AI presents an “extinction level threat” – US Gov’t Report: Hashtag Trending for Tuesday, March 12, 2024

A new US government report warns that AI presents an “extinction level threat to the human species. Elon Musk is outsourcing his Grok AI code. Hackers have breached the Cybersecurity and Infrastructure Security Agency in the US and a researcher shows how to steal a Tesla by leveraging a feature of the Tesla charging stations.

All this and more on the “end of the world as we know it” edition of Hashtag Trending. I’m your host, Jim Love, CIO of IT World Canada and TechNewsDay in the US.

A government-commissioned report warns that the United States must act “quickly and decisively” to address significant national security risks posed by artificial intelligence (AI), which could potentially lead to an “extinction-level threat to the human species.” This report, obtained by TIME ahead of its publication, emphasizes the urgent and growing dangers AI development presents to national security, drawing parallels to the destabilizing impact of nuclear weapons.

The report, titled “An Action Plan to Increase the Safety and Security of Advanced AI,” was produced after more than a year of research, including discussions with over 200 government employees, experts, and workers at leading AI companies such as OpenAI, Google DeepMind, Anthropic, and Meta. It outlines a comprehensive set of policy actions aimed at significantly altering the AI industry’s current trajectory.

Key recommendations include making it illegal to train AI models using more than a specified level of computing power, a threshold to be determined by a new federal AI agency. This measure aims to moderate the competitive race among AI developers and slow down the chip industry’s progress in manufacturing faster hardware. The report also suggests that the publication of powerful AI models’ “weights” or inner workings could be outlawed, with potential violations subject to criminal penalties. Additionally, it calls for stricter controls on the manufacture and export of AI chips and increased federal funding for research focused on making advanced AI systems safer.

The report also addresses the risks associated with the weaponization of AI systems and the potential loss of control over advanced AI, highlighting the industry’s race dynamics that prioritize development speed over safety. It suggests that regulating the hardware used to train AI systems could be a crucial step in safeguarding global safety and security from the threats posed by AI.

The State Department commissioned the report in November 2022, with Gladstone AI, a company specializing in AI technical briefings for government employees, producing the 247-page document. Despite the groundbreaking nature of its recommendations, the report clarifies that its suggestions do not reflect the official views of the U.S. Department of State or the U.S. government.

Sources include:  Time and Gladstone.ai

Elon Musk apparently didn’t get the memo about not publishing your AI code. His AI startup, xAI, plans to open-source Grok, its chatbot that competes with ChatGPT, within the week. This announcement comes shortly after Musk filed a lawsuit against OpenAI, accusing the Microsoft-backed company of straying from its open-source origins and prioritizing profit over accessibility. Grok, which was released last year, offers features like access to real-time information and opinions that are, according to Musk, not constrained by “political correctness.” It is currently available to subscribers of X’s $16 monthly service.

Musk, who co-founded OpenAI with Sam Altman as a means to balance Google’s AI dominance, criticized OpenAI for becoming a closed-source entity focused on benefiting Microsoft. This move has sparked a debate among technologists and investors regarding the value of open-source AI.

By deciding to open-source Grok, xAI joins other companies like Meta and Mistral in making their chatbot codes publicly available. Musk has consistently supported open-source initiatives, as demonstrated by Tesla’s decision to open-source many of its patents and X (formerly Twitter) open-sourcing some of its algorithms. Musk’s recent actions and statements reinforce his commitment to open-source principles and his critique of OpenAI’s current direction.

Sources include: TechCrunch

Hackers breached the Cybersecurity and Infrastructure Security Agency (CISA), forcing the agency to take some systems offline. The breach occurred in February through vulnerabilities in Ivanti products, impacting two systems with critical ties to U.S. infrastructure. CISA responded by immediately shutting down the affected systems and has since been working on upgrading and modernizing its systems, stating there is no operational impact at this time.

The compromised systems were part of the Infrastructure Protection (IP) Gateway, which houses critical data and tools used to assess critical U.S. infrastructure, and the Chemical Security Assessment Tool (CSAT), containing sensitive industrial information. The breach was facilitated by recent vulnerabilities affecting Ivanti Connect Secure VPN and Ivanti Policy Secure products, discovered by CISA itself. Ironically, CISA had previously warned about vulnerabilities in Ivanti software and ordered all U.S. government agencies to disconnect Ivanti Connect Secure and Ivanti Policy Secure products in early February.

CISA has not confirmed or denied whether these specific systems were taken offline. The agency emphasizes that any organization can be affected by cyber vulnerabilities and highlights the importance of having an incident response plan in place as a component of resilience. The hack did not impact operations at the agency, according to a CISA spokesperson.

Sources include: 9to5Mac

Security researchers Tommy Mysk and Talal Haj Bakry of Mysk Inc. have demonstrated a new potential threat for Tesla owners: a social engineering attack that could allow hackers to steal Teslas parked at charging stations. The researchers created a fake Tesla WiFi network named “Tesla Guest” using a Flipper Zero device—a $169 hacking tool.

And before someone runs off to the Canadian government and says “you were right to ban this,” the Flipper Zero was just a convenience, they could have used a Raspberry Pi or a number of other devices with a wireless connection.

Their fake network, regardless of technology, simply mimics the official Tesla charging station WiFi, leading victims to a counterfeit Tesla login page where their username, password, and two-factor authentication code are stolen.

Once the hackers obtain the Tesla owner’s credentials, they can quickly log into the real Tesla app and set up a new phone key, enabling them to unlock and potentially steal the car. They just have to be quick and get it done before the code expires.The kicker is that they don’t have to steal the car right away. Once they’ve got access, they could do it at a later time without the owner’s knowledge.

Mysk says that he repeated the exercise a number of times including with an iPhone that had never been paired to the Tesla vehicle and it worked every time. There is a simple fix which would require verification of a physical key and notifying the owner if the key is changed.

Mysk, who does not recommend stealing cars and did this purely for experimental purposes, reported this vulnerability to Tesla, but the company responded that it had investigated and decided it wasn’t an issue.

This stance has raised concerns, especially considering the simplicity of the attack and the potential for significant loss. Those Teslas don’t come cheap.

Sources include: Autoblog.com

And just so there’s one good news story today…

Chrome users now have a new tool to protect themselves from the potential subversion of their browser extensions, thanks to a new Chrome add-on called “Under New Management.”

Developed by Matt Frisbie, a software developer and author, this extension alerts users when installed extensions have changed owners. This feature is crucial because, while extensions may start with innocent and useful purposes, new owners can maliciously adjust the code to steal information or inject ads, affecting millions of users.

Developers of extensions often receive offers to buy their creations, usually with the intent to exploit existing users.

There have been instances where buyers have tried to insert dubious or malicious code. Google is pretty good at detecting malicious code, but a challenge remains when new owners send out updates that may not be outright malicious but could simply misuse user data or inject ads.

Ownership changes in browser extensions also pose a unique risk due a lack of detailed developer information in the Chrome Web Store, automatic updates, and the ease of transferring ownership without meaningful oversight.

Frisbie is also working on an extension promotion platform called ExBoost to improve the extension ecosystem and make it safer. Google is also working on solutions to the problem. But until such time, the “Under New Management” extension aims to give users notice of ownership changes, allowing them to make informed decisions about the software they’re using.

That’s our show for today. Hashtag Trending goes to air five days a week with a daily news show and on the weekends we have an interview show we creatively named the Weekend Edition.

We love your comments.

Thanks for listening and have a Terrific Tuesday.