'Vibe hacking' puts chatbots to work for cybercriminals / Photo: Kirill KUDRYAVTSEV - AFP/File
-
Sawe sub-2hr marathon captured 'global imagination' says Coe
-
King Charles gets warm welcome in Bermuda after whirlwind US visit
-
Sinner shines to beat Fils, reach Madrid Open final
-
UK court clears comedy writer of damaging transgender activist's phone
-
Was LIV Golf an expensive failure for Saudis? Not everyone thinks so
-
Coe hails IOC gender testing decision
-
McInnes wants Tynecastle in 'full glory' for Hearts title charge
-
McFarlane says troubled Chelsea still attractive to potential managers
-
Man Utd boss Carrick relishes 'special' Liverpool rivalry
-
Baguettes take centre stage on France's Labour Day
-
Spurs must banish 'loser' mentality despite injury woes, says De Zerbi
-
Arsenal must manage emotions of title race says Arteta
-
Nepal temple celebrates return of stolen Buddha statue
-
US Fed official says rate hikes may be needed if inflation surges
-
Fixture pile-up no excuse for Man City in title race: Guardiola
-
Iran offers new proposal amid stalled US peace talks
-
Gulf countries' plans to bypass Hormuz still far off, experts warn
-
Luis Enrique says 'unique' PSG-Bayern first leg could have gone either way
-
Rebels take key military camp in Mali's north
-
Activists on Gaza aid flotilla seized by Israeli forces disembark in Crete
-
Turkish police fire tear gas, arrest hundreds at Istanbul May Day rallies
-
French hub monitors Hormuz tensions from afar
-
Flick happy Raphinha back for Barca with title in sight
-
UN troubled by rejected appeal of Cambodian opposition leader
-
Activists on Gaza aid flotilla detained by Israel disembark in Crete
-
Suspect appears in UK court charged with attacking two Jewish men
-
Oil steady after wild swing, stocks diverge in thin trading
-
Lufthansa says searching for Oscar lost after US airport security row
-
Howe says Saudi backers are fully behind Newcastle
-
Chinese swimmer Sun Yang reports cyberbullying to police
-
Salah 'deserves big send-off', says Liverpool boss Slot
-
UK police charge man with stabbing attack on two Jewish Londoners
-
Solomon Islands leader loses court appeal, must face no confidence vote
-
Former world skating champion Uno joins pro eSports team
-
Japan baseball umpire hit by bat still unconscious two weeks on
-
Nakatani says won't be intimidated in sold-out Inoue title clash
-
T-Wolves eliminate Nuggets as Knicks demolish Hawks in NBA playoffs
-
Timberwolves eliminate Jokic's Nuggets from NBA playoffs
-
Iran activates air defences as Trump faces congressional deadline
-
Arsenal seek to ramp up heat on Man City in title race
-
PSG closing in on another French title before Bayern second leg
-
Espanyol must stop rot against Real Madrid as Barca eye title
-
Leipzig can book return to Champions League as Bundesliga top-four rivals meet
-
Injuries add to Bath's challenge for Champions Cup semi in Bordeaux
-
Karius getting 'back to the top' with promotion-chasing Schalke
-
King Charles arrives in Bermuda after whirlwind US visit
-
Clashes erupt in Australian town over death of Indigenous girl
-
Iran war redraws sea routes with Africa as the pivot
-
India's cows offer biogas alternative to Mideast energy crunch
-
Afghans celebrate spring in bright red poppy fields
'Vibe hacking' puts chatbots to work for cybercriminals
The potential abuse of consumer AI tools is raising concerns, with budding cybercriminals apparently able to trick coding chatbots into giving them a leg-up in producing malicious programmes.
So-called "vibe hacking" -- a twist on the more positive "vibe coding" that generative AI tools supposedly enable those without extensive expertise to achieve -- marks "a concerning evolution in AI-assisted cybercrime" according to American company Anthropic.
The lab -- whose Claude product competes with the biggest-name chatbot, ChatGPT from OpenAI -- highlighted in a report published Wednesday the case of "a cybercriminal (who) used Claude Code to conduct a scaled data extortion operation across multiple international targets in a short timeframe".
Anthropic said the programming chatbot was exploited to help carry out attacks that "potentially" hit "at least 17 distinct organizations in just the last month across government, healthcare, emergency services, and religious institutions".
The attacker has since been banned by Anthropic.
Before then, they were able to use Claude Code to create tools that gathered personal data, medical records and login details, and helped send out ransom demands as stiff as $500,000.
Anthropic's "sophisticated safety and security measures" were unable to prevent the misuse, it acknowledged.
Such identified cases confirm the fears that have troubled the cybersecurity industry since the emergence of widespread generative AI tools, and are far from limited to Anthropic.
"Today, cybercriminals have taken AI on board just as much as the wider body of users," said Rodrigue Le Bayon, who heads the Computer Emergency Response Team (CERT) at Orange Cyberdefense.
- Dodging safeguards -
Like Anthropic, OpenAI in June revealed a case of ChatGPT assisting a user in developing malicious software, often referred to as malware.
The models powering AI chatbots contain safeguards that are supposed to prevent users from roping them into illegal activities.
But there are strategies that allow "zero-knowledge threat actors" to extract what they need to attack systems from the tools, said Vitaly Simonovich of Israeli cybersecurity firm Cato Networks.
He announced in March that he had found a technique to get chatbots to produce code that would normally infringe on their built-in limits.
The approach involved convincing generative AI that it is taking part in a "detailed fictional world" in which creating malware is seen as an art form -- asking the chatbot to play the role of one of the characters and create tools able to steal people's passwords.
"I have 10 years of experience in cybersecurity, but I'm not a malware developer. This was my way to test the boundaries of current LLMs," Simonovich said.
His attempts were rebuffed by Google's Gemini and Anthropic's Claude, but got around safeguards built into ChatGPT, Chinese chatbot Deepseek and Microsoft's Copilot.
In future, such workarounds mean even non-coders "will pose a greater threat to organisations, because now they can... without skills, develop malware," Simonovich said.
Orange's Le Bayon predicted that the tools were likely to "increase the number of victims" of cybercrime by helping attackers to get more done, rather than creating a whole new population of hackers.
"We're not going to see very sophisticated code created directly by chatbots," he said.
Le Bayon added that as generative AI tools are used more and more, "their creators are working on analysing usage data" -- allowing them in future to "better detect malicious use" of the chatbots.
N.Walker--AT