175 | 🪱🪱 GenAI Might Have Self-replicating Worms!

In today’s Brainyacts:

1. Self-replicating worms

2. Claude 3 beats GPT-4 (most of time)

3. OpenAI now reads to you plus other news

4. JPMorgan on way to achieve 3.5 day workweek(?) and other AI-related content

👋 to new subscribers!

To read previous editions, click here.

Lead Memo

🪱🪱 Morris II: The Self-replicating Worm

Know all those email Phishing scams our business and organizations test us with and constantly remind us to not do things like open attachments from unknown or suspicious senders? Yup, well looks like we will have similar concerns with our GenAI tools. Meet Morris II.

Morris II represents a sophisticated evolution in cybersecurity threats, specifically engineered to exploit the rapidly growing domain of generative AI (GenAI) applications. Given the broad integration of GenAI across various digital platforms and services, understanding the nature of Morris II is crucial for users and developers alike.

Here's an explainer that delves into what Morris II is, how it operates, and why it's a significant concern for anyone engaging with generative AI technologies.

What is Morris II?

Morris II is named in apparent homage to the original Morris worm from 1988, one of the first computer worms distributed via the internet, which caused significant disruption due to its self-replicating nature. Similarly, Morris II is a self-replicating worm, but with a modern twist: it targets GenAI ecosystems specifically through a method called adversarial self-replicating prompts.

How Does Morris II Work?

In the context of GenAI, a "prompt" is essentially an instruction or input that guides the AI to generate a desired output. Morris II exploits this mechanism by using adversarial self-replicating prompts. Unlike regular prompts that are benign, these are meticulously crafted to deceive GenAI models into producing more instances of the worm, thereby spreading it across the ecosystem.

Remember there are two types of prompts: ones that we, the users, write and then the ones we users don’t see that the engineers have written into the AI Model that helps the model reply in specific ways. Morris II operates on that “hidden” front, so we the user will not necessarily know it is working in the background.

The worm operates in a "zero-click" manner, meaning it does not require any interaction from the user to initiate its replication and dissemination process. This method makes Morris II particularly insidious, as it can bypass traditional security measures that rely on user action as a point of compromise.

The Threat of Morris II

The primary danger of Morris II lies in its dual capability: to proliferate across GenAI applications and to potentially commandeer control of these applications or exfiltrate sensitive data. This threat is amplified by the interconnectedness of GenAI ecosystems, where applications often share data and functionality, creating a ripe environment for widespread exploitation.

Threat to Our Business Ecosystems

Many businesses are using something called RAG that enhances GenAI's capabilities by combining the power of generative models with the ability to retrieve and use relevant business information which often includes proprietary or sensitive information. This architecture allows businesses to provide contextually rich, informed responses, and insights derived from their data repositories.

Vulnerability to Morris II

1. Data Retrieval Exploitation: Morris II could exploit the retrieval mechanism of RAG. By injecting adversarial prompts into the system, the worm could manipulate the retrieval process, directing it to fetch and compile malicious or corrupted information. This not only undermines the integrity of the outputs but can also lead to the worm accessing and extracting sensitive data stored within the business's information repositories.

2. Data Corruption: Once inside the ecosystem, Morris II could alter the information stored in the databases linked to the RAG system. If it modifies the data being retrieved for generating responses, this could lead to widespread dissemination of incorrect or harmful information, both internally within the organization and externally to clients or users, depending on how the GenAI outputs are utilized.

3. Propagation Through Data Layers: Given the interconnected nature of GenAI ecosystems and the RAG architecture's reliance on diverse data sources for context, Morris II could propagate through these layers. It could infect various segments of the business's data infrastructure, from customer databases to internal knowledge bases, potentially leading to a systemic compromise.

What to do now?

The good news is that Morris II was a controlled experiment by Ben Nassi from Cornell Tech, Stav Cohen from the Israel Institute of Technology, and Ron Bitton from Intuit. So Morris II is not true adversarial threat - but this does not mean that someone cannot develop one that is or that different related threats are not already active.

For a short video explainer on this, see this 👇.

Spotlight

🆓 🤖 Anthropic Claude 3 is Free (and paid)

Some of you might have used Claude before. If so, you know it offers a free version. However, I have always been disappointed with it due to its lack of creativity and thoroughness of “thought” compared to OpenAI’s GPT-4.

But Claude 3 is now available. The free version is called Sonnet. The paid version is Opus. Both are really darn good. Perhaps now there is real competition for GPT-4.

Here are the testing outcomes:

Key developments:

Unmatched Speed Efficiency: Haiku leads with its speed and cost-effectiveness. Sonnet enhances efficiency by doubling the speed without compromising intelligence, while Opus maintains previous velocity but with increased smartness.

Enhanced Visual Recognition: Claude 3 models come with superior visual capabilities, enabling seamless interpretation of diverse visual content, such as PDFs, flowcharts, and slides, thus facilitating businesses in accessing and analyzing data more effectively.

Improved Reliability and Precision: The reduction of unnecessary denials and the enhancement of contextual comprehension mean Claude 3 models deliver more dependable and refined answers. Specifically, Opus has demonstrated a significant leap in accuracy for complex open-ended inquiries.

Expanded Context Understanding and Impeccable Memory: Launching with the ability to handle up to 200K in context size and manage inputs over 1 million tokens, the Claude 3 models stand out for their adeptness at dealing with extensive context prompts and their remarkable memory capabilities.

AI Model Notables

► OpenAI announces a new feature that allows text prompt replies to be read to you - 37 different languages.

► Inflection AI released an Apple iMessages version of its conversational, friend-like chatbot, allowing you to text the personal AI on-the-go.

► Following Musk’s lawsuit (claiming OpenAI was putting profits before people), OpenAI has signed a letter, agreeing to build AI responsibly and mitigate risk to the public.

► Microsoft filed a motion to dismiss the New York Times lawsuit against it and OpenAI, suggesting that the copying AI models do is similar to that of VCRs, which are legal.

News You Can Use:

➭ Jamie Dimon, CEO of JPMorgan has said that AI could shrink the workweek to 3.5 days, and this is one strong example of how - the Cash Flow Intelligence Tool:

• AI-Powered Productivity: JPMorgan's Cash Flow Intelligence tool utilizes artificial intelligence to reduce manual tasks for corporate clients by up to 90%.

• Growing Client Base and Revenue Opportunities: Approximately 2,500 clients are already leveraging this innovative tool, showcasing significant interest from JPMorgan's customer base. The bank is exploring the possibility of implementing a monthly subscription fee for the service, reflecting its successful uptake and the value it offers through AI integration.

• Continued Enhancement and Support: JPMorgan remains dedicated to the advancement of the Cash Flow Intelligence solution, backed by an expansive team of more than 150 data scientists and engineers committed to its ongoing development.

➭ Canadian law students learning and applying Generative AI.

➭ California assemblymember Josh Lowenthal (D) introduced a measure (A.B. 2811) that would put in place disclosure and citation requirements around AI-assisted legal filings.

➭ California gives Waymo the green light to expand robotaxi operations.

➭ The North Carolina State Bar Council’s proposed guidance on GenAI 023 is open for comments through March 30th. 

➭ Student fights AI cheating allegations for using Grammarly.

➭ India reverses AI stance, requires government approval for model launches.

➭ Amazon goes nuclear to power its data center as it acquires a nuclear data center campus in Pennsylvania.

Who is the author, Josh Kubicki?

Some of you know me. Others do not. Here is a short intro. I am a lawyer, entrepreneur, and teacher. I have transformed legal practices and built multi-million dollar businesses. Not a theorist, I am an applied researcher and former Chief Strategy Officer, recognized by Fast Company and Bloomberg Law for my unique work. Through this newsletter, I offer you pragmatic insights into leveraging AI to inform and improve your daily life in legal services.