Britain's blind trust in chatbots is playing into Russia's hands
Using technology that has more holes than a Swiss cheese, we've never been in worse shape to enter a new Cold War. And we're about to make it a whole lot worse.
Cyber threats to UK plc have increased sharply in recent months. Late last year the National Cyber Security Centre warned how Russia's APT29 hackers were targeting areas that businesses have left exposed to the internet. But by rushing to install generative AI systems, organisations are exposing more than ever, and making it much easier to reach, too.
No wonder that a third of UK SMEs, some 35pc, now see artificial intelligence as their biggest security headache, even more than malware, phishing and ransomware.
AI attacks are so subtle and imaginative, there should be category for them in the BAFTAs. Let's see how it's done.
In the classic enterprise, it was difficult to access that physical filing cabinet on the finance department's floor. Corporate information was distributed on a strictly need-to-know basis. That model was broadly replicated in the shift to digital: there were hard boundaries and strict permissions.
But now, sloppy process automation dissolves those walls, the obstacles that technology designers put in place. AI agents are threatening to break the 'blood-brain barrier' between applications and the systems they run on, says Meredith Whittaker, who founded Google's Open Research Group, the AI Now Institute, and is now chief executive of Signal.
The consultant-driven fad of 'breaking down silos' of information has made confidential critical data much easier to tap using AI chatbots like Microsoft CoPilot.
Last year at the annual Black Hat security conference, delegates saw how an employee in the HR department of a company – who simply wanted to summarise a couple of corporate documents – punched huge holes in the firewall, allowing hackers direct access to company secrets.
Almost two thirds of business chatbots that organisations thought were private were in reality being exposed to the world at large, the security firm Zenity, which gave the demonstrations, discovered. Today we use malware detection systems to stop malevolent code that has been attached to a Word document: the script is easily detached from the content. But an AI can't distinguish between data and instructions: it just does what it's told.
The big new tech fad of 2025, agentic AI, makes this exponentially worse. AI agents yoke together AIs, so the output of one feeds into another – and set up a sequence of processes triggered by an AI. Whittaker gives us a recognisable example: an AI agent that finds seats at a concert, buys the tickets, books a calendar entry, and emails all your friends to tell them about it. The AI runs riot because we've allowed it to: a high trust system out of place in a low trust world.
With data silos dismantled, and firewalls dissolved, the final coup de grace can then be applied. Which is that using AI, a hacker can steal your secrets, or corrupt the company's data, simply by talking to a chatbot: no technical skills are required. One recent piece of research demonstrated how easy it was.
'We convinced the chatbot it lives in another world,' Etay Maor, chief security strategist at Cato Networks and a professor at Boston College explained to me. As a research experiment, a detailed fictional scenario was created for the AI to inhabit, and once hypnotised, then helped the researcher syphon off personal data out of a Chrome browser.
'It's like putting VR goggles on the chatbot, we're immersing the AI in a different world,' explains Maor. 'We use an AI to write a story, and we send the story to AI telling it: 'This is the world you live in now', and we ask for characters in that world. It then helps us develop the malware.'
Here's the thing: the researcher had never written malware before.
I asked Zenity's founder Michael Bargury recently if the industry was taking security more seriously.
'Even though Microsoft blocked our specific jailbreaks last year, we found new ones within a day – and we keep on being able to remotely take over co-pilots wherever we try: Microsoft Copilot, Gemini, ChatGPT and Character AI's Einstein,' he found.
'It's not that these vendors aren't trying, it's just that it is not a fixable problem,' he says.
That is how the industry has had to cope with malware – it's a problem to mitigate rather than solve. But we are making ourselves more vulnerable than we need to be by rushing out AI poorly.
IT managers are under immense pressure from their directors or the consultant class to do so. So are government departments. The Blair and Schmidt advisers, and Big Tech, promise billions of pounds in savings. But they are salesmen and evangelists, unconcerned by the security concerns. Bargury reminds us that attacking a company that uses AI is easier than ever, by simply sending a Teams message.
Just as it defies belief that a fire at a single electricity substation brought Heathrow to a standstill, it is astonishing to learn that UK plc is increasing its attack surface just as we need stronger defences. All because we have committed a fundamental mistake, confusing the appearance of intelligence for real intelligence.
AI is acquiring the quality of one of Aesop's moral fables, in which a society is tricked into engineering its own demise. All the hackers are doing is preying on our gullibility: our willingness to believe in magic.
Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month with unlimited access to our award-winning website, exclusive app, money-saving offers and more.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
Google Phone app is getting a visual makeover with Android 16's Material 3 Expressive
Material 3 Expressive design, for Android 16, has been spotted on the Phone by Google app. Google's Phone app gets larger elements, new buttons, and more. In-call "More" controls now appear as a pop-up menu. Android 16 is a big release, not just in terms of new features but also because of the overhaul of the operating system's Material Design language. Google is calling it Material 3 Expressive, and the company is already working on introducing the design language to some of its popular apps, including Calendar, Photos, Files, and Meet. It's safe to assume that the Mountain View tech giant will introduce Material 3 Expressive to all its Android apps to ensure design consistency in the operating system. While we're all excited to see how Material 3 Expressive transforms each of the Google apps on Android, we just got a solid look at what the Phone by Google app will look like with Android 16's design, courtesy of Android Authority's APK teardown of the app's version 177.0.763181107-publicbeta-pixel2024. The design makeover was spotted on the incoming call screen and in-call menu. The incoming call screen shows the rounded call button, which still supports the vertical swipe gesture for answering or declining calls. This could be seen as a major hint that the company has no plans to replace the vertical swipe with a horizontal swipe and simple tap-to-answer/decline buttons. Image source: Android Authority The in-call screen also shows a new animation for the profile picture of the caller. However, the animation disappears when you receive the call, with the screen showing the name, phone number, profile picture, buttons, and menu, all of which appear bigger than the current ones. The in-call screen is much more than changes in size. The shape of the in-call buttons also changed from round to oval. These buttons change shape to a rounded square upon pressing. We don't see any new buttons, but there is a noteworthy change in how the "More" menu appears. Currently, the "More" button reveals additional control options, including "Add call," Video call," and "Hold," all of which appear in the same container as the other buttons. But with Material 3 Expressive, the additional controls now appear in a pop-up style menu, appearing just above those buttons. Another major change we can spot is the redesigned reject call button, which is now pill-shaped and not rounded. Again, all these changes are currently going through the internal testing phase and are not available to general users. As much as we'd love to see them on the Phone app, there is no clarity about when they will be available. We expect the redesign to be available before Material 3 Expressive is rolled out to Pixel phones via a Feature drop later in the year. Phone by Google Google LLC TOOLS Price: Free 4.5 Download
Bloomberg
2 hours ago
- Bloomberg
Ads Ruined Social Media. Now They're Coming to AI.
Chatbots might hallucinate and sprinkle too much flattery on their users — 'That's a fascinating question!' one recently told me — but at least the subscription model that underpins them is healthy for our wellbeing. Many Americans pay about $20 a month to use the premium versions of OpenAI's ChatGPT, Google's Gemini Pro or Anthropic's Claude, and the result is that the products are designed to provide maximum utility. Don't expect this status quo to last. Subscription revenue has a limit, and Anthropic's new $200-a-month 'Max' tier suggests even the most popular models are under pressure to find new revenue streams.
Yahoo
2 hours ago
- Yahoo
Everything you need to know from Google I/O 2025
From the opening AI-influenced intro video set to "You Get What You Give" by New Radicals to CEO Sundar Pichai's sign-off, Google I/O 2025 was packed with news and updates for the tech giant and its products. And when we say packed, we mean it, as this year's Google I/O clocked in at nearly two hours long. During that time, Google shared some big wins for its AI products, such as Gemini topping various categories on the LMArena leaderboard. Another example that Google seemed really proud of was the fact that Gemini completed Pokémon Blue a few weeks ago. But, we know what you're really here for: Product updates and new product announcements. Aside from a few braggadocious moments, Google spent most of those 117 minutes talking about what's coming out next. Google I/O mixes consumer-facing product announcements with more developer-oriented ones, from the latest Gmail updates to Google's powerful new chip, Ironwood, coming to Google Cloud customers later this year. We're going to break down what product updates and announcements you need to know from the full two-hour event, so you can walk away with all the takeaways without spending the same time it takes to watch a major motion picture to learn about them. Before we dive in though, here's the most shocking news out of Google I/O: The subscription pricing that Google has for its Google AI Ultra plan. While Google provides a base subscription at $19.99 per month, the Ultra plan comes in at a whopping $249.99 per month for its entire suite of products with the highest rate limits available. Google tucked away what will easily be its most visible feature way too far back into the event, but we'll surface it to the top. At Google I/O, Google announced that the new AI Mode feature for Google Search is launching today to everyone in the United States. Basically, it will allow users to use Google's search feature but with longer, more complex queries. Using a "query fan-out technique," AI Mode will be able to break a search into multiple parts in order to process each part of the query, then pull all the information together to present to the user. Google says AI Mode "checks its work" too, but its unclear at this time exactly what that means. Google announces AI Mode in Google Search Credit: Google AI Mode is available now. Later in the summer, Google will launch Personal Context in AI Mode, which will make suggestions based on a user's past searches and other contextual information about the user from other Google products like Gmail. In addition, other new features will soon come to AI Mode, such as Deep Search, which can dive deeper into queries by searching through multiple websites, and data visualization features, which can take the search results and present them in a visual graph when applicable. According to Google, its AI overviews in search are viewed by 1.5 billion users every month, so AI Mode clearly has the largest potential user base out of all of Google's announcements today. Out of all the announcements at the event, these AI shopping features seemed to spark the biggest reaction from Google I/O live attendees. Connected to AI Mode, Google showed off its Shopping Graph, which includes more than 50 billion products globally. Users can just describe the type of product they are looking for – say a specific type of couch, and Google will present options that match that description. Google AI Shopping Credit: Google Google also had a significant presentation that showed its presenter upload a photo of themselves so that AI could create a visual of what she'd look like in a dress. This virtual try-on feature will be available in Google Labs, and it's the IRL version of Cher's Clueless closet. The presenter was then able to use an AI shopping agent to keep tabs on the item's availability and track its price. When the price dropped, the user received a notification of the pricing change. Google said users will be able to try on different looks via AI in Google Labs starting today. Google's long-awaited post-Google Glass AR/VR plans were finally presented at Google I/O. The company also unveiled a number of wearable products utilizing its AR/VR operating system, Android XR. One important part of the Android XR announcement is that Google seems to understand the different use cases for an immersive headset and an on-the-go pair of smartglasses and have built Android XR to accommodate that. While Samsung has previously teased its Project Moohan XR headset, Google I/O marked the first time that Google revealed the product, which is being built in partnership with the mobile giant and chipmaker Qualcomm. Google shared that the Project Moohan headset should be available later this year. Project Moohan Credit: Google In addition to the XR headset, Google announced Glasses with Android XR, smartglasses that incorporate a camera, speakers, and in-lens display that connect with a user's smartphone. Unlike Google Glass, these smart glasses will incorporate more fashionable looks thanks to partnerships with Gentle Monster and Warby Parker. Google shared that developers will be able to start developing for Glasses starting next year, so it's likely that a release date for the smartglasses will follow after that. Easily the star of Google I/O 2025 was the company's AI model, Gemini. Google announced a new updated Gemini 2.5 Pro, which it says is its most powerful model yet. The company showed Gemini 2.5 Pro being used to turn sketches into full applications in a demo. Along with that, Google introduced Gemini 2.5 Flash, which is a more affordable version of the powerful Pro model. The latter will be released in early June with the former coming out soon after. Google also revealed Gemini 2.5 Pro Deep Think for complex math and coding, which will only be available to "trusted testers" at first. Speaking of coding, Google shared its asynchronous coding agent Jules, which is currently in public beta. Developers will be able to utilize Jules in order to tackle codebase tasks and modify files. Jules coding agent Credit: Google Developers will also have access to a new Native Audio Output text-to-speech model which can replicate the same voice in different languages. The Gemini app will soon see a new Agent Mode, bringing users an AI agent who can research and complete tasks based on a user's prompts. Gemini will also be deeply integrated into Google products like Workspace with Personalized Smart Replies. Gemini will use personal context via documents, emails, and more from across a user's Google apps in order to match their tone, voice, and style in order to generate automatic replies. Workspace users will find the feature available in Gmail this summer. Other features announced for Gemini include Deep Research, which lets users upload their own files to guide the AI agent when asking questions, and Gemini in Chrome, an AI Assistant that answers queries using the context on the web page that a user is on. The latter feature is rolling out this week for Gemini subscribers in the U.S. Google intends to bring Gemini to all of its devices, including smartwatches, smart cars, and smart TVs. Gemini's AI assistant capabilities and language model updates were only a small piece of Google's broader AI puzzle. The company had a slew of generative AI announcements to make too. Google announced Imagen 4, its latest image generation model. According to Google, Imagen 4 provides richer details and better visuals. In addition, Imagen 4 is apparently much better at generating text and typography in its graphics. This is an area which AI models are notoriously bad at, so Imagen 4 appears to be a big step forward. Flow AI video tool Credit: Google A new video generation model, Veo 3, was also unveiled with a video generation tool called Flow. Google claims Veo 3 has a stronger understanding of physics when generating scenes and can also create accompanying sound effects, background noise, and dialogue. Both Veo 3 and Flow are available today alongside a new generative music model called Lyria 2. Google I/O also saw the debut of Gemini Canvas, which Google describes as a co-creation platform. Another big announcement out of Google I/O: Project Starline is no more. Google's immersive communication project will now be known as Google Beam, an AI-first communication platform. As part of Google Beam, Google announced Google Meet translations, which basically provides real-time speech translation during meetings on the platform. AI will be able to match a speaker's voice and tone, so it sounds like the translation is coming directly from them. Google Meet translations are available in English and Spanish starting today with more language on the way in the coming weeks. Google Meet translations Credit: Google Google also had another work-in-progress project to tease under Google Beam: A 3-D conferencing platform that uses multiple cameras to capture a user from different angles in order to render the individual on a 3-D light-field display. While Project Starline may have undergone a name change, it appears Project Astra is still kicking it at Google, at least for now. Project Astra is Google's real-world universal AI assistant and Google had plenty to announce as part of it. Gemini Live is a new AI assistant feature that can interact with a user's surroundings via their mobile device's camera and audio input. Users can ask Gemini Live questions about what they're capturing on camera and the AI assistant will be able to answer queries based on those visuals. According to Google, Gemini Live is rolling out today to Gemini users. Gemini Live Credit: Google It appears Google has plans to implement Project Astra's live AI capabilities into Google Search's AI mode as a Google Lens visual search enhancement. Google also highlighted some of its hopes for Gemini Live, such as being able to help as an accessibility tool for those with disabilities. Another one of Google's AI projects is an AI agent that can interact with the web in order to complete tasks for the user known as Project Mariner. While Project Mariner was previously announced late last year, Google had some updates such as a multi-tasking feature which would allow an AI agent to work on up to 10 different tasks simultaneously. Another new feature is Teach and Repeat, which would provide the AI agent with the ability to learn from previously completed tasks in order to complete similar ones without the need for the same detailed direction in the future. Google announced plans to bring these agentic AI capabilities to Chrome, Google Search via AI Mode, and the Gemini app.
