expand<br />
on the AI's capability or enrich its data with<br />
other sources."<br />
The danger here is that those function<br />
signatures are sent to the AI in the same<br />
context, says Breen, "meaning that, through<br />
prompt injection, attackers can learn the<br />
underlying mechanisms of your application<br />
and in some examples, attackers can manipulate<br />
the AI's response to perform command<br />
injection or SQL injection attacks against the<br />
infrastructure".<br />
To help raise awareness of this issue,<br />
Immersive Labs launched a 'Beat the Bot' AI<br />
prompt injection challenge (available at<br />
'Immersive GPT'). In this challenge, users are<br />
tasked with building the right prompts to<br />
con the AI to give them the password. Of<br />
the 20,000 people that have attempted the<br />
challenge, around 3,000 made it through to<br />
level one, while only 527 made it to level 10,<br />
showing that there is still a lot for people to<br />
learn - "but even with varying levels of control,<br />
it's still easy to find a way to bypass a<br />
prompt", he adds.<br />
By learning prompt injection, even your<br />
average person can trick and manipulate<br />
an AI chatbot. "Real-time, gamified training<br />
becomes essential for not only attempting<br />
to keep up with the efforts of hackers,<br />
but also better understanding the 'practice'<br />
they are putting in themselves around AI<br />
prompt injection."<br />
Author Brian Martin: vital we develop<br />
a collective understanding of the risks<br />
involved with AI.<br />
Thomas R Weaver: tech entrepreneur,<br />
computer scientist and author of the<br />
book, 'Artificial Wisdom'.<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Nov</strong>/<strong>Dec</strong> <strong>2023</strong> computing security<br />
31