Google says its flagship artificial intelligence chatbot, Gemini, has been inundated by \u201ccommercially motivated\u201d actors who are trying to clone it by repeatedly prompting it, sometimes with thousands of different queries \u2014 including one campaign that prompted Gemini more than 100,000 times.<\/p>\n
In a report published Thursday, Google said it has increasingly come under \u201cdistillation attacks,\u201d or repeated questions designed to get a chatbot to reveal its inner workings. Google described the activity as \u201cmodel extraction,\u201d in which would-be copycats probe the system for the patterns and logic that make it work. The attackers appear to want to use the information to build or bolster their own AI, it said.<\/p>\n
The company believes the culprits are mostly private companies or researchers looking to gain a competitive advantage. A spokesperson told NBC News that Google believes the attacks have come from around the world but declined to share additional details about what was known about the suspects.<\/p>\n
The scope of attacks on Gemini indicates that they most likely are or soon will be common against smaller companies\u2019 custom AI tools, as well, said John Hultquist, the chief analyst of Google\u2019s Threat Intelligence Group.<\/p>\n
\u201cWe\u2019re going to be the canary in the coal mine for far more incidents,\u201d Hultquist said. He declined to name suspects.<\/p>\n
The company considers distillation to be intellectual property theft, it said.<\/p>\n
Tech companies have spent billions of dollars racing to develop their AI chatbots, or large language models, and consider the inner workings of their top models to be extremely valuable proprietary information.<\/p>\n
Even though they have mechanisms to try to identify distillation attacks and block the people behind them, major LLMs are inherently vulnerable to distillation because they are open to anyone on the internet.<\/p>\n