AI chatbots could be used to plan biological attacks: Study
A study by the US-based Rand Corporation reveals that artificial intelligence models behind chatbots could potentially be used in planning bioweapon attacks. The research tested numerous large language models (LLMs) and discovered that they "could assist in the planning and execution of a biological attack." However, the LLMs didn't produce "explicit instructions" for making biological weapons, suggesting that the technology isn't quite ready to directly support bioweapon development.
LLMs are key to AI chatbots like ChatGPT
LLMs, which are trained on massive amounts of internet data, are the driving force behind chatbots like ChatGPT. The specific LLMs tested by Rand weren't revealed, but researchers accessed them via an application programming interface (API). The issue of AI-assisted bioweapons will be taken up at the upcoming global AI safety summit in the UK. In July, Dario Amodei, CEO of AI company Anthropic, cautioned that AI systems might help create bioweapons in just two to three years.
Researchers had to 'jailbreak' LLM systems for their test scenarios
In a test scenario designed by Rand, an anonymized LLM pinpointed potential biological agents like smallpox, anthrax, and plague, and evaluated their likelihood of causing mass casualties. The LLM also considered the feasibility of acquiring plague-infested rodents and transporting live specimens. It mentioned that the death toll from the plague could vary depending on factors like the affected population. To extract this information, researchers had to "jailbreak" the LLM's system, using text prompts to bypass chatbot safety restrictions.
Rand emphasizes the need for rigorous testing of AI models
In another scenario, the LLM discussed delivery methods for botulinum toxin, like foodborne or aerosol, and suggested a cover story for obtaining Clostridium botulinum while "appearing to conduct legitimate research." Rand's initial findings suggest that LLMs could "potentially assist in planning a biological attack." The final report will determine whether the responses simply reflect information already available online. Rand researchers stress the importance of thorough testing of AI models and restricting LLMs' openness to conversations like those in their study.
