Privacy
OpenAI’s GPT-3 was designed to be dicult to extract personal information from, including for example public gures’ dates of birth. Even so, malicious uses of AI continue to encroach on privacy, as exemplied by China’s “Sharp Eye” automated surveillance system [551] and automated cyberattacks on personal data [354]. A more drastic form of AI-enabled surveillance could be on the way in the form of nonsurgical decoding of thoughts [54]—a technique which is reportedly already used by some police forces [398].
ENTITY
1 - Human
INTENT
1 - Intentional
TIMING
2 - Post-deployment
Risk ID
mit877
Domain lineage
4. Malicious Actors & Misuse
4.1 > Disinformation, surveillance, and influence at scale
Mitigation strategy
1. Prioritize Privacy-Enhancing Architectures Implement data minimization, anonymization, and pseudonymization techniques during AI system design, coupled with end-to-end encryption for data both in transit and at rest, to fundamentally reduce the exposure surface for personal information and ensure data is not personally identifiable. 2. Deploy Robust AI-Specific Security Guardrails Establish and enforce technical safeguards, such as dual-sided (input and output) guardrail systems and adversarial testing, across all deployed models, particularly large language models, to prevent the generation of malicious code, sensitive data leakage, and the circumvention of safety or ethical controls. 3. Establish Continuous Behavioral Monitoring and Auditing Utilize User and Entity Behavior Analytics (UEBA) and comprehensive Data Loss Prevention (DLP) frameworks to continuously monitor user and system access logs for anomalous behavior, data exfiltration attempts, and unapproved surveillance activity to ensure the prompt detection and mitigation of automated cyberattacks.