The emergence of generative artificial intelligence techniques and tools has created a new era in technology, with experts describing it as the next revolution, similar to the one caused by the emergence of the internet. Therefore, major technology companies and startups are racing to introduce technologies and products that fit this new phase in order to gain a share of the rapidly growing artificial intelligence market.
Microsoft and Google have already introduced their versions of chatbots developed using large language models (LLMs), which they are now integrating into their products.
Governments have also gotten involved; Romania's government appointed an interactive chatbot called ION as the first AI advisor to perform government tasks. Scientists also use artificial intelligence programs to understand the language used by animals and how we can communicate with them.
The rapid adoption of artificial intelligence technologies and the introduction of new products for users have raised concerns among artificial intelligence experts who warn about the data available on the web that is used to train these tools.
How does data available on the web pose a threat to artificial intelligence?
Artificial intelligence and machine learning experts warn of attacks called "data poisoning attacks" that can affect the widely used large-scale datasets used to train deep learning models in many artificial intelligence services.
This term refers to the presentation of meaningless or harmful data in order to affect the performance of various machine learning models and artificial intelligence algorithms that rely primarily on data quality.
Data poisoning occurs when attackers manipulate the training data used by the learning algorithm to produce a biased model. This model then behaves as desired by the attacker, who can use it for malicious purposes.
What is blockchain technology and how does it work?
Blockchain technology is a distributed ledger system that allows for secure, transparent, and tamper-resistant storage and transfer of information. It is often associated with cryptocurrencies such as Bitcoin, but its potential applications go far beyond that.
The core idea behind blockchain is that rather than relying on a central authority to maintain a database, a network of computers collaborates to create a decentralized ledger. This means that everyone on the network has a copy of the ledger, and any changes to it are made through a consensus mechanism that requires the approval of the majority of nodes on the network.
Each block in the blockchain contains a record of several transactions, along with a unique identifier called a hash. The hash of each block is based on the contents of that block and the hash of the previous block in the chain. This creates a chain of blocks that is secured by the computational work required to generate each block's hash.
Once a block is added to the chain, it cannot be modified or deleted without the agreement of the majority of nodes on the network. This makes the blockchain a tamper-resistant ledger that can be used to store any type of information, from financial transactions to medical records.
One of the key benefits of blockchain technology is its transparency. Since everyone on the network has a copy of the ledger, it is easy to verify the authenticity of transactions and track the movement of assets. This makes it useful for applications such as supply chain management, where it is important to track the movement of goods from the manufacturer to the end consumer.
Another benefit of blockchain is its security. Since each block is secured by the computational work required to generate its hash, it is extremely difficult to tamper with the blockchain without being detected. This makes it a useful technology for applications such as digital identity management and voting systems.
Overall, blockchain technology has the potential to transform the way we store and transfer information, by providing a secure, transparent, and decentralized alternative to traditional databases.
How can data poisoning attacks be carried out?
One method attacker can use to achieve this goal is simply by purchasing expired internet domain names that are used to train artificial intelligence models. Researchers indicate that buying a domain name and exploiting it for malicious purposes is not a new idea, as internet criminals use it to assist in spreading harmful software, but now it is likely to be used to poison the wide-ranging dataset available on the web.
In addition, researchers describe a second type of attack they have dubbed "front-running poisoning." In this case, the attacker does not have complete control over the specific dataset, but they can accurately predict when trainers will arrive at the web resource to collect the data to train the artificial intelligence model, allowing them to include misleading data to poison the dataset before it is collected directly.
Even if the information returns to the original model that has not been tampered with after just a few minutes, the incorrect dataset pulled by the algorithm when the harmful attack was active will remain permanently stored in the model.
How can attackers manipulate artificial intelligence?
The researchers provided an example of one frequently used resource for obtaining training data for machine learning, Wikipedia. Wikipedia's nature means that anyone can edit pages at any time, and according to researchers, attackers can poison a training dataset sourced from Wikipedia by making malicious edits and forcing the model to collect inaccurate data.
Wikipedia uses a documented protocol for collecting data to train artificial intelligence models, which means it is possible to accurately predict data collection times from a particular article, and they can intervene and edit the page in a harmful manner, forcing the model to collect inaccurate data.
Is there a solution?
What is interesting is that manipulating artificial intelligence models in this way reflects a problem that cybersecurity experts have experienced with employee training. Attackers often rely on the lack of awareness of employees to infiltrate the company through the fraudulent phishing tactics targeting untrained employees. This is also the case with the poisoning of artificial intelligence data.
Since it is still in its infancy, cybersecurity experts are still learning how to best defend against data poisoning attacks. Bloomberg has suggested that one way to help prevent data poisoning is to ensure that the scientists developing artificial intelligence models regularly verify that all labels in their training data are accurate.
Other experts have succeeded in using open-source data with caution, despite its benefits, as it provides access to more data to enrich current sources, which means that it is easier to develop more accurate models, but it makes the trained models an easier target for fraudsters and intruders.
Pentesting may also provide a solution as it has the ability to find weaknesses that give attackers access to data training models. Some researchers are also considering developing a second layer of artificial intelligence and machine learning designed to identify potential errors in data training.
In conclusion, there is no doubt that artificial intelligence has brought many benefits to the world, but it also raises serious security concerns, as attacks will become more difficult to detect and may be difficult to stop. Attackers will be able to remain undetected within targeted IT structures for longer periods than ever before, and the development of artificial intelligence and machine learning technologies will enable attackers to access large databases and control the extraction of sensitive information.