Home
Periodic TableGlossaryResourcesCourses
Career GuideJob Board
MIT AI Risk RepositoryDashboardObservatoryRegulations
About UsPressContactFAQ
Donate
Back to the MIT repository
4. Malicious Actors & Misuse2 - Post-deployment

Harmful Content Generation at Scale: Fraudulent Services

Malicious actors could leverage advanced AI assistant technology to create deceptive applications and platforms. AI assistants with the ability to produce markup content can assist malicious users with creating fraudulent websites or applications at scale. Unsuspecting users may fall for AI-generated deceptive offers, thus exposing their personal information or devices to risk. Assistants with external tool use and third-party integration can enable fraudulent applications that target widely-used operating systems. These fraudulent services could harvest sensitive information from users, such as credit card numbers, account credentials, or personal data stored on their devices (e.g., contact lists, call logs, and files). This stolen information can be used for identity theft, financial fraud, or other criminal activities. Advanced AI assistants with third-party integrations may also be able to install additional malware on users’ devices, including remote access tools, ransomware, etc. These devices can then be joined to a command-and-control server or botnet and used for further attacks.

Source: MIT AI Risk Repositorymit387

ENTITY

1 - Human

INTENT

1 - Intentional

TIMING

2 - Post-deployment

Risk ID

mit387

Domain lineage

4. Malicious Actors & Misuse

223 mapped risks

4.3 > Fraud, scams, and targeted manipulation

Mitigation strategy

1. Implement robust security controls, such as API Gateways and output filtering, at all AI assistant integration points (especially for external tool use and markup generation) to enforce strict authentication, rate-limiting, and block the generation of malicious content or indirect prompt injection code that could facilitate fraudulent services. 2. Deploy advanced, AI-driven anomaly and behavioral detection systems to monitor user activity and transactions in real-time, specifically to identify and prevent fraudulent operations, synthetic identity usage, and data exfiltration attempts enabled by the deceptive applications. 3. Establish a formal AI Governance Strategy and a continuous AI Risk Mitigation Framework (AIMS) that mandates adversarial testing of models, requires human oversight for critical outputs (e.g., code review before execution), and provides comprehensive, recurring training for employees and users to recognize sophisticated, AI-generated fraud and phishing tactics.