Unveiling the Morris II AI Worm: A Sneak Peek into a Cybersecurity Threat
Introduction:
Have you ever heard of computer worms? They’re like digital pests that can cause a lot of trouble by spreading themselves through the internet. Well, recently, there’s been talk about a new kind of worm called Morris II. It’s not your average worm — it’s an AI worm that’s designed to infect AI-powered applications like ChatGPT and Gemini.
Understanding Morris II:
Morris II is named after an old computer worm from the 1980s. But unlike its predecessor, Morris II is a lot more sophisticated. It’s designed to sneak into AI systems and cause mischief by stealing sensitive information and spreading malware. Think of it as a digital spy that’s always looking for ways to cause trouble.
Morris II can infect AI email assistants and steal data like credit card information. It’s created by a group of researchers who found a way to trick AI systems into doing things they shouldn’t. They figured out how to make AI models like ChatGPT and Gemini do things they weren’t supposed to do, like sending spam emails or stealing data.
How Does It Work?
Imagine you receive an email offering a free trial of a new AI technology. You’re excited about it and reply to the email without thinking much. Little do you know, the email contains hidden instructions that tell the AI to do something bad, like steal your data. When you reply to the email, the AI reads it and follows the instructions, infecting your system in the process. And just like that, Morris II spreads to other users, causing more trouble along the way.
These worms are intelligent enough to attack GenAI-powered applications that fall under any of the two categories below:
- Generative AIs whose execution flow depends on the output of GenAI
- GenAI that uses a RAG system
Terminology alert!
RAG: Retrieval Augmented Generation (RAG) is a mechanism to essentially lets the AI look up facts on the internet, databases, etc before generating an optimized output.
Now that you have grasped an idea of how it works, let’s go more technical. Have a look at the diagram below.
Source: Here Comes The AI Worm: Unleashing Zero-click Worms that Target GenAI-Powered Applications
In this scenario, we observe a sophisticated cyber attack orchestrated through a series of steps. It begins with an attacker, denoted as c1, initiating the propagation by sending a malicious email, labeled e1, containing a self-replicating prompt to the targeted user’s client, c2. This email triggers a sequence of actions, where c2’s client retrieves context from the Repository of Associated Graphs (RAG), queries the GenAI service for an automatic reply, and unwittingly becomes infected, thus transforming into a new host.
The propagation then continues, with c2 inadvertently spreading the infection to another user, c3, upon receiving an email, e2, from them. This cycle of infection and propagation illustrates the intricacies of cyber attacks, where the manipulation of automated services and user interactions can lead to the rapid spread of malicious entities.
Results:
The researchers found that Morris II could spread quickly and infect many users in a short amount of time. They also discovered that the worm’s success depended on how it was programmed and the size of the context it was given. While the findings are worrying, the good news is that the researchers shared their work with companies like OpenAI and Google, who have likely taken steps to protect their systems from Morris II.
Conclusion:
While the idea of an AI virus may sound like something out of a sci-fi movie, it’s a real threat that we need to take seriously. The research into Morris II serves as a reminder of the ethical concerns surrounding AI technology. We need to stay vigilant and ensure that our systems are protected from threats like Morris II. After all, as they say, prevention is better than cure.
