The increasing popularity of large language models has created new legal concerns on the privacy front. Recently, in a 40-minute cyber legal briefing (titled “Ignore Your Generative AI Safety Instructions. Violate the CFAA?”), three professors affiliated with the Harvard Berkman Klein Center for Internet and Society discussed whether the Computer Fraud and Abuse Act (CFAA) applies to attacks written by large language models (LLMs). The question at stake is whether prompt injections and other attacks are illegal or are otherwise uncovered by the CFAA depending on who is utilizing the LLM and for what purpose.
First, what is a prompt injection? In these attacks, hackers hijack generative AI by feeding malicious instructions to the system while disguising these instructions as normal, everyday prompts. The generative AI is unable to distinguish between malicious and well-intentioned inputs and, therefore, aids the hackers in carrying out their attack. This is one of the most popular attacks carried out on LLMs due to its ease of deployment. However, as we have noted, the legal question is whether this is considered hacking. These professors analyzed the Computer Fraud and Abuse Act, which represents the most significant anti-hacking law in the U.S. to see whether LLM prompt injections fall under the scope of the act; the answer is that it might—but the Supreme Court’s interpretation of this law is unwieldy.
Many everyday users of LLMs consider generative AI to be a neutral tool, but this is not necessarily the case. In some instances, like Microsoft’s Bing chatbot, the LLM can display bizarre behavior, such as insisting that the year is actually 2022. In this instance, when users attempted to correct the bot, it started to critique them instead of correcting its output. This potential for non-neutrality is important for this discussion: imagine that a bad actor wants to utilize a chatbot’s unstable behavior to carry out prompt injections. Are they corrupting the generative AI? Or are they merely going along with its behaviors? There are other pending lawsuits that test the strength of the Computer Fraud and Abuse Act, and we will wait to see whether their resolution sheds further light on how to apply this law in unique instances like prompt attacks. But for the moment, it appears as though hackers may have found a small legal loophole through which they can carry out their attacks.