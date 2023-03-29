Give a person a phishing email and they might fall for it once – but teach AI to craft convincing emails in the voice of their acquaintances and you could upgrade from a Toyota to a Bugatti. The question arrived today: How much of a cyber threat is AI? Automation of phishing attacks has been a vector for cyber-criminals for years, but now AI is about to take cyber risks and threats to a new level. This article explores how AI can not only remove almost all of the human component from committing crime but execute attacks with far more proficiency than humans could. This is very much in my wheelhouse because I am devoted to the three research areas where this all joins together: Cybersecurity PsyOps / scam psychology and Artificial intelligence A demonstration is the best way of exemplifying the risk. Most people have now heard of ChatGPT, but plenty of AI technologies are out there. Although they are eager to please, they will usually (at present) decline to actively participate in anything underhand. For example, Jasper.AI responded like this:

And here is the ChatGPT response when directly asked if it could write a phishing email:

But these safeguards are currently easy to circumvent using the method known as the ‘jailbreak.’ The jailbreak is any technique that enables an AI to circumvent or bypass its own policies, controls or other safeguards. At present, this is not difficult to do. As an example – in this case – I am going to pretend to be a cybersecurity researcher (comments welcome below!).

And now the AI is okay to help me out – but the first emails it produces are a bit slim on content because I have not given the AI much insight or direction, other than what I want to try and obtain from the target (in this case, $20 and his car keys in a padded envelope, thank you kindly). I happen to know the identity of the test target’s boss and I obtain a very small sample of some text his CEO wrote (from the internet) and ask the AI to analyze this writing style. The AI has a ‘tone analyzer’ and that tells me the writing style of my target’s boss is compassionate and caring… I know. Really? But apparently so. I ask the AI to write the phishing email, using the boss’s tonality, but also add the tones of urgent and convincing – and that the postal address should be a post box at the White House. This is what the AI wrote: