From Apple finalizing a deal with OpenAI for ChatGPT iPhone integration, to the dating app Bumble integrating a dating AI “concierge” for its users, to AI-powered, wearable pins and glasses that serve as smartphone alternatives, the applications for AI are coming at everyone fast these days.
And with all these new AI tools and apps comes a boatload of security headaches.
“What you are dealing with, especially looking around at content security, what’s super scary about [AI wearables], Is you’re basically allowing somebody to walk into your organization and record everything,” Justin Whitehead, chief chaos officer for cybersecurity firm ConvergentDS said, speaking at the recent CDSA Summit at IBC. Even if your good about using watermarks on your content, it’s all for naught if someone is right there recording as the content is being made.
Whitehead’s and ConvergentDS’s CTO Ben Stanbury’s presentation — “Using AI Tools to Make us Safer” — offered attendees a better understanding of what security risks to look for when using AI tools in the M&E production supply chain. And boy are they varied.
Not only are those AI glasses a massive content leak waiting to happen, if the glasses aren’t properly secured, they’re a ripe target for hackers, with unauthorized individuals accessing recorded footage, voice commands, any number of points of sensitive information. The unauthorized data collection concerns alone are enough to keep a cybersecurity head up at night.
“The devices are being put out there so quickly, that some of the things that you guys are going to have to compete against are going to be [happening] on a daily basis,” Whitehead said.
Just look at the news for real-life AI headaches for the media and entertainment industry: A North Carolina musician was charged with using AI to create hundreds of thousands of songs that he streamed billions of times to rake in roughly $10 million in royalty payments. Singapore is looking at banning deepfakes and other digitally manipulated content of political candidates during elections because the technology has gotten so out of hand.
Generative AI is being used to create content and impersonate individuals in wire fraud schemes. And, worldwide, content has simply become too difficult to determine which is
truth and which is satire.
The threats around AI are familiar to cybersecurity experts: prompt injections, insecure output handling, data leakage, DDoS, insecure plugins, permission issues. Hackers can use AI to backdoor into computers, using the right prompts and some Chinese characters. Attackers are modifying training data to manipulate AI model behavior. You can tell AI you’re someone you’re not and convince it to allow access to all sorts of things.
You can even confuse some AI and trick it into coughing up privileged data, just by repeating the same word (“cool”) at it over, and over, and over again.
“Some of the use of AI and web sites [are] taking backend data, collecting what’s been on my computer, and it’s [determining my gender], it’s making it more feminine, it’s making it more masculine, it’s writing it more at a CTO level, it’s writing it more at a CEO level,” Whitehead said.
Fortunately, there’s solutions that can be thrown up against this horde of AI intrusions, including input validation and sanitization, role-based access control, secure prompt design, regular expression checks, and crucially, constant monitoring. And regular audits and assessments don’t hurt either.
To watch the full presentation, click here. To view the presentation slide deck, click here.
All presentations from the Sept. 13 CDSA at IBC event, including from AMD’s John Canning, Ben Schofield, technical director of CDSA, Hollie Choi, managing director of the Entertainment ID Registry Association (EIDR), and more, can be found here.
The Content Delivery & Security Association (CDSA) will host its next event, the CDSA Summit Los Angeles, on Dec. 9, with a special event for CDSA members the following day.
The theme of the Dec. 9 summit will be “Where AI and Content Protection Converge.” For more information about the CDSA Summit Los Angeles click here.
For sponsorship and speaker inquiries, email secretariat@CDSAonline.org
