&w=3840&q=100)
AI chatbots can leak hacking, drug-making tips when hacked, reveals study
A new study reveals that most AI chatbots, including ChatGPT, can be easily tricked into providing dangerous and illegal information by bypassing built-in safety controls
AI chatbots such as ChatGPT, Gemini, and Claude face a severe security threat as hackers find ways to bypass their built-in safety systems, revealed a recent research. Once 'jailbroken', these chatbots can divulge dangerous and illegal information, such as hacking techniques and bomb-making instructions.
In a new report from Ben Gurion University of the Negev in Israel, Prof Lior Rokach and Dr Michael Fire reveal how simple it is to manipulate leading AI models into generating harmful content. Despite companies' efforts to scrub illegal or risky material from training data, these large language models (LLMs) still absorb sensitive knowledge available on the internet.
'What was once restricted to state actors or organised crime groups may soon be in the hands of anyone with a laptop or even a mobile phone,' the authors warned.
What are jailbroken chatbots?
Jailbreaking uses specially crafted prompts to trick chatbots into ignoring their safety rules. The AI models are programmed with two goals: to help users and to avoid giving harmful, biased or illegal responses. Jailbreaks exploit this balance, forcing the chatbot to prioritise helpfulness—sometimes at any cost.
The researchers developed a 'universal jailbreak' that could bypass safety measures on multiple top chatbots. Once compromised, the systems consistently responded to questions they were designed to reject.
'It was shocking to see what this system of knowledge consists of,' said Dr Michael Fire.
The models gave step-by-step guides on illegal actions, such as hacking networks or producing drugs.
Rise of 'dark LLMs' and lack of industry response
The study also raises alarms about the emergence of 'dark LLMs', models that are either built without safety controls or altered to disable them. Some are openly promoted online as tools to assist in cybercrime, fraud, and other illicit activities.
Despite notifying major AI providers about the universal jailbreak, the researchers said the response was weak. Some companies didn't reply, and others claimed jailbreaks were not covered by existing bug bounty programs.
The report recommends tech firms take stronger action, including:
- Better screening of training data
- Firewalls to block harmful prompts and responses
- Developing 'machine unlearning' to erase illegal knowledge from models
The researchers also argue that dark LLMs should be treated like unlicensed weapons and that developers must be held accountable.
Experts call for stronger oversight and design
Dr Ihsen Alouani, an AI security researcher at Queen's University Belfast, warned that jailbroken chatbots could provide instructions for weapon-making, spread disinformation, or run sophisticated scams.
'A key part of the solution is for companies to invest more seriously in red teaming and model-level robustness techniques, rather than relying solely on front-end safeguards,' he was quoted as saying by The Guardian.
'We also need clearer standards and independent oversight to keep pace with the evolving threat landscape," he added.
Prof Peter Garraghan of Lancaster University echoed the need for deeper security measures.
'Organisations must treat LLMs like any other critical software component—one that requires rigorous security testing, continuous red teaming and contextual threat modelling,' he said.
'Real security demands not just responsible disclosure, but responsible design and deployment practices," Garraghan added.
How tech companies are responding
OpenAI, which developed ChatGPT, said its newest model can better understand and apply safety rules, making it more resistant to jailbreaks. The company added it is actively researching ways to improve protection.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
&w=3840&q=100)
Business Standard
35 minutes ago
- Business Standard
Samsung's big bet: Perplexity AI could soon be everywhere on its devices
Samsung Electronics is close to finalising a significant partnership with Perplexity AI Inc, an artificial intelligence (AI) search technology startup, Bloomberg reported. The South Korean tech giant is negotiating to preload Perplexity's app and assistant onto its upcoming devices. Additionally, Samsung aims to integrate Perplexity's search features into its web browser. Talks have also covered incorporating the startup's technology into Samsung's Bixby virtual assistant, the report said. Samsung plans to unveil the Perplexity integrations as early as this year, with the goal of making it a default assistant option on the Galaxy S26, expected to launch in the first half of 2026. However, the specifics of the deal are still being finalised and may change, the sources noted. So far, the company has relied significantly on Google's Gemini to support a range of AI capabilities within its Galaxy AI suite. Significant investment in Perplexity In addition to the technology partnership, Samsung is expected to participate in Perplexity's upcoming funding round, potentially as one of its largest investors. Perplexity is currently in advanced discussions to raise $500 million at a valuation of $14 billion, the news report said. The collaboration could help Samsung lessen its reliance on Alphabet Inc's Google and position it to work with a broader range of AI developers — a strategy similar to Apple Inc.'s approach to its ecosystem. For Perplexity, this would represent its most substantial mobile partnership to date, following a recent deal with Motorola. The two companies began exploring a partnership earlier this year. In recent weeks, representatives from both sides met in South Korea and made significant progress toward finalising the agreement, the report said. In addition to embedding Perplexity's technology into Samsung's devices and Bixby, the companies have also discussed developing an AI-infused operating system and an app that can connect Perplexity's capabilities with other AI assistants. Apple's interest in Perplexity Meanwhile, Apple has also shown interest in collaborating with Perplexity. According to Bloomberg News, Apple has considered using Perplexity as an alternative to Google Search and as a replacement for ChatGPT within the Siri voice assistant. 'We've been pretty impressed with what Perplexity has done, so we've started some discussions with them about what they're doing,' Eddy Cue, Apple's senior vice-president of services, said during recent testimony at a Google antitrust trial.
Time of India
an hour ago
- Time of India
Google says it will appeal online search antitrust decision
HighlightsAlphabet's Google announced its intention to appeal a recent antitrust decision regarding its online search competition dominance. A federal judge has proposed less aggressive remedies than the 10-year regime suggested by antitrust enforcers, which included the potential sale of Google Ad Manager. The United States Department of Justice and a coalition of states are concerned about Google's monopoly in search and its implications for competition in artificial intelligence products. Alphabet 's Google on Saturday said it will appeal an antitrust decision under which a federal judge proposed less aggressive ways to restore online search competition than the 10-year regime suggested by antitrust enforcers "We will wait for the Court's opinion. And we still strongly believe the Court's original decision was wrong, and look forward to our eventual appeal," Google said in a post on X. US District Judge Amit Mehta in Washington heard closing arguments on Friday at a trial on proposals to address Google's illegal monopoly in online search and related advertising. In April, a federal judge said that Google illegally dominated two markets for online advertising technology, with the US Department of Justice saying that Google should sell off at least its Google Ad Manager , which includes the company's publisher ad server and its ad exchange. The DOJ and a coalition of states want Google to share search data and cease multibillion-dollar payments to Apple and other smartphone makers to be the default search engine on new devices. Antitrust enforcers are concerned about how Google's search monopoly gives it an advantage in artificial intelligence products like Gemini and vice versa. John Schmidtlein, an attorney for Google, said at the hearing that while generative AI is influencing how search looks, Google has addressed any concerns about competition in AI by no longer entering exclusive agreements with wireless carriers and smartphone makers including Samsung Electronics, leaving them free to load rival search and AI apps on new devices.
Indian Express
2 hours ago
- Indian Express
India's rapid AI adoption, China's open source lead in focus in Mary Meeker report
'Unprecedented' – that's the word frequently used by venture capitalist Mary Meeker—once known as the 'Queen of the Internet'—in her latest trends report on artificial intelligence (AI) development and adoption. The 340-page report, titled 'Trends — Artificial Intelligence,' charts out the speed at which costs of usage are dropping, and how its adoption curve is unlike any tech disruption of the past. 'The pace and scope of change related to the artificial intelligence technology evolution is indeed unprecedented…' Meeker writes in her report, her first major trends report since 2019. While largely upbeat about AI's disruptive promise, the report also outlines cautions against well-known pitfalls including hallucinations, biases, misinformation and slow moving regulation. It also said that while AI platforms have racked up the user-base, revenue per user is still quite low for most of them, with a median of $23. The adoption of AI platforms has been unlike anything that has come before it, the report said. For instance, it took the likes of Instagram, WhatsApp, and YouTube between 2-4 years to reach 100 million users, but for ChatGPT, it took less than 3 months. The report also speculated, based on data from Morgan Stanley, that while it took between 6-12 years for 50% households in the US to have access to mobile and desktop internet, it will take only 3 years for the same number of households to become users of AI platforms. Owing to its large demography and internet penetration, India has been a key user-base market for AI companies, the report said. It is the second largest market for ChatGPT, and contributes the highest percentage of its mobile app users (13.5%), ahead of countries like the US (8.9%), and Germany (3%). India is also the third-largest user base (6.9%) for China's homegrown platform DeepSeek, and is behind only China (33.9%) and Russia (9.2%). However, the thing to note here is that ChatGPT, one of DeepSeek's main rivals, is banned in both China and Russia. Indians therefore contribute a substantial user base to DeepSeek, despite the availability of its Western rivals. The report said that two different philosophies in shipping AI models are playing out in parallel – closed and open source. Closed models follow a centralised, capital-intensive arc. These models – like OpenAI's GPT-4 or Anthropic's Claude – are trained within proprietary systems on massive proprietary datasets, requiring months of compute time and millions in spending, it said. They often deliver more capable performance and easier usability, and thus are preferred by enterprises and consumers, and – increasingly – governments. However, the tradeoff is opacity: no access to weights, training data, or fine-tuning methods, the report added. Meanwhile, platforms like Hugging Face have made it frictionless to download open source models like Meta's Llama or Mistral's Mixtral, giving startups, academics, and governments access to frontier-level AI without billion-dollar budgets. 'And China (as of Q2:25) – based on the number of large-scale AI models released – is leading the open-source race, with three large-scale models released in 2025 – DeepSeek-R1, Alibaba Qwen-32B and Baidu Ernie 4.5,' it said. 'The split has consequences. Open-source is fueling sovereign AI initiatives, local language models, and community-led innovation. Closed models, meanwhile, are dominating consumer market share and large enterprise adoption. We're watching two philosophies unfold in parallel – freedom vs. control, speed vs. safety, openness vs. optimization – each shaping not just how AI works, but who gets to wield it,' Meeker said in her report.
