Private AI Chatbot Not Safe From Hackers With Encryption

While providers utilize encryption to protect user interactions, new research raises questions about how secure AI assistants may be.
According to a study, an attack that can predict AI assistant reactions with startling accuracy has been discovered.
This method uses big language models to refine results and takes advantage of a side channel present in most major AI assistants, except for Google Gemini.
According to Offensive AI Research Lab, a passive adversary can identify the precise subject of more than half of all recorded responses by intercepting data packets sent back and forth between the user and the AI assistant.
This attack is centered around a side channel that is integrated within the tokens that AI assistants use.
Real-time response transmission is facilitated via tokens, which are encoded-word representations.
Researchers use a token inference attack to refine intercepted data by using LLMs to convert token sequences into comprehensible language.
By using publicly accessible conversation data to train LLMs, researchers can decrypt responses with remarkably high accuracy.
This technique leverages the predictability of AI assistant replies to enable contextual decryption of encrypted content, similar to a known plaintext attack.
AI chatbots use tokens as the basic building blocks for text processing, which direct the creation and interpretation of conversation.
To learn patterns and probabilities, LLMs examine large datasets of tokenized text during training.
According to Ars Technica, tokens enable real-time communication between users and AI helpers, allowing users to customize their responses depending on environmental cues.
An important vulnerability is the real-time token transmission, which allows attackers to deduce response content based on packet length.
Sequential delivery reveals answer data, while batch transmission hides individual token lengths.
Reevaluating token transmission mechanisms is necessary to mitigate this risk and reduce susceptibility to passive adversaries.
Protecting user privacy is still critical as AI helpers develop.
Reducing security threats requires implementing strong encryption techniques and improving token delivery mechanisms.
By fixing flaws and improving data security protocols, providers can maintain users' faith and trust in AI technologies.
Providers need to give data security and privacy top priority as vulnerabilities are found by researchers.
Hackers are out there; the next thing we know, they're giving other businesses access to our private chats.


This Cyber News was published on www.cysecurity.news. Publication date: Sun, 17 Mar 2024 16:28:05 +0000


Cyber News related to Private AI Chatbot Not Safe From Hackers With Encryption

Strong Encryption Explained: 6 Encryption Best Practices - Strong encryption protects data securely from unauthorized access, but the specific algorithms that qualify as strong encryption change over time as computing power increases and researchers develop new ways to break encryption. Even the strongest ...
10 months ago Esecurityplanet.com
What Is Encryption? Definition, How it Works, & Examples - To understand how encryption works, we need to understand how it fits into the broader realm of cryptology, how it processes data, common categories, top algorithms, and how encryption fits into IT security. Symmetric encryption will typically be ...
11 months ago Esecurityplanet.com
Types of Encryption, Methods & Use Cases - Encryption category types will explain the overarching and basic categories of classification for encryption, including the two most important: symmetric and asymmetric encryption. Encryption tool types will discuss the major classifications of ...
11 months ago Esecurityplanet.com
Business Data Encryption: Protecting Sensitive Information - In addition to implementing encryption technologies and policies, organizations should prioritize employee training on data encryption. By selecting the appropriate encryption technologies, implementing strong encryption policies, and training ...
9 months ago Securityzap.com
Symmetric vs. Asymmetric Encryption in the Cloud: Choosing the Right Approach - Asymmetric and symmetric encryptions are the modes of encryption typically used in cryptography. There is a single key involved with symmetric encryption used both for encryption and decryption. Symmetric and asymmetric encryption as ways of ...
5 months ago Cybersecurity-insiders.com
Encrypting Data Using Asymmetric Encryption - Asymmetric encryption, commonly known as public-key encryption, is an important technique for safeguarding data transport and storage. Asymmetric encryption's multi-step process involving key generation, encryption, transmission, decryption, and key ...
10 months ago Feeds.dzone.com
The 6 Best Encryption Software - Though encryption could still be broken or cracked, strong encryption is nearly impenetrable. Top encryption software: Comparison table Top encryption software BitLocker: Best for Windows environments. It's an excellent choice for encryption software ...
6 months ago Techrepublic.com
An overview of storage encryption for enterprises - Storage encryption is a key element in keeping enterprise data safe. Most enterprises use a combination of encryption methods to protect their data on premises, in motion and in the cloud, so it's important to understand the different types and best ...
6 months ago Techtarget.com
How secure is the "Password Protection" on your files and drives? - People in certain professions, such as healthcare, law, and corporations, often rely on password protection when sending files via email, believing it provides adequate security against prying eyes. Protecting files with passwords without encrypting ...
6 months ago Helpnetsecurity.com
Internet Security: Ensuring Safe Online Experiences - Cybercriminals are constantly evolving their tactics, from sophisticated cyber attacks to insidious data breaches, putting your virtual safety at risk. Protecting your data isn't the only concern; safeguarding your identity, finances, and peace of ...
8 months ago Securityzap.com
Latest Information Security and Hacking Incidents - Private cloud providers may be among the primary winners of today's generative AI gold rush, as CIOs are reconsidering private clouds, whether on-premises or hosted by a partner, after previously dismissing them in favour of public clouds. At the ...
6 months ago Cysecurity.news
Google Chrome To Roll Out Real-Time Phishing Protection - Google Chrome has been protecting users from malicious websites and files with Safe Browsing, which maintains a locally-stored list updated every 30-60 minutes. To address it, Chrome is introducing a new version of Safe Browsing that provides ...
8 months ago Cybersecuritynews.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
1 year ago Hackread.com
DORA and your quantum-safe cryptography migration - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. New requirements for financial entities in the EU. DORA lays out a set of requirements across ICT risk management, incident ...
10 months ago Securityintelligence.com
Sensitive data loss is due to lack of encryption - In an era where data is the lifeblood of businesses, safeguarding sensitive information has become paramount. Cybersecurity lapses have historically been a cause of data breaches, but a recent study sheds light on a new dimension of vulnerability - ...
11 months ago Cybersecurity-insiders.com
CISA's Flags Memory-Unsafe Code in Major Open Source Projects - A comprehensive new study has unearthed fresh details on the extensive and troubling use of memory-unsafe code in major open source software projects. The chances that fresh insight on a long known issue will spur any immediate changes to the ...
5 months ago Darkreading.com
Windows 11 to let admins mandate SMB encryption for outbound connections - Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel. SMB encryption provides data end-to-end encryption and ...
1 year ago Bleepingcomputer.com
A Comprehensive Overview of Encryption as a Service - Encryption as a Service (EaaS) is a way for companies to protect their sensitive data, both at rest and in transit. It is a subscription model that allows customers to outsource the complexity of data encryption to a team of experts. Encryption is ...
1 year ago Heimdalsecurity.com
Meta Announces End-to-End Encryption by Default in Messenger - Yesterday Meta announced that they have begun rolling out default end-to-end encryption for one-to-one messages and voice calls on Messenger and Facebook. It will bring strong encryption to over one billion people, protecting them from dragnet ...
11 months ago Eff.org
Restrictions on Gemini Chatbot's Election Answers by Google - AI chatbot Gemini has been limited by Google in terms of its ability to respond to queries concerning several forthcoming elections in several countries, including the presidential election in the United States, this year. According to an ...
8 months ago Cysecurity.news
Latest Information Security and Hacking Incidents - The NSA and CISA have released a set of five cybersecurity bulletins to help make cloud environments safer. These bulletins share important tips for keeping cloud systems secure, which are used a lot by businesses. Cloud services are popular because ...
8 months ago Cysecurity.news
A Cost-Effective Encryption Strategy Starts With Key Management - Companies have a problem with encryption: While many businesses duly encrypt sensitive data, there is no standard strategy for deploying and managing an key-management infrastructure. Every organization needs to make a large number of decisions in ...
6 months ago Darkreading.com
Meta Rolls Out Default End-to-End Encryption on Messenger Amid Child Security Concerns - Meta Platforms announced on Wednesday the commencement of the rollout of end-to-end encryption for personal chats and calls on both Messenger and Facebook. This heightened security feature, ensuring that only the sender and recipients can access ...
11 months ago Cysecurity.news
Flawed AI Tools Create Worries for Private LLMs, Chatbots - Companies that use private instances of large language models to make their business data searchable through a conversational interface face risks of data poisoning and potential data leakage if they do not properly implement security controls to ...
6 months ago Darkreading.com
Multi-Cloud vs. Hybrid Cloud: The Main Difference - The proliferation of cloud technologies is particularly confusing to businesses new to cloud adoption, and they're sometimes baffled by the distinction between multi-cloud and hybrid cloud. Although the public cloud infrastructure and public cloud ...
11 months ago Techtarget.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)