AI worm exposes security flaws in AI tools like ChatGPT

If you use AI assistant tools, you'll want to follow this new update from researchers

House artificial intelligence task force chair talks goals, risks for AI

Rep. Jay Obernolte was selected to lead the House task force on AI. Fox News Digital speaks with the California Republican about his goals for the panel and his own thoughts about the rapidly advancing technology.

You’d think keeping things secure would be easy, with artificial intelligence getting sharper every day. I mean, if it can crank out intricate code in no time, fending off cyber crooks should be a breeze, right? But, hey, it’s not all black and white.

It’s easy to overlook that AI-assistant tools like ChatGPT and Gemini are vulnerable to malware threats, but this may precisely be one reason that malware worms can get through more easily, which might just be the welcome mat for malware to waltz right in, catching you off guard.

So, if you’re using ChatGPT or Gemini, here's what you need to know about this new malware worm. Though not an actual threat right now, a new research study and report tell us a lot about the potential security issues and headaches facing AI down the road.

The researchers did disclose the paper with OpenAI and Google and the fact that "the worm exploits bad architecture design for the GenAI ecosystem and is not a vulnerability in the GenAI service."

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER

AI WORM 1

A smartphone with ChatGPT. (Kurt "CyberGuy" Knutsson)

What is the Morris II computer worm?

The particular computer worm in question is a type of malware called Morris II, named after the Morris worm, a malware discovered in 1988 after crashing about 10% of all computers connected to the internet at that time.

To back up a bit, though, it's important to understand that a computer worm is a type of standalone malware that can replicate itself to spread to other computers, poisoning everything in its path.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

In this circumstance, the worm we're talking about was designed by researchers to understand some of the vulnerabilities that AI-assistant tools — like AI booking calendars or email services — have. Although it's not a direct threat right now, it could be coming for your AI tools sooner than you think.

AI worm 2

A man types on a laptop keyboard. (Kurt "CyberGuy" Knutsson)

MORE: HOW SCAMMERS USE AI TOOLS TO FILE PERFECT-LOOKING TAX RETURNS IN YOUR NAME

How does this computer worm work?

Morris II is a "zero-click" worm that infects Generative AI (GenAI) systems without requiring user interaction. GenAI platforms rely on prompts, which are essentially instructions given in text format.

However, Morris II can manipulate these prompts. It injects malicious prompts that trick the GenAI system into performing harmful actions without the user or even the GenAI itself being aware. For instance, the worm might use a compromised GenAI email assistant to send phishing emails or spam, potentially stealing or compromising your data.

MORE: CREEPY EMBODIED AI AVATAR GIVES A FACE AND A VOICE TO CHATGPT INTERACTION

Steps to shield against the Morris II cyber threat

To protect yourself from potential cybersecurity threats like the Morris II computer worm, here are some steps you can take:

Be cautious with emails: Avoid opening email attachments or clicking on links from unknown or untrustworthy sources.

Use antivirus software: Invest in reliable antivirus software that can detect and remove malware, including computer worms. The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

Keep systems updated: Regularly update your operating system and applications to patch any security vulnerabilities.

Use strong passwords: Create complex passwords that are difficult to guess and use different passwords for different accounts. Consider using a password manager to generate and store complex passwords.

Backup your data: Regularly back up important data on an external drive or cloud storage to prevent loss in case of an infection.

Limit file-sharing: Be wary of downloading files from peer-to-peer networks or file-sharing platforms, as they can be sources of malware.

Enable security features: Turn on security features like two-factor authentication for an added layer of protection.

Remember, while AI tools can be incredibly helpful, they are not immune to cyber threats. It’s essential to be proactive about your digital security to safeguard your personal information and devices.

MORE: HOW AI COULD MANIPULATE VOTERS AND UNDERMINE ELECTIONS, THREATENING DEMOCRACY

Kurt's key takeaways

While there's no need to abandon these AI tools yet, these researchers have taken it upon themselves to understand what type of threats we may be seeing with them in the very near future. With this information, we can prepare for potential malware threats in the future and thereby mitigate them.

Considering the potential vulnerabilities in AI tools, what measures do you think users and developers should take?  Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Answers to the most-asked CyberGuy questions:

Copyright 2024 CyberGuy.com. All rights reserved.

Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Authored by Kurt Knutsson, Cyberguy Report via FoxNews March 29th 2024