Experts are sounding the alarm about the potential rise of "cyber-physical attacks" driven by artificial intelligence, which could pose a significant threat to critical infrastructure.
What Happened: The FBI recently cautioned Congress about Chinese hackers infiltrating U.S. cyber infrastructure, targeting critical systems such as water treatment plants and transportation. This has raised concerns that the integration of AI into cyberattacks could lead to a new era of "cyber-physical attacks," CNBC reported on Sunday.
Stuart Madnick, a professor at MIT, has conducted simulations showing that AI-fueled cyberattacks could cause physical systems to malfunction, leading to explosions and other serious consequences.
"The only thing really keeping bad things from happening is there is not sufficient motivation," he added.
Tim Chase, the CISO at Lacework, shares these concerns, especially regarding the vulnerability of systems using programmable logic controllers (PLCs). He fears that hackers could use AI to create code for PLCs and wreak havoc on industrial systems.
Despite these warnings, Sivan Tehila, a cybersecurity expert, points out that AI also plays a crucial role in enhancing cyber defenses, detecting, and responding to threats more effectively.
Michael Kenney, a professor at the University of Pittsburgh, acknowledges the risks of cyber-physical attacks but believes that cybercriminals are unlikely to take down vast swaths of the internet, as they rely on it.
Why It Matters: The potential rise of AI-assisted cyber-physical attacks comes amid a series of significant developments in the cybersecurity landscape. In February, the LockBit hacking group, known for its ransomware attacks, was disrupted by a collaboration of law enforcement agencies from various countries. This operation targeted LockBit's infrastructure and its malware deployment system.
In another instance, security vulnerabilities were found in OpenAI's ChatGPT that could potentially lead to account takeovers of unwitting users. The feature that processes files and provides a clickable citation icon could be manipulated, posing a security threat.