-
Playmaker Jalibert moves to fullback as France swing axe for Australia clash
-
Taiwan warns of 'destructive' winds as typhoon nears
-
Australian sprint star Gout out of U20 worlds with hamstring tear
-
Farrell rings changes for Ireland's Japan clash
-
Unions to protest as Volkswagen thrashes out job cut plans
-
Magyar's blitz against Orban's Hungary 'mafia' gathers pace
-
Teeth bared in Greece's bear-human showdown
-
Labour leadership contest takes Burnham closer to UK PM's office
-
Alpacas, mini pigs on the loose after floods hit south China zoo
-
New Zealand may join Australia-Fiji defence pact: PM Luxon
-
All Blacks make five changes for Italy Nations Championship clash
-
Fly-half Meredith to make Australia debut against France
-
Western Europe records its hottest June as heatwaves surge: EU monitor
-
US, Iran trade new strikes in fight over Hormuz strait
-
Fashion's mystery man Margiela sells off his archives
-
Modi eyes 'historic' chance to secure Australian uranium
-
Nuclear test-scarred Marshall Islands criticises China missile
-
US crackdown on top AI fuels open-source surge
-
Chip titan SK hynix to set price for mega US listing
-
EU moves closer to kicking kids off social media
-
Crude extends rally as US-Iran flare-up rocks peace hopes
-
Protecting the protectors: racing to save Philippine mangroves
-
Democrat accused of rape exits key US Senate race
-
Expanded World Cup; same old story as Europe dominates quarter-finals
-
Japan student Ito keeps place against Ireland as Jones returns
-
Morocco's Saibari out of France World Cup quarter-final
-
Belgium bid to crack Spain's ironclad defence in World Cup quarter-final
-
Trump orders new strikes on Iran over attacks on shipping in Hormuz
-
US man sentenced after swapping 17th century manuscript
-
PSG's Lee set to join Atletico Madrid
-
US launches new strikes on Iran after Trump vows to hit 'hard'
-
Iran plays with fire, but calculates Trump will hold back
-
Taylor Swift fans pay $25 for garbage from outside wedding
-
Oil surges, stocks slide as Trump says Iran ceasefire over
-
After quakes, Venezuelans fear losing damaged homes
-
Meta to build $9 billion data center in western Canada
-
PSG's Lee set to join Athletico
-
Rogers backs Kane to outshine Haaland in World Cup showdown
-
Erdogan gave pistols to NATO leaders, Starmer says
-
Some US Fed officials considered June rate hike on war fallout
-
Nocera Expands Diversified Technology Strategy With Binding Agreement to Acquire an Equity Interest in INERGX, an Integrated Energy Storage and Power Platform for AI, Defense and Mission-Critical Demand
-
UN launches appeal for nearly $300 mn in Venezuela quake relief
-
China sends nuclear missile message as US looks elsewhere
-
US to remove Syria from terror blacklist, in new boost to Sharaa
-
Justin Bieber added to 11-minute World Cup final halftime show
-
Court rejects Trump request to restore his name to Kennedy Center
-
Fery targets Wimbledon final birthday present after royal seal of approval
-
MLB pitching great Verlander to retire after 2026 season
-
Egypt file complaint against referee after World Cup exit
-
Artificial cloud brightening could tame El Nino, but with risks: study
'Vibe hacking' puts chatbots to work for cybercriminals
The potential abuse of consumer AI tools is raising concerns, with budding cybercriminals apparently able to trick coding chatbots into giving them a leg-up in producing malicious programmes.
So-called "vibe hacking" -- a twist on the more positive "vibe coding" that generative AI tools supposedly enable those without extensive expertise to achieve -- marks "a concerning evolution in AI-assisted cybercrime" according to American company Anthropic.
The lab -- whose Claude product competes with the biggest-name chatbot, ChatGPT from OpenAI -- highlighted in a report published Wednesday the case of "a cybercriminal (who) used Claude Code to conduct a scaled data extortion operation across multiple international targets in a short timeframe".
Anthropic said the programming chatbot was exploited to help carry out attacks that "potentially" hit "at least 17 distinct organizations in just the last month across government, healthcare, emergency services, and religious institutions".
The attacker has since been banned by Anthropic.
Before then, they were able to use Claude Code to create tools that gathered personal data, medical records and login details, and helped send out ransom demands as stiff as $500,000.
Anthropic's "sophisticated safety and security measures" were unable to prevent the misuse, it acknowledged.
Such identified cases confirm the fears that have troubled the cybersecurity industry since the emergence of widespread generative AI tools, and are far from limited to Anthropic.
"Today, cybercriminals have taken AI on board just as much as the wider body of users," said Rodrigue Le Bayon, who heads the Computer Emergency Response Team (CERT) at Orange Cyberdefense.
- Dodging safeguards -
Like Anthropic, OpenAI in June revealed a case of ChatGPT assisting a user in developing malicious software, often referred to as malware.
The models powering AI chatbots contain safeguards that are supposed to prevent users from roping them into illegal activities.
But there are strategies that allow "zero-knowledge threat actors" to extract what they need to attack systems from the tools, said Vitaly Simonovich of Israeli cybersecurity firm Cato Networks.
He announced in March that he had found a technique to get chatbots to produce code that would normally infringe on their built-in limits.
The approach involved convincing generative AI that it is taking part in a "detailed fictional world" in which creating malware is seen as an art form -- asking the chatbot to play the role of one of the characters and create tools able to steal people's passwords.
"I have 10 years of experience in cybersecurity, but I'm not a malware developer. This was my way to test the boundaries of current LLMs," Simonovich said.
His attempts were rebuffed by Google's Gemini and Anthropic's Claude, but got around safeguards built into ChatGPT, Chinese chatbot Deepseek and Microsoft's Copilot.
In future, such workarounds mean even non-coders "will pose a greater threat to organisations, because now they can... without skills, develop malware," Simonovich said.
Orange's Le Bayon predicted that the tools were likely to "increase the number of victims" of cybercrime by helping attackers to get more done, rather than creating a whole new population of hackers.
"We're not going to see very sophisticated code created directly by chatbots," he said.
Le Bayon added that as generative AI tools are used more and more, "their creators are working on analysing usage data" -- allowing them in future to "better detect malicious use" of the chatbots.
C.Kovalenko--BTB