What is Morris II AI Worm? How Does It Steal Private Data and Impact ChatGPT & Gemini?

A group of researchers from Ivy League University created a computer virus capable of exploiting Gemini Pro and the GPT-4. Morris II, the AI worm, has sent ripples through the cybersecurity landscape. 

Read this article to know all about this computer worm, which leverages the power of generative AI (GenAI) to steal private data and potentially spread malware.

What is the Morris II AI Worm?

Morris II is the new AI worm that poses a significant threat to data security. It is named after the infamous Morris worm of 1988 and is a proof-of-concept research project designed to showcase the vulnerabilities of AI-powered systems. Unlike traditional worms that exploit software loopholes, Morris II takes advantage of the inherent functionalities of GenAI models.

This new worm can extract sensitive information such as contact information and addresses, and the users are not even aware of their data being stolen. It encourages the AI system to deliver them to new agents by exploiting the connectivity within the Gen AI ecosystem.

Anthropic Claude 3 vs ChatGPT 4 vs Gemini Ultra 1.0: What are the Key Differences?

How does it work?

The Morris II AI worm easily navigates through AI systems without being detected. The two primary tactics involved are:

Adversarial Self-Replication: It creates special prompts disguised as normal user requests. When processed by GenAI models powering email assistants, these prompts trick the system into generating malicious content. The attack can spread even further by sending emails containing this generated content, which frequently contains the worm itself.

Data Exfiltration: Morris II can also analyse incoming and outgoing emails to identify sensitive information like credit card details, login credentials, and personal messages. This stolen data can then be exfiltrated from the system for malicious purposes.

How to Use Gemini AI in Google Docs, Sheets, Slides, Gmail, and Drive?

What is the impact of the Morris II worm on ChatGPT and Gemini?

Morris II focuses on GenAI models like ChatGPT and Gemini in particular. They can be manipulated with well-crafted prompts because of their accessibility via email assistants and APIs.

The proliferation of Morris II could lead to several concerning scenarios, including widespread data breaches, spam and malware propagation, and erosion of trust in AI. It crafts inputs that, when processed by models like Gemini, replicate themselves and perform malicious activities.

At present, Morris II is a research project and is not known to be actively circulating in the wild. However, it serves as a stark reminder of the potential vulnerabilities inherent in AI systems and the need for robust security measures. By understanding its mechanics and potential impact, developers and users can work together to build a more secure future for AI-powered technologies.

Anthropic Releases Claude 3: How Is It Better Than Open AI GPT-4 and Google Gemini?