A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Published by admin on

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape. Researchers at security firm Permiso Security say attacks against generative artificial intelligence (AI) infrastructure like Bedrock from Amazon Web Services (AWS) have increased markedly over the last six months, particularly when someone in the organization accidentally exposes their cloud credentials or key online, such as in a code repository like GitHub.

Investigating the abuse of AWS accounts for several organizations, Permiso found attackers had seized on stolen AWS credentials to interact with the large language models (LLMs) available on Bedrock. But they also soon discovered none of these AWS users had enabled logging (it is off by default), and thus they lacked any visibility into what attackers were doing with that access. So Permiso researchers decided to leak their own test AWS key on GitHub, while turning on logging so that they could see exactly what an attacker might ask for, and what the responses might be. Within minutes, their bait key was scooped up and used in a service that offers AI-powered sex chats online.

“After reviewing the prompts and responses it became clear that the attacker was hosting an AI roleplaying service that leverages common jailbreak techniques to get the models to accept and respond with content that would normally be blocked,” Permiso researchers wrote in a report released today. “Almost all of the roleplaying was of a sexual nature, with some of the content straying into darker topics such as child sexual abuse,” they continued. “Over the course of two days we saw over 75,000 successful model invocations, almost all of a sexual nature.”

Categories: Leben (Life aka misc)Technology

Related Posts

Palantir logo on a dark background
Leben (Life aka misc)

Former Palantir Employee Running For Congress Unveils ‘AI Dividend’ Plan

Alex Bores, a former Palantir employee and current Democratic House candidate in New York, is proposing an “AI dividend” that would send direct payments to Americans if AI drives major job losses. “At its core, Read more…

Leben (Life aka misc)

NSA Using Anthropic’s Mythos Despite Blacklist

Axios reports that the NSA is using Anthropic’s restricted Mythos Preview model despite the Pentagon insisting the company poses a “supply chain risk.” Axios reports: The government’s cybersecurity needs appear to be outweighing the Pentagon’s Read more…

Big Ben, London
Leben (Life aka misc)

Mobile Phones To Be Banned In Schools In England Under New Plans

A ban on mobile phones in schools in England is to be introduced by the government to ensure that “critical safeguarding legislation” is passed. The government will table an amendment to the children’s wellbeing and Read more…