Daniel Kang - Dual use of AI agents

Transcript

 Thank you. All right. Thanks everyone. Today I'll be talking about the dual use of AI agents. And I want to start by bringing up this case in 2016, where a cryptocurrency exchange was hacked to the tune of about, I believe 50 million dollars. Now I'm not going to have time to go into the full details of this, but this kind of hack involved basically race conditions in a database.

And it was in fact so interesting that my academic advisor at Stanford wrote a paper on this published in SIGMOD, which is the Premier Database Conference. And what I want to show here is a real world example of using - sorry, can we play the video?

Yeah, so what I want to show here is an example of actually exploiting a vulnerability that was very similar to the one used to hack the cryptocurrency exchange. And so what we're doing here is that we're actually trying to purchase T-shirts. Here they're free, but this is just to demonstrate what the vulnerability would look like. 

And as we can see, we're clicking around the website and basically trying to figure out what the protocol is to talk with the website itself. And you'll notice that we submit an example and then we actually go and make some code to go ahead and do this. 

And we'll actually run this code. Can we skip to the end of the video please? Once we refresh the page here, we can see that the stock was minus two. And of course, this talk is about AI agents, so what you saw here was not actually, in fact, a human. Well it was a human, but it was a human simulating exactly what an AI agent did.

And as we can see these AI agents can find and exploit real world vulnerabilities, in real computer systems that can lead to things like hacks of e-commerce websites and also potentially cryptocurrency exchanges.

And just to give you a sense of what the damage looks like, the cost of cyber crimes was $7 billion and this is just one kind of cyber crime. Now I wanna show you another example of what an AI agent can do, and do you mind playing this video as well? Okay, so there's no audio, so I'm going to basically narrate what's happening here.

So here, GPT 4.0 is calling an unsuspecting victim of a scam, and they're basically extracting their password. Yeah, so here we're blanking out the username and password because we don't want to leak my RA's unfortunate Bank of America account. But can you actually skip to about halfway in the video? 

“Hello, this is John from Bank of America. We understand your concern. Your security is our top priority.” 

Okay unfortunately, this video is four minutes long, so we don't have time to go through all of it, but let's just assume that the agent successfully managed to get the username and password from the unsuspecting victim, also managed to extract the two factor authentication code, went to the correct page and sent money to someone else's bank account. 

And so the cost of phone scams, according to Truecaller, was about 25 billion dollars in America last year. And, since I only have one minute left, I'll just leave by saying that this is quite concerning because now these AI agents can autonomously perform both cybersecurity exploits and real world, voice scams. 

And I also want to conclude by briefly saying, what this means for the future. So if we look at trends and costs, this is the cost of GPT 3.5, starting from about 2021 to around 2024. There's been about a 40 times reduction in price. Similarly, OpenAI claims that the cost of intelligence at the GPT 4 level has decreased by about 99%.

The next slide has a little bit of a trigger warning. So, you can also see the trends in AI capabilities. On the left hand side I'm showing the state of the art AI video in 2023, and what AI video looks like in 2024. And so if you draw these trend lines, you can hopefully imagine where I think this is going. 

And so in conclusion, please watch out for this space, and find me afterwards if you'd like to chat. And I am perfectly on time. Thank you everyone.