Skip to main content
MIT AI Risk Initiative
BackMalicious use and abuse (cybercrime)
Home/Risks/G'sell (2024)/Malicious use and abuse (cybercrime)
Opacity (industry opacity)
Malicious use and abuse (cyberattacks)

Malicious use and abuse (cybercrime)

Regulating under Uncertainty: Governance Options for Generative AI

G'sell (2024)

SourceDOI
Sub-category
Risk Domain
4Malicious Actors & Misuse
4.3Fraud, scams, and targeted manipulation

Using AI systems to gain a personal advantage over others such as through cheating, fraud, scams, blackmail or targeted manipulation of beliefs or behavior. Examples include AI-facilitated plagiarism for research or education, impersonating a trusted or fake individual for illegitimate financial benefit, or creating humiliating or sexual imagery.

"The advanced capabilities and widespread availability of generative AI models make it possible for malicious actors to conduct harmful activities with great efficiency and on a large scale, simultaneously reducing their operational costs. Cybercriminals can “jailbreak” AI tools to generate sensitive and harmful content. They can also exploit generative AI models to create content that is persuasive and tailored to a targeted individual."(p. 72)

EntityWho or what caused the harm

Human

Due to a decision or action made by humans

AI system

Due to a decision or action made by an AI system

Other

Due to some other reason or is ambiguous

IntentWhether the harm was intentional or accidental

Intentional

Due to an expected outcome from pursuing a goal

Unintentional

Due to an unexpected outcome from pursuing a goal

Other

Without clearly specifying the intentionality

TimingWhether the risk is pre- or post-deployment

Pre-deployment

Occurring before the AI is deployed

Post-deployment

Occurring after the AI model has been trained and deployed

Other

Without a clearly specified time of occurrence

Supporting Evidence (1)

1.
"For instance, AI models might deceitfully impersonate individuals whom their victim trusts, with the goal of stealing money or obtaining sensitive information from the victim."(p. 72)

Other risks from G'sell (2024) (33)

Technical and operational risks

7.3 Lack of capability or robustness
AI systemUnintentionalOther

Technical and operational risks > Technical vulnerabilities (Robustness - unexpected behaviour)

7.3 Lack of capability or robustness
AI systemOtherPost-deployment

Technical and operational risks > Technical vulnerabilities (Robustness - vulnerability to jailbreaking

2.2 AI system security vulnerabilities and attacks
HumanIntentionalPost-deployment

Technical and operational risks > Technical vulnerabilities (The risk of misalignment)

7.1 AI pursuing its own goals in conflict with human goals or values
AI systemOtherPost-deployment

Technical and operational risks > Factually incorrect content (inaccuracies and fabricated sources)

3.1 False or misleading information
AI systemUnintentionalPost-deployment

Technical and operational risks > Opacity (the black box problem)

7.4 Lack of transparency or interpretability
OtherUnintentionalOther
View all 33 risks from this paper →