A hacker believed to be a private individual gained access to OpenAI’s internal messaging systems early last year and stole details about the design of ChatGPT has raised fears that the nation's adversaries could do the same.
The fears are real as SC Media reported in February that a growing interest in ChatGPT among U.S. adversaries. The SC story was based on Microsoft research and said state-sponsored hacking organizations from Russia, China, Iran, and North Korea regularly use ChatGPT for their intelligence work.
The New York Times reported July 4 that two people familiar with the incident who requested anonymity said OpenAI disclosed the incident to employees during an open meeting in April 2023 and also informed the company’s board of directors.
OpenAI’s executives did not share the news with the public because no information about customers or partners were stolen and the execs believed the hacker was a private individual with no known ties to foreign governments, said the sources. The company also did not share the incident with the FBI or anyone else in law enforcement.
“While the details of the alleged incident are not yet confirmed by OpenAI, there’s a strong possibility that the incident actually took place and is not the only one,” said Ilia Kolochenko, chief executive officer at ImmuniWeb. “The global AI race has become a matter of national security for many countries, therefore, state-backed cybercrime groups and mercenaries are aggressively targeting AI vendors, from talented startups to tech giants like Google or OpenAI.”
Kolochenko said the hackers mostly focus their efforts on the theft of valuable intellectual property including technological research and know-how, LLM models, sources of training data, as well as commercial information such as AI vendors’ clients and novel use of AI across different industries.
“More sophisticated cyber-threat actors may also implant stealthy backdoors to continually control breached AI companies, and to be able to suddenly disrupt or even shut down their operations, similar to the large-scale hacking campaigns targeting critical national infrastructure in Western countries recently,” said Kolochenko.
