In collaboration with Microsoft Threat Intelligence, OpenAI has taken significant steps to counteract the misuse of AI by state-affiliated threat actors, aiming to enhance information sharing and transparency regarding such activities. The following actions have been undertaken:
OpenAI, in coordination with Microsoft, has disrupted the operations of five state-affiliated malicious actors:
- China-affiliated actors – Charcoal Typhoon and Salmon Typhoon.
- Iran-affiliated actor – Crimson Sandstorm.
- North Korea-affiliated actor – Emerald Sleet.
- Russia-affiliated actor – Forest Blizzard.
OpenAI terminated the identified accounts associated with these actors. The malicious use cases primarily involved utilizing OpenAI services for open-source information queries, translation, code debugging, and running basic coding tasks.
Specific activities included:
- Charcoal Typhoon: Researching companies and cybersecurity tools, debugging code, and creating content for potential phishing campaigns.
- Salmon Typhoon: Translating technical papers, retrieving publicly available information on intelligence agencies, and assisting with coding.
- Crimson Sandstorm: Scripting support for app and web development, content generation for spear-phishing campaigns, and research on malware evasion.
- Emerald Sleet: Identifying experts and organizations in defense, basic scripting tasks, and content creation for phishing campaigns.
- Forest Blizzard: Open-source research on satellite communication protocols, radar imaging technology, and scripting support.
For additional technical details on these threat actors, refer to the Microsoft blog post published concurrently.
Multi-Pronged Approach to AI Safety:
OpenAI is adopting a comprehensive strategy to counter malicious state-affiliated actors:
Monitoring and Disruption:
Investing in technology and teams to identify and disrupt sophisticated threat actors, taking appropriate actions such as disabling accounts or terminating services upon detection.
Collaboration:
Actively working with industry partners and stakeholders to exchange information, fostering collective responses to ecosystem-wide risks related to AI misuse.
Safety Mitigations:
Learning from real-world use and misuse to inform iterative safety enhancements, adapting safeguards based on insights gained from actors’ abuse.
Public Transparency:
Continuing efforts to inform the public about the nature and extent of malicious state-affiliated actors’ use of AI, as well as the measures taken against them, to promote awareness and preparedness among stakeholders.
Despite efforts to minimize misuse, OpenAI recognizes the ongoing challenge posed by a small number of malicious actors. By innovating, investigating, collaborating, and sharing information, OpenAI aims to make it more difficult for such actors to go undetected across the digital ecosystem, ultimately improving the experience for the majority of users.
This news is sourced from the OpenAI Blog.