ChatGPT and other chatbots ‘can be tricked into making code for cyber attacks’

24 October 2023, 16:04

The ChatGPT website
ChatGPT study. Picture: PA

Research from the University of Sheffield found scientists could manipulate chatbots into creating malicious code.

Artificial intelligence (AI) tools such as ChatGPT can be tricked into producing malicious code which could be used to launch cyber attacks, according to research.

A study by researchers from the University of Sheffield’s Department of Computer Science found that it was possible to manipulate chatbots into creating code capable of breaching other systems.

Generative AI tools such as ChatGPT can create content based on user commands or prompts and are expected to have a substantial impact on daily life as they become more widely used in industry, education and healthcare.

But the researchers have warned that vulnerabilities exist, and said their research found they were able to trick the chatbots into helping steal sensitive personal information, tamper with or destroy databases, or bring down services using denial-of-service attacks.

In all, the university study found vulnerabilities in six commercial AI tools – of which ChatGPT was the most well-known.

On Chinese platform Baidu-Unit, the scientists were able to use malicious code to obtain confidential Baidu server configurations and tampered with one server node.

In response, the research has been recognised by Baidu, which addressed and fixed the reported vulnerabilities and financially rewarded the scientists, the university said.

Xutan Peng, a PhD student at the University of Sheffield, who co-led the research, said: “In reality many companies are simply not aware of these types of threats and due to the complexity of chatbots, even within the community, there are things that are not fully understood.

“At the moment, ChatGPT is receiving a lot of attention. It’s a standalone system, so the risks to the service itself are minimal, but what we found is that it can be tricked into producing malicious code that can do serious harm to other services.”

The researchers also warned that people using AI to learn programming languages was a danger, as they could inadvertently create damaging code.

“The risk with AIs like ChatGPT is that more and more people are using them as productivity tools, rather than a conversational bot, and this is where our research shows the vulnerabilities are,” Peng said.

“For example, a nurse could ask ChatGPT to write an (programming language) SQL command so that they can interact with a database, such as one that stores clinical records.

“As shown in our study, the SQL code produced by ChatGPT in many cases can be harmful to a database, so the nurse in this scenario may cause serious data management faults without even receiving a warning.”

The UK will host an AI Safety Summit next week, with the Government inviting world leaders and industry giants to come together to discuss the opportunities and safety concerns around artificial intelligence.

By Press Association

More Technology News

See more More Technology News

Icons of social media apps, including Facebook, Instagram, YouTube and WhatsApp, are displayed on a mobile phone screen

Meta to begin training AI on public posts from UK Facebook and Instagram users

JLR Rover the Boston Dynamics robot dog (JLR/PA)

JLR’s new ‘Rover’ is a robotic dog employed to protect brand’s EV facility

The logo and name of the technology company OpenAI on a smarthpone

OpenAI unveils new models designed to think more before answering

A person looking at a mobile phone whose screen has been blurred

Government strengthens Online Safety Act to crack down on revenge porn

Vodafone and Three logos

Vodafone and Three merger could increase phone bills for millions, watchdog says

A mobile phone mast being photographed by a mobile phone

6G network at least a decade away, expert says

A sign for the London underground in central London.

Teenager arrested over Transport for London cyber attack

Cyber security

BT ‘logs 2,000 signals of potential cyber attacks every second’

ChatGPT website with pink lettering displayed on a screen

OpenAI in talks to raise funds at £115bn valuation – reports

Person typing on a laptop

UK data centres to be designated as ‘critical infrastructure’

A plaque outside the offices of the Data Protection Commission in Dublin

Irish watchdog launches probe into Google’s AI model

The technology giant said the growth of cloud computing and artificial intelligence was key to the increasing investment (Niall Carson/PA)

Amazon Web Services ‘to invest £8bn in UK over next five years’

The hands of a person on a laptop keyboard

Most people have no plan for digital assets upon death, Which? warns

Economic statement

Drawing down Apple tax billions will take months – Ireland’s finance minister

Sony's PlayStation 5 Pro console

Sony confirms PlayStation 5 Pro console will launch in November

A man looking under a car's bonnet

Apple brings iPhone breakdown assistance feature to the UK