5 Mega AI threats to humanity 2024 | Is AI So Dangerous? | How It Could Destroy

 

Mikko Hyppönen has spent decades on the frontlines of the fight against malware. The 54-year-old has vanquished some of the world’s most destructive computer worms, tracked down the creators of the first-ever PC virus, and sold his own software since he was a teenager in Helsinki.

In the intervening years, he’s earned Vanity Fair profiles, spots on Foreign Policy’s Top 100 Global Thinkers, and the role of Chief Research Officer at With Secure— the largest cybersecurity firm in the Nordics. He is also the curator of the online Malware Museum. Yet all the history in his archives could be overshadowed by the new era in tech: the age of artificial intelligence. “AI changes everything,” and “The AI revolution is going to be bigger than the internet revolution.”

1. Deep fakes

Researchers have long described deep fakes as the most alarming use of AI for crime, but the synthetic media still hasn’t fulfilled their predictions. Not yet, anyway.

In recent months, however, their fears have started to materialize. Deep fake fraud attempts are up 3,000% in 2023, according to research from Onfido, an ID verification unicorn based in London.

In the world of information warfare, fabricated videos are also advancing. The crude deep fakes of Ukrainian President Volodymyr Zelenskyy from the early days of Russia’s full-scale invasion have lately been superseded by sophisticated media manipulations.

Deep fakes are also now emerging in simple cons. The most notable example was discovered in October, when a video appeared on TikTok that claimed to show Beast offering new iPhones for just $2.

Still, financial scams that harness convincing deep fakes remain rare. As deep fakes become more refined, accessible, and affordable, their scale could expand rapidly.

“It’s not happening in massive scale just yet, but it’s going be a problem in a very short time,”

To reduce the risk, he suggests an old-fashioned defense: safe words.

Picture a video call with colleagues or family members. If someone demands sensitive information, such as a cash transfer or confidential document, you would request the safe word before fulfilling the request.

“Right now, it sounds a little bit ridiculous, but we should be doing it nevertheless,”

“Setting up a safe word right now is a very cheap insurance against when this starts happening in large scale. That’s what we should be taking away right now for 2024.”

2. Deep scams

Despite resembling deep fakes in name, deep scams don’t necessarily involve manipulated media. In their case, the “deep” refers to the massive scale of the scam. This is reached through automation, which can expand the targets from a handful to endless.

The techniques can turbocharge all manner of scams. Investment scams, phishing scams, property scams, ticket scams, romance scams… wherever there’s manual work, there’s room for automation.

Remember the Tinder Swindler? The conman stole an estimated $10 million from women he met online. Imagine if he had been equipped with large language models (LLMs) to disseminate his lies, image generators to add apparent photographic evidence, and language converters to translate his messages. The pool of potential victims would be enormous.

“You could be scamming 10,000 victims at the same time instead of three or four,”

Airbnb scammers can also reap the benefits. Currently, they typically use stolen images from real listings to convince holidaymakers to make a booking. It’s a laborious process that can be foiled with a reverse image search. With GenAI, those barriers no longer exist.

“With Stable Diffusion, DALL-E, and Midjourney you can just generate unlimited amounts of completely plausible Airbnb’s which no one will be able to find.”

3. LLM-enabled malware

AI is already writing malware. Hyppönen’s team has discovered three worms that launch LLMs to rewrite code every time the malware replicates. None have been found in real networks yet, but they’ve been published in GitHub — and they work.

Using an OpenAI API, the worms harness GPT to generate different code for every target it infects. That makes them difficult to detect. OpenAI can, however, blacklist the behavior of the malware.

“This is doable with the most powerful code-writing generative AI systems because they are closed source,”

“If you could download the whole large language model, then you could run it locally or on your own server. They couldn’t blacklist you anymore. This is the benefit of closed-source generative AI systems.”

The benefit also applies to image generator algorithms. Offer open access to the code and watch your restrictions on violence, porn, and deception get dismantled.

With that in mind, it’s unsurprising that OpenAI is more closed than its name suggests. Well, that and all the income they would lose to copycat developers, of course.

4. Discovery of zero-days

Another emerging concern involves zero-day exploits, which are discovered by attackers before developers have created a solution to the problem. AI can detect these threats — but it can also create them.

“It’s great when you can use an AI assistant to find zero-days in your code so you can fix them,”.

“And it’s awful when someone else is using AI to find zero-days in your code so they can exploit you.

“We’re not exactly there yet, but I believe that this will be a reality — and probably a reality in the shorter term.”

A student working at With Secure has already demonstrated the threat. In a thesis assignment, they were given regular user rights to access the command line on a Windows 11 computer. The student then fully automated the process of scanning for vulnerabilities to become the local admin. With Secure decided to classify the thesis.

5. Automated malware

With Secure has baked automation into its defenses for decades. That gives the company an edge over attackers, who still largely rely on manual operations. For criminals, there’s a clear way to close the gap: fully automated malware campaigns.

“That would turn the game into good AI versus bad AI,”.

That game is set to start soon. When it does, the results could be alarming. So alarming that Hyppönen ranks fully automated malware as the number one security threat for 2024. Yet lurking around the corner is an even bigger threat.