Or has something changed recently?
The main difference is that AI extension, by design, send the content of the pages you browse to a server.
A malicious "calculator" extension could also send all the content to a server, and extension users don't really have an idea of what each extension is actually doing.
So skip the "Malware posing as AI browser extension" section, it's same kind of security issues as a malware calculator extension.
The legitimate AI extension's problems are more interesting.
Article wastes a bit more time on other security issues you get from using AI LLM in general. Those apply whether you're using a browser extension or chat.openai.com directly.
The valid point that applies to narrowly AI browser extension are:
1) it could send sensitive data you wouldn't have sent otherwise. Most people would know what they're doing when they explicitly paste the stuff on chat.openai.com. But when it's now automated via the extension DOM scraping, it's a bit harder to realize how much you're giving away.
2) And the hidden text prompt injection. That's interesting as now your attacker could be the website you browse, if you have configured too many plugins (Zapier plugin giving access to your email)
These 2 parts of TFA are imo novel security issues that only exist with AI browser extension, and are interesting.
The risks listed in the article itself mostly seem to fall under the same, non-AI-extension, core problem of "you're given them all your data." And that's a risk for non-AI-based extensions too, but if you look at the code of an AI one, it's gonna be obvious that it's shipping it off to a third party server, right? And once that happens... you can't un-close that door.
(The risks about copyright and such of content you generate by using AI tools are interesting and different, but I don't know that I'd call them security ones.)
The prompt injection one is pretty interesting, but still seems to fall under "traditional" plugin security issues: if you authorize a plugin to read everything on your screen, AND have full integration with your email, or whatever, then... that's a huge risk. The AI/injection part makes it triggerable by a third-party, which certainly raises the alarm level a lot, but also: bad idea, period, IMO.
Without this feature, extensions will keep insisting they need access, and the user will eventually fall for it.
Why is the security policy for extensions still not architected like other web permissions?
There has been a shift on mobile already from "take it or leave it"-style permissions on install towards more fine grained control not overidable by the app manifest.
I think Browser extensions should behave similarly. Especially when it comes to which origins an extensions is allowed to act on.
The user should be able to restrict this regardless of the manifest, even forced to do.
Extensions that need to act on all or an unknown set of origins should require a big and scary prompt after installation, regardless of what the user agrees to during installation.
I say this as a happy user of uBlock origin and React DevTools.
But for the common user the default should be to deny permissions and require user interaction.
so they're not a total security nightmare if they're only authorized to run on sites where you don't enter any private data. for example, looking through my extensions list, the py3redirect that autmatically redirects python2 documentation pages to python3 pages doesn't request access to anything other than python.org.
but otherwise, yeah, you're giving permission to execute arbitrary code on any website you visit, which is about as compromised as your browser can get.
I'm really tired of reading stuff like this above. Seriously, AI is a disruptive tech and some people will oppose any change, but this is too much. All of the "security issues" mentioned in the article are true for browser extensions,and perhaps even software in general.
Then the author talks about "copyright mess" just before describing how it is pretty much resolved in their company (copilot banned).
The only real "problem with AI" is really a "problem with cloud" or more precisely "problem with people's lack of understanding of it". Average people should be interested in finding software alternatives that don't undermine their privacy.
For example look at AI image up scaling. Every single android app other than mine sends user's images to a server somewhere. Are those images retained? Are they scanned for whatever "legal purposes" the maker deems adequate? No one knows. No one cares. Well specifically in the entire world about 90 people seem to care.
Why 90 people? Because that's how many users my android app has 6 months after release. (the app does all processing locally, free version is ad supported, paid version can be used 100% offline).
This is like handing out footgun coupons to all citizens who become "of age" and saying it's cool cause they were already legally allowed to buy footguns.
I'm sorry for the off-topic comment, but why do I keep seeing this? What am I missing here – is it that some people define intelligence as >= human, or that LLM are not intelligence because they're *just* statistical models?
Currently, most mentions of AI, outside of a proper technical discussion, are coming from crypto-tier grifters and starry-eyed suckers. Even further, a lot of discussions from otherwise technical people are sci-fi-tier fearmongering about some ostensible Skynet, or something, it's not quite clear, but it's clearly quite cringe. The latter is one of the many calibers of ammunition being used by AI incumbents to dig regulatory moats for themselves.
Anyway, I understand why the author is distinguishing himself with his LLM...AI disclaimer, given the above.
It feels a bit wrong to me, because as you say it's arguably a grift, in this case on the taxpayer who funds science grants. More charitably it might just be the applicant admitting that they have no idea what they are doing, and the funding agency seeing this as a good chance to explore the unknown. Still, unless the field is AI research (mine isn't) it seems like funding agencies should giving money to people who understand their tools.
If you pull up the TOC for an AI textbook, you'll find lots of things that aren't "intelligent". Machine learning is just a subset of it. I recall a professor in the AI department back in the 90s working on describing the shape of an object from a photograph (image to text) based on a number of tools (edge detection was one paper I recall).
Also in AI is writing a deductive first order logic solver is covered in there as are min-max trees and constraint satisfaction problems.
https://www.cs.ubc.ca/~poole/ci/contents.html (note chapter 4)
https://www.wiley.com/en-us/Mathematical+Methods+in+Artifici...
People are trying to put a box around "AI" to mean a particular thing - maybe they want AI to mean "artificial general intelligence" rather than all the things that are covered in the intro to AI class in college.
I ultimately believe that trying to use a term that has been very broad for decades to apply to only a small subset of the domain is going to end up being a fruitless Scotsman tilting at windmills.
... And you know what, I think it does a pretty good job at being intelligent. https://chat.openai.com/share/01d760b3-4171-4e28-a23b-0b6565...
True intelligence is, of course, definitionally the ability to do things like art or… err, wait, sorry, I haven’t checked recently, where have we put the goalposts nowadays?
It’s unsurprising that creating machines that seem to do some stuff very intelligently and some other things not very intelligently at all is causing some discontent with regard to our language.
I see a whole lot more gnashing of teeth about goalposts moving than I do about people proposing actual solid goalposts.
So what’s your definition?
Its denoising software.
Now some people don't like using the term AI for soft/weak/narrow AI, because it's a fleeting definition, mostly applied to things that are novel and that we didn't think computers were able to do. Playing chess used to be considered AI, but a short time after AI beat the human chess world master it was no longer considered AI. If you buy a chess computer capable of beating Magnus Carlsen today that's considered a clever algorithm, no longer AI. You see the same thing playing out in real time right now with LLMs, where they go from AI to "just algorithms" in record time.
“What do you mean it’s not intelligent?! It passed Test X!”
“Yes and now that tells us Test X was not a good test for whatever it is we refer to as ‘intelligence’”
This is exactly it for me.
As much as chatgpt doesnt want to give you answers because the fuzziness, it has the ability to make judgements on things like "This is the best" or "This is the worst".
Ofc with bias.
I just want to say that this seems to be how many, if not most people define intelligence internally. If an LLM gets something wrong or doesn't know something, then it must be completely unintelligent. (as if humans never get anything wrong!)
LLMs do a whole lot of “wrong in a way that indicates it is not ‘thinking’ the way an intelligent human would.”
The user interface to Chat GPT and similar tools, though, has made a lot of people think that gap is gone, and that instead of thinking they are using an AI tool in the technical sense, they now think they're talking to a full-fledged other being in the sci-fi sense; that that idea has now come true.
So a lot of people are careful to distinguish the one from the other in their writing.
An intelligent thing should easily generalize in these situations but LLMs fail to. I use GPT4 every day and I frequently encounter this kind of thing.
It seems to me that the perceived difference is mostly in being able to admit that you don't know something, rather than make up an answer -- but making up an answer is still something that humans do sometimes.
Just like some people define stupid as <= them. Aptitude is a multivariate spectra. It is already hard to come up with a cutoff on a single measure, way harder to do so for a bunch of different skills that for some reason happen to correlate in humans (and sometimes they diverge wildly as in the case of savant syndrome).
Also, that huge 4.7MB image in the head of the article...
Edit: Wow! I just tried loading the page and see that the ridiculously large image still loads. That’s a particularly obnoxious website: the image’s HTTP header says that its Content-Length is 0 so it still gets downloaded by the browser.
Alternatively, maybe anti-virus software can phone home to get on-the-fly advice.
Modern antivirus software already does this, more or less. It's usually called something like "cloud scanning."
My takeaway lesson is that the permissions model for extensions is confusing and nearly useless.
[1] https://chrome.google.com/webstore/detail/obscura/nhlkgnilpm...
For example, a web clipper operates on multiple domains, but it can avoid it by using activetab permission instead and then offering optional permissions if it wants when you click on the clipper extension icon.
If you want something to be done automatically on multiple domains, this is not possible without that permission. Not unless you want to annoy users with prompts.
But I think at the moment it's easier to get someone to install an extension as long it mentions GPT or AI.
In case you're not joking
