Carnegie Mellon University researchers have demonstrated that large language models can autonomously plan and carry out sophisticated cyberattacks without human intervention.

The research, conducted in partnership with artificial intelligence firm Anthropic, showed that AI could replicate the 2017 cyberattack on Equifax by autonomously exploiting vulnerabilities, installing malware and stealing data.

The Equifax breach compromised approximately 147 million customers’ data, making it one of the largest data breaches in U.S. history. 

Researchers from Carnegie Mellon and Anthropic developed an attack toolkit called Incalmo that they used to translate the strategy behind the Equifax breach into specific system commands used to carry out the attacks. 

Brian Singer, the lead researcher and a PhD candidate at Carnegie Mellon’s Department of Electrical and Computer Engineering, said the goal was to measure LLMs’ ability to autonomously plan an attack without the need for human assistance.

“It is unclear how well Incalmo generalizes to other networks. However, in the research paper, we evaluated Incalmo in 10 small enterprise environments,” Singer told Cybersecurity Dive via email. “In 9 out of 10 of them, LLMs were able to autonomously partially succeed in the attacks (e.g., exfiltrate some sensitive data).”

Para leer más ingrese a:

https://www.cybersecuritydive.com/news/research-llms-attacks-without-humans/754203/