Risk No 1
Cyber insecure AI
Recently the IIT Alumni incubator ran a competition on identifying technologies to control rogue technologies. There are several rogue technologies which are widely identified. These range from engineered viruses like Covid 19 to agentic AI and self programming killer drones to cyanide tipped micro needles shot from smartphones. Our police, army, coast guard and border security forces are virtually helpless against these. So are our laws. If a self programming, fully autonomous drone chooses to fly in front of a person in a cinema hall and shoot a cyanide tipped micro needle (u won’t even feel it) – who do you catch (actually you may be dead) – and under what section of the penal code. Where is the murder weapon ? Who is the murderer.
But one technology that stood out as the most dangerous is one which involves using a cyber attack to take over an ai system and make it go rogue. At a simplistic level it may take over Siri or Alexa or Google in your smartphone and turn your smartphone into a device which starts spying on you. This is far more lethal than someone planting a bug in your bedroom. Here it is your hardware, your internet connection being used to spy 24/7 on you. In a few days the ai will know everything about you including your finances, your routes, your diet details and all kinds of things you don’t want anyone to know about.
Conventional cybersecurity audits and protocols are just not good enough for ai. Because a hacked ai in your system or city or country can do way way more harm than anything we have seen to date.
Yet we have no cyber security audit requirements for ai. All kinds of entities from garage startups to clueless IT majors are doing ai systems. Without a clue about how they will control these systems if they go rogue.
All our top ten IT services companies are essentially labour contractors. They do services which is a polite word for providing labour. They are incapable of the rigour required to deliver a global class product. They fail in every department – from UI and UX to cybersecurity and digital marketing. In short, our technology sector is technology free. And essentially resellers for the global tech majors. Value added or value depleting – I am not so sure.
The threat of a cyber attack on your agentic ai can be far more serious than an attack on your website or file server. It could initiate a nuclear war or worse – a bio attack on your own citizens. It took less than one kg of covid19 to bring mankind to its knees. AI may make your own biotech laboratories create the viruses which will become instruments of mass murder.
Cyber security needs a whole new relook.