SUBSCRIBE NOW
IN THIS ISSUE
PIPELINE RESOURCES

The Dark Side of Generative AI:
A Taxonomy of Negative Possibilities

ORDER REPRINTS DOWNLOAD COMMENT DISCUSS SHARE


In addition to the economic impacts on quality of life, cyber crime threatens our modern infrastructures. Impairment of these infrastructure systems by cyber crime has already resulted in short-term negative impacts on quality of life.
the range of negative side effects that involve GenAI producing what looks like convincing output, but which is actually false or unreal. The hallucinations discussion is focused on the typical types that have been observed.

Cybersecurity

Attempts are being made to control GenAI so that it’s not used for nefarious purposes. But there are also well documented ways of bypassing those controls. In addition, GenAI SaaS systems have appeared on the Dark Web tailored to create cyber-attack scenarios in return for cryptocurrency. Rogue states that participate in cyber-crime have likely developed fit for purpose GenAI attack engines. As a result, the number and frequency of Zero-day attacks has been increasing.  

From a financial perspective, the costs associated with cyber crime are massive. Moreover, these costs act like a tax on all goods and services in the global economy. This form of ‘taxation’ is regressive. That is, it hits people with less economic resources harder than those with more. Its negative effects disproportionately impact the quality of life of those most at risk.

In addition to the economic impacts on quality of life, cyber crime threatens our modern infrastructures. Impairment of these infrastructure systems by cyber crime has already resulted in short-term negative impacts on quality of life.

There are two main sub areas of cybersecurity negative side effects: 1) application and infrastructure corruption attacks; and 2) social engineering attacks.

Application and Infrastructure Corruption

Application and infrastructure attackers seek unauthorized access to data, or unauthorized power to make cyber systems perform actions. They do this in a variety of ways that include unauthorized change of configurations, introduction of unauthorized code, etc. GenAI is exponentially increasing the capabilities of cybersecurity attackers to do these things and the current widely deployed defending technology is challenged to protect against it. It is as though attackers were acquiring bombs, while the defenders are still limited to knives.

This vulnerability stems from the fact that today’s defenses are primarily static. That is, they use pre-determined (static) patterns to identify attacks and scripts to apply responses (often called remediation). Because of their static nature, they are denoted as S2 (static attack recognition, and static remediation) systems. They work well against classes of attacks that are employed repeatedly and change relatively slowly. Such pattern recognition defenses act as specialized sieves that identify and filter data for specific threats. Each sieve resembles a guardian at the digital gate watching for and detecting known attack shapes. Experts then analyze the attacks and follow step-by-step guides to counteract. The process relies on a sequence of actions, much like a cooking recipe.

The effectiveness of sieve and recipe defenses depends on the pace an attack pattern changes. Rapid attack changes leave insufficient time to prepare new sieves or appropriate remediations.

GenAI can rapidly create (generate) a very large number of new attack types. The cost of each attack launch is relatively low, meaning that not every attack has to be successful. As a result, the number and variability of attacks can accelerate dramatically. The consequences are large numbers of attacks that change very rapidly—too rapidly for patterns to be identified and installed using current defensive tools. It is extremely difficult for such systems to defend against these GenAI attacks.

These types of GenAI-created attacks can be characterized as dynamic. Since the attacks are ever-changing, an effective response cannot be easily anticipated and scripted. A different approach is needed that can respond to the dynamic nature of the attacks. Those attempting to develop dynamic defenses have to deal with two sets of problems: 1) latency; and 2) reliance on scripted remediation. Current defense



FEATURED SPONSOR:

Latest Updates





Subscribe to our YouTube Channel