British security agency warns about possible dangers associated with AI chatbots
London: A leading security agency in the UK has warned people about the potential hazards associated with Large language models (LLMs) and AI chatbots.
The use of these LLMs became popular in recent times and captured the attention of the world.
" It's now one of the fastest growing consumer applications ever, and its popularity is leading many competitors to develop their own services and models, or to rapidly deploy those that they’ve been developing internally.As with any emerging technology, there's always concern around what this means for security," National Cyber Security Centre mentioned in a blog post.
The blog cautioned netizens: " LLMs are undoubtedly impressive for their ability to generate a huge range of convincing content in multiple human and computer languages. However, they’re not magic, they’re not artificial general intelligence, and contain some serious flaws."
The UK security body warned people that the tools can get things wrong and ‘hallucinate’ incorrect facts.
"They can be biased, are often gullible (in responding to leading questions, for example)," mentioned another point of caution.
"They require huge compute resources and vast data to train from scratch," read another instruction.
"They can be coaxed into creating toxic content and are prone to ‘injection attacks’," the security body mentioned.
"A question might be sensitive because of data included in the query, or because who is asking the question (and when). Examples of the latter might be if a CEO is discovered to have asked 'how best to lay off an employee?', or somebody asking revealing health or relationship questions. Also bear in mind aggregation of information across multiple queries using the same login," the security body said.
Warning about possible data leak, the body said, "Another risk, which increases as more organisations produce LLMs, is that queries stored online may be hacked, leaked, or more likely accidentally made publicly accessible. This could include potentially user-identifiable information."
"A further risk is that the operator of the LLM is later acquired by an organisation with a different approach to privacy than was true when data was entered by users," read the post.
NCSC recommended netizens to follow the following two steps:
Do not to include sensitive information in queries to public LLMs.
Do not to submit queries to public LLMs that would lead to issues were they made public.