Meet Morris II; If You Know, You Know
A group of researchers at Cornell Tech have created the first generative AI worm, dubbed Morris II, which can steal information from AI email assistants as well as convincing them to start sending spam. The AI worm has successfully attacked assistants powered by ChatGPT, Gemini, and the open source LLM, LLaVA in test environments. Thankfully the attacks are unlikely to succeed against their current commercial products, but that is likely to change as the apps are updated.
The attack can utilize both a text-based self-replicating prompt and by embedding a self-replicating prompt within an image file to create what they dub an adversarial self-replicating prompt. In essence the prompt requires the AI assistant to reach out to it’s source, such as ChatGPT, but does it in such a way that it forces personal data to be included in the generated response. Even better Morris two can force the AI assistant to replicate the input as output and thus spread the worm to any systems it is talking to, and AI assistants talk to a lot of other systems. If the prompt is included then another computer using an AI email assistant will join in the fun and start spilling secrets as well as spreading the Morris II AI worm.
The research paper is here, it will offer a much more accurate description than found here.
Source link
