NIST launches public working group on generative AI
The U.S. National Institute of Standards and Technology is launching a public working group on generative AI, according to Secretary of Commerce Gina Raimondo. The move is a part of the Biden administration’s commitment to addressing opportunities and risks associated with AI.
The working group “will help provide essential guidance for those organizations that are developing, deploying and using generative AI, and who have a responsibility to ensure its trustworthiness,” says Raimondo in an announcement.
A June 26 article from The Hacker News uncovers risks associated with generative AI. It can be used for password-guessing and Captcha-cracking as well as strengthening malware and social-engineering attacks. ChatGPT can be used to personalize spear-phishing messages based on a company’s public messaging.
Moreover, executives and employees alike are drawn to the cost benefits and convenience of generative AI tools, sometimes without considering security risks.
A February 2023 survey of 1,000 executives found that 49 percent of respondents use ChatGPT now, and 30 percent intend to do so in the future. Ninety-nine percent of these ChatGPT users claimed that they’ve saved money with the tool.
Employees may also implement “shadow IT,” or download and integrate apps without approval from their IT department. For instance, an employee may connect an AI scheduling assistant to other accounts using OAuth tokens.
Once authorized, the tool will have consistent, API-based communication with a number of accounts without requiring additional authentication. Stealing this token would allow an attacker to access data from these connected accounts, opening the door to a number of attacks and leaks.
The working group is “especially timely considering the unprecedented speed, scale and potential impact of generative AI and its potential to revolutionize many industries and society more broadly,” says NIST director Laurie Locascio in the announcement. “We want to identify and develop tools to better understand and manage those risks.”