In a recent report, Microsoft shed light on the utilisation of Microsoft-backed OpenAI tools by state-sponsored hacking groups hailing from Russia, China, and Iran to bolster their cyber capabilities.
The report, made public on Wednesday, reveals a disconcerting pattern wherein these hacking factions leverage large language models to hone their strategies, executing intricate cyber assaults that dupe unsuspecting targets.
As outlined in the report, the identified hacking cohorts encompass entities affiliated with Russian military intelligence, Iran’s Revolutionary Guard, as well as governmental entities from China and North Korea.
These groups reportedly harness AI-powered technologies to meticulously craft deceptive communications, thereby amplifying their espionage prowess, prompting concerns regarding the misapplication of advanced AI in cyber conflicts.
Microsoft has responded to this revelation by instituting a comprehensive prohibition on state-backed hacking groups’ access to its AI products. “We just don’t want those actors that we’ve identified… to have access to this technology,” underscored Microsoft’s Vice President for Customer Security, Tom Burt.
While diplomatic representatives from Russia, North Korea, and Iran have yet to comment on the matter, Liu Pengyu, spokesperson for China’s U.S. embassy, refuted the accusations, advocating for responsible deployment of AI.
This disclosure underscores mounting apprehensions regarding the misuse of AI in cybersecurity, with senior officials cautioning against its potential exploitation.
“This is one of the first instances of an AI company discussing publicly how cybersecurity threat actors use AI technologies,” observed Bob Rotsted, lead for cybersecurity threat intelligence at OpenAI.
Microsoft reports that the hackers’ utilisation of AI tools is still in its nascent stages, with no significant breakthroughs noted. The report delineates various applications, including Russian hackers’ exploration of military technologies and North Korean operatives’ spear-phishing endeavours.
State-sponsored Chinese hackers were reportedly observed experimenting with large language models to gather intelligence on rival agencies and prominent individuals.
Despite the absence of precise statistics on the scope of activity or the number of accounts suspended, Microsoft says it remains resolute in its zero-tolerance stance towards hacking groups seeking access to AI technology. Burt emphasised the novelty and high potency of the technology, highlighting the need for its careful deployment.