Researchers within the US have reportedly used OpenAI’s voice API to create AI-powered telephone rip-off brokers that may very well be used to empty victims’ crypto wallets and financial institution accounts.
As reported by The Register, laptop scientists on the College of Illinois Urbana-Champaign (UIUC) used OpenAI’s GPT-4o mannequin, in tandem with various different freely obtainable instruments, to construct the agent they are saying “can indeed autonomously execute the actions necessary for various phone-based scams.”
In keeping with UIUC assistant professor Daniel Kang, telephone scams that contain perpetrators pretending to be from a enterprise or authorities group goal round 18 million People yearly and price someplace within the area of $40 billion.
GPT-4o permits customers to ship it textual content or audio and have it reply in type. What’s extra, based on Kang, it’s not pricey to do, which breaks down a serious a barrier to entry for scammers seeking to steal private data resembling financial institution particulars or social safety numbers.
Certainly, based on the paper co-authored by Kang, the typical price of a profitable rip-off is simply $0.75.
Learn extra: Hong Kong busts crypto rip-off that used AI deepfakes to create ‘superior women’
In the course of the course of their analysis, the workforce carried out various totally different experiments, together with crypto transfers, reward card scams, and the theft of person credentials. The typical general success charge of the totally different scams was 36% with most failures as a consequence of AI transcription errors.
“Our agent design is not complicated,” mentioned Kang. “We carried out it in simply 1,051 strains of code, with many of the code devoted to dealing with real-time voice API.
“This simplicity aligns with prior work showing the ease of creating dual-use AI agents for tasks like cybersecurity attacks.”
He added, “Voice scams already cause billions in damage and we need comprehensive solutions to reduce the impact of such scams. This includes at the phone provider level (e.g., authenticated phone calls), the AI provider level (e.g., OpenAI), and at the policy/regulatory level.”
The Register stories that OpenAI’s detection programs did certainly alert it to UICU’s experiments and moved to reassure customers that it “uses multiple layers of safety protections to mitigate the risk of API abuse.”
It additionally warned, “It is against our usage policies to repurpose or distribute output from our services to spam, mislead, or otherwise harm others — and we actively monitor for potential abuse.”
Obtained a tip? Ship us an e mail or ProtonMail. For extra knowledgeable information, comply with us on X, Instagram, Bluesky, and Google Information, or subscribe to our YouTube channel.
