The application of your dreams built with artificial intelligence may be a security nightmare.. Why? | technology

aljazeera.net
8 Min Read


Artificial intelligence has given millions of users the ability to build the applications they need and make their lives easier without any technical experience in a wave known as “Vibe Coding,” but this ease has left users and their applications vulnerable to cyber attacks and data theft with no less ease than they were built.

Imagine that you built your dream service application with this technology, then released it to the public to subscribe to it, or gave your friends and relatives free access to it because it helps them. Later, they are surprised that their private data that they trusted your application to keep was stolen and became available on the dark web.

Read also

list of 2 itemsend of list

Although this scenario seems unlikely to some users, a PC Magazine report reveals a bitter reality, because there are more than 5,000 applications made using Vibe Coding techniques that do not have any type of protection or authentication that protects user data.

The study conducted by the security company Red Access claims that anyone with the correct link is able to access applications and the data stored in them and tamper with them as they wish.

A report by the American technical website “The Verge” published at the end of June reflects the same idea, as it mentions several examples of applications created by people related to the technical field in some way, but they neglected the security aspects, which made their applications vulnerable to several cyber attacks.

Therefore, before you publish your next application made using AI programming tools, you must check several different factors and take into account aspects that may not have occurred to you at first glance.

When does your personal project become a responsibility?

Gabriel Bernadette, a distinguished research scientist in the field of artificial intelligence at SentinelOne, a company specializing in cybersecurity supported by artificial intelligence, believes that the use of “Vibe Coding” techniques by amateurs and non-technical people to create their personal programs is a good thing, but the crisis begins when this application made by amateurs turns into a product that is sold to users and deals with their various data, according to his statements to “The Verge”.

All accounts related to Vibe Coding applications change when the application moves from being an application for tracking meals or orders to an application that deals with user data and medical and financial data for other users.

Person using AI agent workflow automation system technology innovation data analysis information network process algorithm dashboard application coding integration, business management concept
Hobbyists leave their AI applications vulnerable to attacks (Shutterstock)

The Verge report states that there is a need for different standards for applications that deal with user data, even if they are built by only one person.

Jack Cable, CEO and co-founder of Corridor, a security platform designed to develop native software for artificial intelligence, agrees with Bernadette’s point of view. He believes that Vibe Coding technology is ideal when working on low-risk projects such as sports and meal tracking applications, but the situation is different when it comes to an application that handles financial data for users other than its creator.

Check for these vulnerabilities before publishing

An independent report from the security company Kaspersky indicates a set of security risks and vulnerabilities that hackers may exploit to attack applications made using artificial intelligence.

These vulnerabilities include:

  • The absence of a mechanism to verify the validity and integrity of inputs, and failure to clean user inputs from extra characters and other basic errors that lead to classic security vulnerabilities.
  • Leave API keys and other programming secrets embedded directly in the interface of the web page where any hacker can access them.
  • The entire authentication logic is implemented on the client side via code that runs directly in the browser, which can easily be avoided and hacked into the website or application.
  • Integrating powerful and very dangerous functions that the application may not need in the first place, as artificial intelligence models tend to use the shortest paths to execute code, which are often unsafe, according to the Kaspersky report.
  • Using outdated and insecure libraries or dependencies.

Sensitive data is revealed in 40% of applications.. Is your application one of them?

The PC Magazine report continues to mention the dangers of artificial intelligence programming, as applications and websites made using artificial intelligence reveal sensitive data to their users in 40% of cases.

According to the Red Access study, this data includes work tasks in hospitals that contain personally identifiable information for doctors and patients, a presentation of a company’s marketing strategy, and sales records and financial data for a variety of companies.

Human and robot hands positioned above laptop keyboard, AI and human collaboration in coding, writing and digital tasks
40% of applications built with programming techniques via artificial intelligence reveal sensitive user data, according to one study (Getty)

The Verge report enumerates real-life cases of users who developed their own applications using artificial intelligence platforms and found serious security vulnerabilities in them that exposed them to hacking. Among them is Popstar, who created an application called Boomberg that tracks the US government’s spending on technology companies, and before launching it, he discovered a serious vulnerability in it.

The same goes for Jer Crane, founder of Pocket OS, who posted on the X platform that an AI programming agent wiped out his company’s entire production database.

Serial entrepreneur and former developer Joe Procopio says he built an application using Vibe Coding to display his previous work and other applications he had developed, but a group of hackers accessed the application he developed and disabled it.

How to save your application programmed with artificial intelligence?

It cannot be said that the landscape of application programming using artificial intelligence is very bleak, as you can follow a set of steps to make the application more secure, according to the recommendations of Kaspersky experts.

These steps include using AI to conduct an explicit security review before the application is deployed and after each modification, as well as separating the test environment and real production data.

You should also always check the public access settings for your databases before any launch, and finally use a human review if the application contains sensitive user and customer data.

In the end, do not wait for someone else to discover the vulnerability in the application of your dreams that you have developed, so always review the protection steps and standard procedures for securing applications before you share your application with the public or even your friends who have trusted you with their data.

Always remember, the difference between an application that facilitates users’ lives and an application that puts them at risk begins with neglecting a simple security review.



Source link

Share This Article
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *