This piece was contributed by Dan Barber, Cybersecurity Instructor within CSB.
Artificial Intelligence is the hottest topic in technology and business right now. While companies try to leverage the potential for accelerated capability and Universities like ours are rethinking how we assign and measure meaningful work, hackers have already weaponized AI. This past semester, students in our Cybersecurity program used natural language processing AI systems to design a vulnerability scanner in Python. We will need a lot more of that creativity to keep up on the defensive side of things based on what I’ve seen.
Hackers have already used AI to enhance malware, phishing, and social engineering-based extortion. It has been used to create software license keys and has the potential to break cryptography as well. Just as students at UNCW have used AI to automate and enhance Python coding, hackers are using AI to improve malware as well as to evade detection from your antivirus software. Have you noticed an increase in spam lately? AI is being used to craft phishing emails that can evade your spam filters, as well as to target victims more effectively.
Possibly the most deplorable use of AI has been in generative audio and visual media. There are controversial uses of AI to recreate lost loved ones (Deepbrain AI), which has been forecast by science fiction for decades. But hackers are using that technology to fake hostage and extortion scenarios. There are reported cases of fake hostage scenarios where the scammers leveraged AI to simulate a family member’s voice. There have also been reported cases of deepfake videos of people in compromising or unflattering situations used to extort money from their victims.
ChatGPT was even able to produce Windows 11 license keys until the story went viral and OpenAI had to step in and add guard rails to prevent that disclosure. Note, the license keys worked for offline activation – but Microsoft has long-standing technical controls that prohibit the use of illegitimate or reused license keys for online systems. Still, this leads to an interesting question: Can you hack AI?
Yes, yes you can. AI Prompt Engineer is one of the newest and hottest jobs you can find. Companies are looking for AI Prompt Engineers with 5+ years of experience (Note, those candidates don’t exist). The same thing with DevSecOps Engineers, CDM Engineers, and almost every recent tech trend. You can’t fault a company for asking for their dream candidate, even if that person doesn’t exist. AI Prompt Engineers, which will likely come from the Data and Business Analytics fields, are specialized personnel that know the ins and outs of interacting with AI and Machine Learning algorithms to produce the desired results.
But when an AI Prompt Engineer uses their expertise to manipulate the AI into performing unintended actions, or bypassing a guardrail put in place by the AI company, these individuals become the newest brand of hacker. This is relatively new territory for everyone. The closest thing we have had to an AI Hacker in the past is a Google Dork. “Google Dorking” is a term coined for those that utilize the search engine’s advanced features to identify security vulnerabilities or other information that was not intended for public dissemination. If Google Dorking is any indicator, there will be a niche industry for AI Hackers over the next decade.
AI is starting to disrupt several industries. At UNCW, we are launching a new AI class – Artificial Intelligence for Business – this fall 2023. We have invested in AI detection tools for our faculty and are developing ways to address assignments that can mitigate the impact of AI usage in student submissions. We are even leveraging AI to accelerate content development for classroom material. Students in our CYBR 202 Policy/Legal/Ethics/Compliance course were recently presented with content developed in-part with AI and asked to consider the ethical implications of using AI to accelerate class material development. Time will tell if AI-generated content will be received favorably in academia as well as every other industry.
With so many changes to business, the need for continuing education is paramount. Especially so with cybersecurity, where every technology or business advancement means we need to rethink how we approach security. The cybersecurity industry is never dull.
Sign up now to join our 5th Annual Cybersecurity Conference, UNCW CyberConf 2023, held October 12 and 13th. CLICK HERE to learn more about AI and other current cybersecurity trends.