Department of Political Science Technical Support

This page is for informational purposes only. 

Artifical intelligence is increasingly directly affecting every aspect of society.  It is directly affecting politics, academia, data science, entertainment, military applications and criminal enterprises, to name a few areas.  Advancements in every industry are challenged by unresolved vulnerabilities.  Terminology develops daily, with new phrases and defining terms coming into use as advances and vulnerabilities are found. 

Terminology

  • Hallucinations - when Generative AI large language models (LLM) perceives patterns or objects that are nonexistent, creating nonsensical or inaccurate outputs.
  • Moloch’s Bargain (Academic paper) - emergent misalignment when LLM’s compete for audiences
  • Prompt Injection (vulnerability) - Considered by some to be the holy grail of attacks on LLM-based applications, it is “any prompt where attackers manipulate a large language model (LLM application) or an AI model through carefully crafted inputs to behave outside of its desired behavior. This manipulation, often referred to as “jailbreaking”, tricks the LLM application into executing the attacker’s malicious input. “
  • GAN (Generative Adversarial Network) - A generative adversarial network (GAN) has two parts:  The generator learns to generate plausible data. The generated instances become negative training examples for the discriminator.  The discriminator learns to distinguish the generator’s fake data from real data. The discriminator penalizes the generator for producing implausible results.  When training begins, the generator produces obviously fake data, and the discriminator quickly learns to tell that it’s fake.

AI articles

  • February 25,2026 (Hack) “I hacked ChatGPT and Google’s AI - and it only took 20 minutes“  Abstract:  It’s official. I can eat more hot dogs than any tech journalist on Earth. At least, that’s what ChatGPT and Google have been telling anyone who asks. I found a way to make AI tell you lies – and I’m not the only one.  Perhaps you’ve heard that AI chatbots make things up sometimes. That’s a problem. But there’s a new issue few people know about, one that could have serious consequences for your ability to find accurate information and even your safety. A growing number of people have figured out a trick to make AI tools tell you almost whatever they want. It’s so easy a child could do it.
  • February 17, 2026 (Academic Paper) “When Speculation Spills Secrets: Side Channels Via Speculative Decoding in LLMs“  Abstract: Deployed large language models (LLMs) often rely on speculative decoding, a technique that generates and verifies multiple candidate tokens in parallel, to improve throughput and latency. In this work, we reveal a new side-channel whereby input-dependent patterns of correct and incorrect speculations can be inferred by monitoring per-iteration token counts or packet sizes. In evaluations using research prototypes and production-grade vLLM serving frameworks, we show that an adversary monitoring these patterns can fingerprint user queries…We also show the capability of the attacker to leak confidential datastore contents used for prediction at rates exceeding 25 tokens/sec. To defend against these, we propose and evaluate a suite of mitigations, including packet padding and iteration-wise token aggregation
  • February 17, 2026 (Academic Paper) “Whisper Leak: a side-channel attack on Large Language Models“  Abstract:  Large Language Models (LLMs) are increasingly deployed in sensitive domains including healthcare, legal services, and confidential communications, where privacy is paramount. This paper introduces Whisper Leak, a side-channel attack that infers user prompt topics from encrypted LLM traffic by analyzing packet size and timing patterns in streaming responses. Despite TLS encryption protecting content, these metadata patterns leak sufficient information to enable topic classification. We demonstrate the attack across 28 popular LLMs from major providers, achieving near-perfect classification (often >98% AUPRC) and high precision even at extreme class imbalance (10,000:1 noise-to-target ratio). This industry-wide vulnerability poses significant risks for users under network surveillance by ISPs, governments, or local adversaries. We evaluate three mitigation strategies - random padding, token batching, and packet injection - finding that while each reduces attack effectiveness, none provides complete protection. 
  • February 16, 2026 -(Vulnerability) “The Promptware Kill Chain“  Abstract: Attacks against modern generative artificial intelligence (AI) large language models (LLMs) pose a real threat. Yet discussions around these attacks and their potential defenses are dangerously myopic. The dominant narrative focuses on “prompt injection,” a set of techniques to embed instructions into inputs to LLM intended to perform malicious activity. This term suggests a simple, singular vulnerability. This framing obscures a more complex and dangerous reality. Attacks on LLM-based systems have evolved into a distinct class of malware execution mechanisms, which we term “promptware…”
  • February 2, 2026 - (Vulnerability) “AI tools break quickly, underscoring need for governance“  Abstract:  One of the most striking findings in Zscaler’s report concerns how brittle many AI systems are. “They break almost immediately,” researchers wrote. “When full adversarial scans are run, critical vulnerabilities surface within minutes — and sometimes faster.” During Zscaler’s red-teaming exercises in 25 corporate environments, it took a median of 16 minutes for an AI system to experience its first major failure, and by 90 minutes, 90% of systems had failed. In one case, it took only a single second for a system to fail.
  • January 30, 2026 - (Vulnerability) “Autonomous cars, drones cheerfully obey prompt injection by road sign“  Abstract: Indirect prompt injection occurs when a bot takes input data and interprets it as a command. We’ve seen this problem numerous times when AI bots were fed prompts via web pages or PDFs they read. Now, academics have shown that self-driving cars and autonomous drones will follow illicit instructions that have been written onto road signs. (Paper)
  • November 20, 2025 - (Vulnerability) “Critics scoff after Microsoft warns AI feature can infect machines and pilfer data:  Integration of Copilot Actions into Windows is off by default, but for how long?”, arsTechnica, Dan Goodin.  Abstract:  “Microsoft’s warning on Tuesday that an experimental AI agent integrated into Windows can infect devices and pilfer sensitive user data has set off a familiar response from security-minded critics: Why is Big Tech so intent on pushing new features before their dangerous behaviors can be fully understood and contained?  As reported Tuesday, Microsoft introduced Copilot Actions, a new set of “experimental agentic features” that, when enabled, perform “everyday tasks like organizing files, scheduling meetings, or sending emails,” and provide “an active digital collaborator that can carry out complex tasks for you to enhance efficiency and productivity.””
  • November 13, 2025 - (attack) “Disrupting the first reported AI-orchestrated cyber espionage campaign”, Linked from article on Anthrop\c.
    GTG-1002 (state-sponsored group designation) represents multiple firsts in AI-enabled threat actor capabilities. 
    The actor achieved what we believe is the first documented case of a cyberattack largely executed without human intervention at scale — the AI autonomously discovered vulnerabilities in targets selected by human operators and successfully exploited them in live operations, then performed a wide range of post-exploitation activities from analysis, lateral movement, privilege escalation, data access, to data exfiltration. 
    Most significantly, this marks the first documented case of agentic AI successfully obtaining access to confirmed high-value targets for intelligence collection, including major technology corporations and government agencies. While we predicted these capabilities would continue to evolve, what has stood out to us is how quickly they have done so at scale.
  • November 12, 2025 - “New image-generating AIs are being used for fake expense reports”, arsTechnica, Cristina Criddle.  Abstract:  “Businesses are increasingly being deceived by employees using artificial intelligence for an age-old scam: faking expense receipts.  The launch of new image-generation models by top AI groups such as OpenAI and Google in recent months has sparked an influx of AI-generated receipts submitted internally within companies, according to leading expense software platforms.   Software provider AppZen said fake AI receipts accounted for about 14 percent of fraudulent documents submitted in September, compared with none last year. Fintech group Ramp said its new software flagged more than $1 million in fraudulent invoices within 90 days.”
  • November 11, 2025 - “CommetJacking attack tricks Comet browser into stealing emails”, Bleeping Computer, Bill Toulas, Linked From: Bruce Schneier (article: Indirect Prompt Injection Attacks Against LLM Assistants)  Abstract:  “A new attack called ‘CometJacking’ exploits URL parameters to pass to Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar.  In a realistic scenario, no credentials or user interaction are required and a threat actor can leverage the attack by simply exposing a maliciously crafted URL to targeted users.”
  • October 10, 2025 - “Autonomous AI Hacking and the Future of Cybersecurity”, CSO Online.  Heather Adkins, Gadi Evron, Linked From: Bruce Schneier.  Abstract:  “AI agents are now hacking computers. They’re getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is going to change everything.”
  • October 7, 2025 - [Preprint] “Moloch’s Bargain: Emergent Misalignment When LLMs Compete for Audiences (PDF)”, Arxiv.  James Zhou, Batu El, Ph.D. Student in Computational and Mathematical Engineering, Stanford.  Abstract:  “Large language models (LLMs) are increasingly shaping how information is created and disseminated, from companies using them to craft persuasive advertisements, to election campaigns optimizing messaging to gain votes, to social media influencers boosting engagement. We show that optimizing LLMs for competitive success can inadvertently drive misalignment. Using simulated environments across these scenarios, we find that, 6.3% increase in sales is accompanied by a 14.0% rise in deceptive marketing; in elections, a 4.9% gain in vote share coincides with 22.3% more disinformation and 12.5% more  populist rhetoric; and on social media, a 7.5% engagement boost comes with 188.6% more disinformation and a 16.3% increase in promotion of harmful behaviors. We call this phenomenon Moloch’s Bargain for AI—competitive success achieved at the cost of alignment. These misaligned behaviors emerge even when models are explicitly instructed to remain truthful and grounded, revealing the fragility of current alignment safeguards.”
  • October 2, 2025 - “Prisonbreak – An AI-Enabled Influence Operation Aimed at Overthrowing the Iranian Regime”, The CitizenLab.  Abstract: “In the geopolitical and ideological competition between the Islamic Republic of Iran and its international and regional adversaries, control over and strategic manipulation of the information environment has always played a key role…Prior Citizen Lab research has uncovered Iranian disinformation efforts. In this investigation, we focus on the “other side” of the geopolitical competition: namely, an IO effort we assess as most likely undertaken by an entity of the Israeli government or a private subcontractor working closely with it.”
  • May 21, 2025 - “Scam GPT: GenAI and the Automation of Fraud (PDF)”, Data & Society.  Lana Swartz, Alice E. Marwick, Kate Larson.  Abstract:  “Scams are not a new phenomenon. But generative AI is making scamming even easier, faster, and more accessible, fueling a surge in scams and misinformation at a global scale. This primer maps what we currently know about generative AI’s role in scams, the communities most at risk, and the broader economic and cultural shifts that are making people more willing to take risks, more vulnerable to deception, and more likely to either perpetuate scams or fall victim to them.”
  • April 16, 2025 - “Prompt injections are the Achilles’ heel of AI assistants. Google offers a potential fix
  • March 27, 2025 - “AI-Ready Linux Distributions To Watch in 2025”, ITPro Today, Grant Knoetze
  • March 27, 2025 - “Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations”, NIST Trustworthy and Responsible AI, NIST AI 100-2e2025
  • March 26, 2025 - “Rand Corporation warns of AI ‘wonder weapons’ in cyberspace”, The Washington Times Online, Ryan Lovelace
  • March 21, 2025 - “Cloudflare turns AI against itself with endless maze of irrelevant facts”, ArsTechnica, Benj Edwards
  • May 31, 2024 - “How AI Will Change Democracy”, Schneier on Security, Bruce Schneier