Hackers from Russia, China, and Iran have been using tools from Microsoft-backed OpenAI to hone their skills and trick their targets, according to a report published on Wednesday.
Microsoft MSFT.O, opens new tab said in its report it had tracked hacking groups affiliated with Russian military intelligence, Iran’s Revolutionary Guard, and the Chinese and North Korean governments as they tried to perfect their hacking campaigns using large language models.
Those computer programs, often called artificial intelligence, draw on massive amounts of text to generate human-sounding responses.
The company announced the find as it rolled out a blanket ban on state-backed hacking groups using its AI products.
“Independent of whether there’s any violation of the law or any violation of terms of service, we just don’t want those actors that we’ve identified – that we track and know are threat actors of various kinds – we don’t want them to have access to this technology,” Microsoft VP for Customer Security Tom Burt told Reuters in an interview ahead of the report’s release.
Russian, North Korean and Iranian diplomatic officials didn’t immediately return messages seeking comment on the allegations.
China’s U.S. embassy spokesperson Liu Pengyu said it opposed “groundless smears and accusations against China” and advocated for the “safe, reliable and controllable” deployment of AI technology to “enhance the common well-being of all mankind.”
The allegation that state-backed hackers have been caught using AI tools to help boost their spying capabilities is likely to underline concerns about the rapid proliferation of the technology and its potential for abuse. Senior cybersecurity officials in the West have been warning since last year that rogue actors were abusing such tools, although specifics have, until now, been thin on the ground.
“This is one of the first, if not the first, instances of a AI company coming out and discussing publicly how cyber security threat actors use AI technologies,” said Bob Rotsted, who leads cyber security threat intelligence at OpenAI.
OpenAI and Microsoft described the hackers’ use of their AI tools as “early-stage” and “incremental.” Burt said neither had seen cyber spies make any breakthroughs.
“We really saw them just using this technology like any other user,” he said.