AI ETHICS AND REGULATION

– time it took researchers to gain full access to McDonald ' s application data

The breakthrough came when Ian and Sam tried testing the chatbot, called Olivia, for prompt injection attacks – those sophisticated techniques where hackers disguise malicious inputs as legitimate prompts to manipulate AI systems.

IBM notes that such attacks can trick large language model( LLM)-powered systems into exposing sensitive data, such as a virtual assistant forwarding private documents.

When that more sophisticated approach went nowhere, the researchers spotted a login link for Paradox. ai staff on the McHire website and decided to try something basic.

Ian attempted common credentials. First“ admin” for both username and password – nothing. Then“ 123456” – and he was in.

Administrator access to a test McDonald’ s restaurant, no multifactor authentication required. From there, the researchers discovered they could manipulate applicant ID numbers to view other candidates’ chat logs and contact information.

Jeff Crume, an IBM Security Distinguished Engineer, describes how the concentration of data in AI systems aimagazine. com 143