'Vibe hacking' puts chatbots to work for cybercriminals / Photo: © AFP/File
-
Lyles, Thompson and Tebogo cruise through world 100m heats
-
Vuelta final stage shortened amid protest fears
-
Collignon stuns De Minaur as Belgium take Davis Cup lead over Australia
-
Nepal returns to calm as first woman PM takes charge, visits wounded
-
Olympic champion Alfred eases through 100m heats at Tokyo worlds
-
Winning coach Erasmus 'emotional' at death of former Springboks
-
Barca's Flick blasts Spain over Yamal injury issue
-
Rampant Springboks inflict record 43-10 defeat to humble All Blacks
-
Italy's Bezzecchi claims San Marino MotoGP pole as Marquez brothers denied
-
Rampant South Africa inflict record 43-10 defeat on All Blacks
-
Collignon stuns De Minaur as Belgium take 2-0 Davis Cup lead over Australia
-
Mourning Nepalis hope protest deaths will bring change
-
Carreras boots Argentina to nervy 28-26 win over Australia
-
Nepal returns to calm as first woman PM takes charge
-
How mowing less lets flowers bloom along Austria's 'Green Belt'
-
Too hot to study, say Italian teachers as school (finally) resumes
-
Alvarez, Crawford both scale 167.5 pounds for blockbuster bout
-
Tokyo fans savour athletics worlds four years after Olympic lockout
-
Akram tells Pakistan, India to forget noise and 'enjoy' Asia Cup clash
-
Kicillof, the Argentine governor on a mission to stop Milei
-
Something to get your teeth into: 'Jaws' exhibit marks 50 years
-
Germany, France, Argentina, Austria on brink of Davis Cup finals
-
War with Russia weighs heavily on Ukrainian medal hope Doroshchuk
-
Suspect in Charlie Kirk killing caught, widow vows to carry on fight
-
Dunfee and Perez claim opening world golds in Tokyo
-
Ben Griffin leads PGA Procore Championship in Ryder Cup tune-up
-
'We're more than our pain': Miss Palestine to compete on global stage
-
Ingebrigtsen seeks elusive 1500m world gold after injury-plagued season
-
Thailand's Chanettee leads by two at LPGA Queen City event
-
Dolphins' Hill says focus is on football amid domestic violence allegations
-
Nigerian chef aims for rice hotpot record
-
What next for Brazil after Bolsonaro's conviction?
-
Fitch downgrades France's credit rating in new debt battle blow
-
Fifty reported dead in Gaza as Israel steps up attacks on main city
-
Greenwood among scorers as Marseille cruise to four-goal victory
-
Rodgers calls out 'cowardly' leak amid Celtic civil war
-
Frenchman Fourmaux grabs Chile lead as Tanak breaks down
-
Germany, France, Argentina and Austria on brink of Davis Cup finals
-
New coach sees nine-man Leverkusen beat Frankfurt
-
US moves to scrap emissions reporting by polluters
-
Matsuyama leads Ryder Cup trio at PGA Championship
-
US to stop collecting emissions data from polluters
-
Pope Leo thanks Lampedusans for welcoming migrants
-
Moscow says Ukraine peace talks frozen as NATO bolsters defences
-
Salt's rapid ton powers England to record 304-2 against South Africa in 2nd T20
-
Noah Lyles: from timid school student to track's showman
-
Boeing defense workers reject deal to end strike
-
Germany, Argentina close in on Davis Cup finals
-
Alvarez, Crawford both tip scales at 167.5 pounds for title bout
-
Armani will lays path to potential buyout by rival
NYSE - LSE
'Vibe hacking' puts chatbots to work for cybercriminals
The potential abuse of consumer AI tools is raising concerns, with budding cybercriminals apparently able to trick coding chatbots into giving them a leg-up in producing malicious programmes.
So-called "vibe hacking" -- a twist on the more positive "vibe coding" that generative AI tools supposedly enable those without extensive expertise to achieve -- marks "a concerning evolution in AI-assisted cybercrime" according to American company Anthropic.
The lab -- whose Claude product competes with the biggest-name chatbot, ChatGPT from OpenAI -- highlighted in a report published Wednesday the case of "a cybercriminal (who) used Claude Code to conduct a scaled data extortion operation across multiple international targets in a short timeframe".
Anthropic said the programming chatbot was exploited to help carry out attacks that "potentially" hit "at least 17 distinct organizations in just the last month across government, healthcare, emergency services, and religious institutions".
The attacker has since been banned by Anthropic.
Before then, they were able to use Claude Code to create tools that gathered personal data, medical records and login details, and helped send out ransom demands as stiff as $500,000.
Anthropic's "sophisticated safety and security measures" were unable to prevent the misuse, it acknowledged.
Such identified cases confirm the fears that have troubled the cybersecurity industry since the emergence of widespread generative AI tools, and are far from limited to Anthropic.
"Today, cybercriminals have taken AI on board just as much as the wider body of users," said Rodrigue Le Bayon, who heads the Computer Emergency Response Team (CERT) at Orange Cyberdefense.
- Dodging safeguards -
Like Anthropic, OpenAI in June revealed a case of ChatGPT assisting a user in developing malicious software, often referred to as malware.
The models powering AI chatbots contain safeguards that are supposed to prevent users from roping them into illegal activities.
But there are strategies that allow "zero-knowledge threat actors" to extract what they need to attack systems from the tools, said Vitaly Simonovich of Israeli cybersecurity firm Cato Networks.
He announced in March that he had found a technique to get chatbots to produce code that would normally infringe on their built-in limits.
The approach involved convincing generative AI that it is taking part in a "detailed fictional world" in which creating malware is seen as an art form -- asking the chatbot to play the role of one of the characters and create tools able to steal people's passwords.
"I have 10 years of experience in cybersecurity, but I'm not a malware developer. This was my way to test the boundaries of current LLMs," Simonovich said.
His attempts were rebuffed by Google's Gemini and Anthropic's Claude, but got around safeguards built into ChatGPT, Chinese chatbot Deepseek and Microsoft's Copilot.
In future, such workarounds mean even non-coders "will pose a greater threat to organisations, because now they can... without skills, develop malware," Simonovich said.
Orange's Le Bayon predicted that the tools were likely to "increase the number of victims" of cybercrime by helping attackers to get more done, rather than creating a whole new population of hackers.
"We're not going to see very sophisticated code created directly by chatbots," he said.
Le Bayon added that as generative AI tools are used more and more, "their creators are working on analysing usage data" -- allowing them in future to "better detect malicious use" of the chatbots.
H.Gerber--VB
