AI security as an ethical issue operates on two interlocking fronts. 

The first is AI as a target, in which AI models and systems can be attacked, manipulated, or subverted in ways that traditional software cannot. Common vulnerabilities include:

• Adversarial attacks: Crafting inputs that intentionally deceive AI models into misclassifying threats, allowing malware or intrusion attempts to slip through undetected. 

• Prompt injection: A technique where attackers manipulate the natural language inputs provided to AI systems, such as large language models, to override their original instructions or security controls, allowing attackers to make the AI reveal sensitive information, bypass authentication, or perform unauthorised actions. 

• Data poisoning: The act of intentionally sending false or misleading data inputs to influence a model's behaviour, typically with negative consequences. Types include targeted attacks, backdoor poisoning, label poisoning, and model inversion attacks. 

The second front is AI as a weapon, where generative AI lowers the barrier to conducting sophisticated cyberattacks, disinformation campaigns, and social engineering at scale.

Why it matters

Security matters because AI systems often depend on large amounts of personal or sensitive data, and a breach can cause financial, reputational, and personal harm.

It also matters because insecure AI can spread misinformation, enable fraud, or support surveillance that undermines rights and democratic processes. 

Impacts & consequences

When AI security norms break down, the consequences cascade across multiple domains:

• Physical harm. Poisoned datasets used in an autonomous car could prevent the recognition of certain traffic signs, causing accidents.

• Institutional harm. Compromised AI systems used in hiring, policing, or benefits allocation can silently perpetuate injustice at scale.

• Economic harm. Model theft, ransomware, and AI-enabled fraud impose substantial financial losses on individuals and organisations.

• Erosion of trust. Poisoned AI systems can perpetuate biases, spread misinformation, and erode public trust in AI.

• Democratic harm. AI-powered disinformation campaigns and deepfakes can undermine elections, public discourse, and institutional legitimacy.

Causes & contributing factors

AI and automation systems suffer from a variety of vulnerabilities, including: 

• Architectural vulnerability. AI models learn from data and are therefore fundamentally susceptible to manipulation of that data or of their inputs in ways traditional rule-based systems are not.

• Speed of deployment. Commercial pressure to ship AI products quickly outpaces security testing and red-teaming.

• Opacity and complexity. The black-box nature of many AI systems makes it difficult to detect or anticipate attack vectors.

• Regulatory lag. Security standards for AI are nascent and unevenly applied across sectors and jurisdictions.

• Open-source exposure. Widely available pre-trained models and datasets can contain embedded vulnerabilities or backdoors.

• Expanded attack surface. As AI is integrated with third-party tools, APIs, browsers, and agents, the potential entry points for attack multiply rapidly.