A vulnerability in ChatGPT, identified last year, is now being exploited by cyberthreat actors to target security flaws in artificial intelligence (AI) systems, according to a March 12 report by Veriti, a leading cybersecurity firm. While the National Institute of Standards and Technology (NIST) categorizes the vulnerability as a medium risk, Veriti has revealed that it has already been used in over 10,000 attack attempts globally.
The attacks have primarily targeted financial institutions, healthcare providers, and government organizations—sectors that rely heavily on AI systems to manage sensitive data and operations. These breaches could lead to severe consequences, including data theft, unauthorized financial transactions, regulatory penalties, and significant reputational damage.
Scott Gee, AHA Deputy National Advisor for Cybersecurity and Risk, commented on the situation, emphasizing the critical need for proactive security measures: “This could allow an attacker to steal sensitive data or impact the availability of the AI tool,” he stated. “This highlights the importance of integrating patch management into a comprehensive governance plan for AI when it is implemented in a hospital environment. The fact that the vulnerability is a year old and a proof of concept for exploitation has been published for some time is also a good reminder of the importance of timely patching of software.”
As organizations increasingly integrate AI into their operations, ensuring robust cybersecurity practices is paramount. The ongoing exploitation of this vulnerability serves as a stark reminder of the risks involved when security updates are delayed or overlooked.
For further information on AI-related security vulnerabilities or other cybersecurity concerns, please contact Scott Gee at sgee@aha.org. For the latest resources on cyber threats and risk management, visit aha.org/cybersecurity.
