Fred Heiding
Fredrik Heiding is a research fellow in computer science at Harvard John A. Paulson School of Engineering and Applied Sciences (SEAS). He researches AI-enabled cyberattacks from the intersection of technology, business implications, and national security policies. His work demonstrates how AI models can be used to hack devices and users and create mitigation strategies for preventing those hacks. He also red teams the AI models themselves and the US national cybersecurity strategy to find out how to better prepare our national security for AI-enabled cyberattacks. In early 2022, Fredrik got media attention for hacking the King of Sweden and the Swedish European Commissioner. Fredrik currently works with the World Economic Forum's Cybercrime Center and White House Officials to improve global and domestic cybersecurity standards of AI-based cyber defense. Fredrik is a teaching fellow for the Generative AI for Business Leaders course at the Harvard Business School and leads the cybersecurity division of the Harvard AI Safety Student Team (HAISST).
Twitter: @fredheiding
Session
We previously demonstrated how large language models (LLMs) excel at creating phishing emails (https://www.youtube.com/watch?v=yppjP4_4n40). Now, we continue our research by demonstrating how LLMs can be used to create a self-improving phishing bot that automates all five phases of phishing emails (collecting targets, collecting information about the targets, creating emails, sending emails, and validating the results). We evaluate the tool using a factorial approach, targeting 200 randomly selected participants recruited for the study. First, we compare the success rates (measured by pressing a link in an email) of our AI-phishing tool and phishing emails created by human experts. Then, we show how to use our tool to counter AI-enabled phishing bots by creating personalized spam filters and a digital footprint cleaner that helps users optimize the information they share online. We hypothesize that the emails created by our fully automated AI-phishing tool will yield a similar click-through rate as those created using human experts, while reducing the cost by up to 99%. We further hypothesize that the digital footprint cleaner and personalized spam filters will result in tangible security improvements at a minimal cost.