Campaign ads can already get a bit messy and controversial.
Now imagine you’re targeted with a campaign ad in which a candidate voices strong positions that sway your vote — and the ad isn’t even real. It’s a deepfake.
This is not some futuristic hypothetical; deepfakes are a real, pervasive problem. We’ve already seen AI-generated “endorsements” making headlines, and what we’ve heard only scratches the surface.
As we approach the 2024 U.S. presidential election, we’re entering uncharted territory in cybersecurity and information integrity. I’ve worked at the intersection of cybersecurity and AI since both of these were nascent concepts, and I’ve never seen anything like what’s happening right now.
The rapid evolution of artificial intelligence — specifically generative AI and, of course, the resulting ease of creating realistic deepfakes — has transformed the landscape of election threats. This new reality demands a change in basic assumptions regarding election security and voter education.
Weaponized AI
You don’t have to take my personal experience as proof; there’s plenty of evidence that the cybersecurity challenges we face today are evolving at an unprecedented rate. In the span of just a few years, we’ve witnessed a dramatic transformation in the capabilities and methodologies of potential threat actors. This evolution mirrors the accelerated development we’ve seen in AI technologies, but with a concerning twist.
Case in point:
- Rapid weaponization of vulnerabilities. Today’s attackers can quickly exploit newly discovered vulnerabilities, often faster than patches can be developed and deployed. AI tools further accelerate this process, shrinking the window between vulnerability discovery and exploitation.
- Expanded attack surface. The widespread adoption of cloud technologies has significantly broadened the potential attack surface. Distributed infrastructure and the shared responsibility model between cloud providers and users create new vectors for exploitation if not properly managed.
- Outdated traditional security measures. Legacy security tools like firewalls and antivirus software are struggling to keep pace with these evolving threats, especially when it comes to detecting and mitigating AI-generated content.
Look Who’s Talking
In this new threat landscape, deepfakes represent a particularly insidious challenge to election integrity. Recent research from Ivanti puts some numbers to the threat: more than half of office workers (54%) are unaware that advanced AI can impersonate anyone’s voice. This lack of awareness among potential voters is deeply concerning as we approach a critical election cycle.
There is so much at stake.
The sophistication of today’s deepfake technology allows threat actors, both foreign and domestic, to create convincing fake audio, video and text content with minimal effort. A simple text prompt can now generate a deepfake that’s increasingly difficult to distinguish from genuine content. This capability has serious implications for the spread of disinformation and the manipulation of public opinion.
Challenges in Attribution and Mitigation
Attribution is one of the most significant challenges we face with AI-generated election interference. While we’ve historically associated election interference with nation-state actors, the democratization of AI tools means that domestic groups, driven by various ideological motivations, can now leverage these technologies to influence elections.
This diffusion of potential threat actors complicates our ability to identify and mitigate sources of disinformation. It also underscores the need for a multi-faceted approach to election security that goes beyond traditional cybersecurity measures.
A Coordinated Effort to Uphold Election Integrity
Addressing the challenge of AI-powered deepfakes in elections will require a coordinated effort across multiple sectors. Here are key areas where we need to focus our efforts:
- Shift-left security for AI systems. We need to apply the principles of “shift-left” security to the development of AI systems themselves. This means incorporating security considerations from the earliest stages of AI model development, including considerations for potential misuse in election interference.
- Enforcing secure configurations. AI systems and platforms that could potentially be used to generate deepfakes should have robust, secure configurations by default. This includes strong authentication measures and restrictions on the types of content that can be generated.
- Securing the AI supply chain. Just as we focus on securing the software supply chain, we need to extend this vigilance to the AI supply chain. This includes scrutinizing the datasets used to train AI models and the algorithms employed in generative AI systems.
- Enhanced detection capabilities. We need to invest in and develop advanced detection tools that can identify AI-generated content, particularly in the context of election-related information. This will likely involve leveraging AI itself to combat AI-generated disinformation.
- Voter education and awareness. A crucial component of our defense against deepfakes is an informed electorate. We need comprehensive education programs to help voters understand the existence and potential impact of AI-generated content, and to provide them with tools to critically evaluate the information they encounter.
- Cross-sector collaboration. The tech sector, particularly IT and cybersecurity companies, must work closely with government agencies, election officials and media organizations to create a united front against AI-driven election interference.
What’s Now, and What’s Next
As we implement these strategies, it’s crucial that we continuously measure their effectiveness. This will require new metrics and monitoring tools specifically designed to track the impact of AI-generated content on election discourse and voter behavior.
We should also be prepared to adapt our strategies rapidly. The field of AI is evolving at a breakneck pace, and our defensive measures must evolve just as quickly. This may involve leveraging AI itself to create more robust and adaptable security measures.
The challenge of AI-powered deepfakes in elections represents a new chapter in cybersecurity and information integrity. To address it, we must think beyond traditional security paradigms and foster collaboration across sectors and disciplines. The goal: to harness the power of AI for the benefit of democratic processes while mitigating its potential for harm. This is not just a technical challenge, but a societal one that will require ongoing vigilance, adaptation and cooperation.
The integrity of our elections – and by extension, the health of our democracy – depends on our ability to meet this challenge head-on. It’s a responsibility that falls on all of us: technologists, policymakers and citizens alike.