Skip to main content
MIT AI Risk Initiative
BackMalicious use and abuse (cyberattacks)
Home/Risks/G'sell (2024)/Malicious use and abuse (cyberattacks)
Malicious use and abuse (cybercrime)
Malicious use and abuse (biosecurity thr…

Malicious use and abuse (cyberattacks)

Regulating under Uncertainty: Governance Options for Generative AI

G'sell (2024)

SourceDOI
Sub-category
Risk Domain
4Malicious Actors & Misuse
4.2Cyberattacks, weapon development or use, and mass harm

Using AI systems to develop cyber weapons (e.g., by coding cheaper, more effective malware), develop new or enhance existing weapons (e.g., Lethal Autonomous Weapons or chemical, biological, radiological, nuclear, and high-yield explosives), or use weapons to cause mass harm.

"Generative AI can help amplify the frequency and destructiveness of cyberattacks.311 It has the capacity “to increase the accessibility, success rate, scale, speed, stealth, and potency of cyberattacks. It enables the identification of critical vulnerabilities within targeted systems, facilitates the increase of the scale of cyberattacks, and accelerates the process by discovering innovative methods of system infiltration. Cyberattacks can inflict significant damage and may impact critical infrastructure, including electrical grids, financial systems, and weapons management systems."(p. 73)

EntityWho or what caused the harm

Human

Due to a decision or action made by humans

AI system

Due to a decision or action made by an AI system

Other

Due to some other reason or is ambiguous

IntentWhether the harm was intentional or accidental

Intentional

Due to an expected outcome from pursuing a goal

Unintentional

Due to an unexpected outcome from pursuing a goal

Other

Without clearly specifying the intentionality

TimingWhether the risk is pre- or post-deployment

Pre-deployment

Occurring before the AI is deployed

Post-deployment

Occurring after the AI model has been trained and deployed

Other

Without a clearly specified time of occurrence

Other risks from G'sell (2024) (33)

Technical and operational risks

7.3 Lack of capability or robustness
AI systemUnintentionalOther

Technical and operational risks > Technical vulnerabilities (Robustness - unexpected behaviour)

7.3 Lack of capability or robustness
AI systemOtherPost-deployment

Technical and operational risks > Technical vulnerabilities (Robustness - vulnerability to jailbreaking

2.2 AI system security vulnerabilities and attacks
HumanIntentionalPost-deployment

Technical and operational risks > Technical vulnerabilities (The risk of misalignment)

7.1 AI pursuing its own goals in conflict with human goals or values
AI systemOtherPost-deployment

Technical and operational risks > Factually incorrect content (inaccuracies and fabricated sources)

3.1 False or misleading information
AI systemUnintentionalPost-deployment

Technical and operational risks > Opacity (the black box problem)

7.4 Lack of transparency or interpretability
OtherUnintentionalOther
View all 33 risks from this paper →