Unearthing the Dark Side: AI Chatbots and Biosecurity Research

According to a study conducted by a think-tank in the United States, it has been suggested that the utilization of artificial intelligence models in chatbots has the potential to facilitate the strategic planning of a biological weapon assault.

On Monday, the Rand Corporation published a research in which it conducted an evaluation of various LLMs. The study revealed that these models possess the capability to provide instructions that might potentially aid in the strategic preparation and implementation of a biological strike. Nevertheless, the initial results also indicated that the LLMs did not produce unambiguous biological directives pertaining to the production of weaponry.

According to the research, prior endeavors to militarize biological agents, such as the Japanese Aum Shinrikyo cult’s endeavor to employ botulinum toxin in the 1990s, proved unsuccessful due to a deficient comprehension of the bacterium. The research also indicates that artificial intelligence has the potential to effectively address and close knowledge gaps in a prompt manner. The specific LLMs that were tested were not specified in the report.

The forthcoming global AI safety meeting in the United Kingdom will address the significant concern of bioweapons as one of the hazards associated with artificial intelligence. In a statement made in July, Dario Amodei, the Chief Executive Officer of Anthropic, an artificial intelligence (AI) company, expressed concern about the potential for AI systems to contribute to the development of bioweapons within a timeframe of two to three years.

“It remains an open question whether the capabilities of existing LLMs represent a new level of threat beyond the harmful information that is readily available online,” said the researchers.

LLMs, or large language models, undergo training using extensive datasets sourced from the internet. They serve as a fundamental technology supporting chatbots like ChatGPT. Although the specific LLMs utilized by Rand were not disclosed, it was noted by researchers that they were able to access these models via an application programming interface (API).

In a test scenario devised by Rand, the anonymized LLM successfully identified various probable biological agents, such as those responsible for smallpox, anthrax, and plague. Additionally, the LLM engaged in a discussion regarding the comparative probabilities of these agents causing widespread fatalities. The LLM also evaluated the feasibility of acquiring rats or fleas infected with the plague and transferring them as live specimens.

Subsequently, the text proceeded to indicate that the magnitude of anticipated fatalities is contingent upon variables such as the magnitude of the impacted populace and the relative prevalence of pneumonic plague cases, which is characterized by a higher fatality rate compared to bubonic plague.

The researchers at Rand acknowledged that the process of obtaining this data from an LLM necessitated jailbreaking. Jailbreaking is actually a phrase used to describe the utilization of text prompts that bypass the safety limitations of a chatbot.

In an alternative scenario, the unidentified LLM examined the advantages and disadvantages associated with several modes of administering the botulinum toxin, a substance known to induce potentially lethal nerve impairment, including ingestion through food or dispersion as aerosols. The LLM also provided guidance on a potentially credible pretext for obtaining Clostridium botulinum under the guise of doing genuine scientific research.

Check Out: OpenAI Sued by Authors for Alleged Unlawful ‘Ingestion’ of Books.

The LLM answer suggested incorporating the acquisition of C. botulinum into a research endeavor focused on exploring diagnostic techniques. The LLM response stated that this approach would offer a valid and persuasive justification for seeking access to the bacterium, while also concealing the actual objective of the mission.

According to the researchers, their initial findings suggest that LLMs have the ability to aid in the strategic organization of a biological assault. The authors indicated that their ultimate analysis would investigate whether the responses merely replicated preexisting material accessible on the internet.

Nevertheless, the researchers from Rand emphasized the obvious necessity for rigorous testing of models. It has been suggested that AI businesses should restrict the extent of openness in language models. It is specifically in relation to the types of discussions outlined in their paper.

Read Also: OpenAI’s First Developer Conference, DevDay To Be Held on November 6- What You Need to Know.