A counterterrorism memo reviewed by WIRED and distributed last year by Ohio law enforcement agencies warns that malicious actors have been very successful in “jailbreaking” popular artificial intelligence tools. “These jailbreaks, in addition to chatbot account credentials, are now being sold and shared on online forums such as Telegram, making them easier for a wider range of entities to access.” Analysts have identified several popular security exploits known as flash injections. Well-known ones include the DAN (“Do Everything Now”) prompt, which was made freely available on GitHub, “along with others such as the Evil-Bot and STAN (“Try to Avoid Norms”) prompts.
“Each of these prompts uses a tactic known as a ‘role-playing’ training model, in which users ask the chatbot to answer questions as if it were another chatbot – one that is not subject to the ethical constraints of ChatGPT,” the note reads. The note also highlights the use of the “Skeleton Key”, a novel form of prison break reported by Microsoft last spring.
Another memo to police issued by intelligence analysts at the Department of Homeland Security similarly stated that violent extremists in the US immediately used injections to disable protections installed in popular artificial intelligence tools such as ChatGPT. Analysts warned last spring that illicit AI products had been deployed to “generate bomb-making instructions” and provide “information on how to attack electrical substations,” a common occurrence.
“The attack on the energy sector has always been at the forefront of the minds of domestic terrorists. This is their main target of attack; they see it as a direct path to realizing their twisted dream of civil war,” says Seamus Hughes, a researcher at NCITE, an academic center for counterterrorism and technology at the University of Nebraska at Omaha.
“We have also seen the use of artificial intelligence as a key tool in lowering the bar to engage in an attack,” says Hughes, “by assisting with plot planning, providing ideas for violent actions without the need for law enforcement scrutiny, and helping to increase their propaganda effectiveness.”
“Terrorgram’s continued and aggressive encouragement of violent acts of acceleration is becoming increasingly terrifying,” adds Wendy Via, co-founder and president of the Global Project Against Hate and Extremism. “The landscape of potential political violence in 2025 will be volatile.”
In May, a 36-year-old woman associated with a neo-Nazi group admitted planning attacks on electrical substations in the Baltimore areawhich authorities described in a criminal complaint as “racially or ethnically motivated.” AND wave of attacks against electric substations in Oregon, North Carolina and Washington state in tardy 2022, with tens of thousands of people reportedly losing power. In 2016 attack in Utah caused a power outage that affected approximately 13,000 households. According to reports, the attacker used a high-powered rifle in the attack and fired from a long distance towards the electrical substation. According to the FBI, some Terrorgram manuals also encourage attackers to apply Mylar balloons to transport explosives or disrupt power lines.
“The threat overwhelmingly comes from the far right,” says Ryan Shapiro, executive director of Property of the People. “Yet Donald Trump is already spreading lies to blame immigrants and progressives. As we have seen on countless occasions, Trump’s attacks on truth provide cover for his and his supporters’ attacks on democracy.”