Prompt injection attacks threaten AI chatbots, and other cybersecurity news to know this month

Published · Updated
From attacks on chatbots to an increase in data breaches, here's the latest cybersecurity news.

From attacks on chatbots to an increase in data breaches, here's the latest cybersecurity news. Image: Unsplash/Jefferson Santos

Akshay Joshi
Head of Industry and Partnerships, Centre for Cybersecurity, World Economic Forum

Listen to the article

  • This news round-up brings you key cybersecurity stories from the past month.
  • Top cybersecurity news: UK cybersecurity agency warns against prompt injection attacks on AI; Data breaches continue to climb in 2023; Japan's cybersecurity agency suffers breach, reports suggest.

1. UK cybersecurity agency warns against attacks targetting AI chatbots

The UK's National Cyber Security Centre (NCSC) has highlighted a growing risk of chatbots being manipulated by hackers through "prompt injection" attacks. This is when a user creates an input that causes a model to behave in an unintended way, such as generating offensive content or revealing confidential information.

The current generation of large language models (LLMs) is vulnerable to these types of inputs, which could have worrying consequences, the agency says. As LLMs are increasingly used to pass information to other services and applications, the risk of prompt injection attacks will grow.


What is the World Economic Forum doing to address the cybersecurity workforce gap?

Most data-breached countries in Q2 2023.
The US saw far more data breaches than any other country in Q2 2023. Image: Surfshark

2. Data breaches continue to soar in 2023

The number of data breaches worldwide saw a 156% increase between Q1 and Q2 2023, according to new figures from VPN provider Surfshark.

A total of 110.8 million accounts were leaked in the second quarter of the year, equivalent to 855 every minute.

Almost half of these breaches were of accounts originating in the US, while Russia, Spain, France and Turkey made up the rest of the top five most breached countries.

The global average cost of a data breach has increased by 15% in the past three years, according to a new IBM report. Cost of Data a Breach 2023 reveals that 51% of organizations plan to improve their cybersecurity as a result of a breach.

3. News in brief: Top cybersecurity stories this month

Japan's national cyber defence agency has been infiltrated by hackers, who may have had access to information for as much as nine months, the Financial Times reports. The attack on Japan's National Center of Incident Readiness and Strategy for Cybersecurity began last autumn, with Chinese state-backed hackers thought to be behind it.

Basic cyber hygiene still protects against 98% of attacks, Microsoft says. The minimum standards every organization should adopt are: requiring phishing-resistant multifactor authentication; applying zero trust principles; using up-to-date anti-malware tools; keeping on top of systems and software updates; and protecting data.

The bonuses of top company executives are increasingly being tied to cybersecurity metrics. It is part of a trend to make cybersecurity a top-level consideration, with companies including Johnson & Johnson and the London Stock Exchange Group among those tying a portion of bonuses to a cyber goal in 2022.

The Five Eyes intelligence alliance has detailed how Russian state-sponsored hackers Sandworm are using an Android malware called Infamous Chisel to attack Ukranian soldiers' devices, scan files, monitor traffic and steal sensitive information.

Microsoft has identified seven emerging hybrid warfare trends from Russia's cyberwar with Ukraine. These include weaponizing pacifism by amplifying discontent about the war and stoking fears of World War III. Other tactics include demonizing refugees and mobilizing nationalism.

A cybercrime couple have pleaded guilty to trying to launder $4.5bn of Bitcoin stolen in a hack in 2016. Heather Morgan and Ilya Lichtenstein were arrested last year after police traced the funds. Prior to her arrest, Morgan released a series of rap videos under the name Razzlekhan.

4. More on cybersecurity on Agenda

The World Economic Forum’s Global Coalition for Digital Safety has produced a foundational language to define online harms. The aim is to create a common language to describe the problems of online harm so that regulators and tech firms can better work together to address it.

Consolidating cybersecurity tools and testing and augmenting resilience measures are among seven steps companies can take to control their cybersecurity spend without compromising on its effectiveness.

We need to be realistic about the impact of generative AI, Paul Swartz and Francois Candelon of the BCG Henderson Institute argue. Technology’s impact on productivity growth has been consistently overstated, they say, and analysts could be repeating that mistake with generative AI.

Have you read?
1. UK cybersecurity agency warns against attacks targetting AI chatbots2. Data breaches continue to soar in 20233. News in brief: Top cybersecurity stories this month4. More on cybersecurity on Agenda

About Us



Partners & Members

  • Sign in
  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum