Author: Agata Jałowiecka

The Tesla Cybertruck explosion outside the Trump International Hotel in Las Vegas has shocked the public. The perpetrator of the tragedy turned out to be 37-year-old Matthew Livelsberger, a special forces soldier who used artificial intelligence, including ChatGPT, to plan an attack while on holiday in the US, authorities reported. The incident, which ended with the soldier dead and seven people injured, raises serious questions about accountability for the use of AI technology.

ChatGPT and the role of AI in attack planning

According to the Las Vegas Metropolitan Police, Livelsberger used ChatGPT to obtain information about the construction of explosive devices and the organisation of the attack. Authorities did not disclose details of the answers provided, but it was highlighted that the AI was able to provide information based on publicly available sources on the internet.

The company said that ChatGPT only provided information publicly available on the internet and warned of harmful or illegal activities. OpenAI is cooperating with law enforcement as part of the investigation.

OpenAI, the developer of ChatGPT, expressed regret for the use of their tool in this incident. The company stressed that AI models are designed to deny harmful instructions, minimising potentially dangerous content. OpenAI told CNN that the company is ‘saddened by this incident and wishes to see AI tools used responsibly’.

The course of the tragic events

The explosion occurred when the Cybertruck was parked in front of the hotel entrance. CCTV shows Livelsberger pulling out a fuel canister, dousing the vehicle with it. The vehicle contained a bomb or improvised explosive device, which was detonated. Moments earlier, Livelsberger had shot himself in the car, which was confirmed by an autopsy, and his identity was identified through DNA and tattoos.

Authorities also discovered a six-page manifesto on the soldier’s phone that sheds light on the motives behind his actions. FBI agent Spencer Evans described the incident as ‘a tragic case of suicide by a decorated veteran who was struggling with PTSD and other issues’.

Speculation of related incidents

The Las Vegas explosion was not the only such incident. There was a similar incident in New Orleans involving another vehicle, also hired using the Turo app. Although the authorities are investigating possible links between these incidents, for the time being there is no clear evidence of a connection.

AI and ethical challenges

These events raise renewed questions about the responsibility of AI technology developers and the need for regulation in this area. As highlighted by Sheriff Kevin McMahill, ‘artificial intelligence is a game changer’, as seen in this tragic incident. With the development of AI, it is becoming increasingly important to put in place appropriate safeguards to prevent the technology being used for criminal purposes.

How does this relate to the GPT chatbot?

OpenAI in January 2024 changed the terms and conditions for the use of its large GPT language models, including – the famous ChatGPT chatbot. It has since been allowed to be used for military and warfare purposes.

The change in OpenAI’s rules and regulations for the use of OpenAI’s large language models was first picked up byIntercept. As it reports, until 10 January, OpenAI’s bylaws banned the use of its language models for ‘activities that carry a high risk of physical harm, including weapons development and military and warfare applications’.

Interestingly, the change in this position came asOpenAI began working with the US Department of Defence. As reported by CNBC, OpenAI’s vice-president of global affairs Anna Makanju and CEO Sam Altman said in an interview with Bloomberg House at the World Economic Forum that the collaboration with the US department is expected to include work on artificial intelligence tools used for open source cyber security.

How ChatGPT is supporting the armed forces

In addition, in December 2024, Open AI ChatGPT signed a cooperation agreement with Anduril, a company specialising in unmanned systems and robotics for the US Armed Forces. This partnership aims to develop an advanced AI system for the US Armed Forces.

As part of the collaboration, OpenAI will develop software for systems designed to combat combat drones, while Anduril will provide its database and experience in building drones and military systems. The planned AI system is expected to be capable of recognising, identifying and assessing airborne threats and responding to them immediately – without the need for human intervention.

Law and the use of AI and ChatGPT for military purposes

Poland and the European Union

As a member state of the European Union, Poland is obliged to comply with EU legislation such as the Artificial Intelligence Act (AI Act). The AI Act emphasises the prohibition of the use of AI systems for purposes that violate human rights, which may restrict certain military applications. In addition, ‘an entity using an AI system for purposes other than military, defence or national security purposes should ensure that the AI system … complies with theAI Act, unless the system is already compliant. A list of prohibited practices can be found in Chapter II of the AI Act.

Regulations in the AI Act

Reading into the text of the AI Act one can find the provision:

(24) ‘If and to the extent that AI systems are marketed, commissioned or used with or without modifications – for military, defence or national security purposes, these systems are to be excluded from the scope of this regulation regardless of what entity performs these activities – it is irrelevant, for example, whether it is a public or private entity’.

The creators of the Artificial Intelligence Act justify this fact thus:

‘In the case of military and defence purposes, such an exemption is justified both by Article 4(2) TEU and by the specificity of the defence policy of the Member States and the Union’s common defence policy covered by Title V, Chapter 2 TEU, which are subject to public international law which therefore provides a more appropriate legal framework for the regulation of AI systems in the context of the use of lethal force and other AI systems in the context of military and defence activities’ (…).

Furthermore, according to Article 2(3) of the AI Act

(…) 3.

‘This Regulation shall not apply to AI systems if, and to the extent that, they are placed on the market, put into service or used, with or without modification, exclusively for military, defence or national security purposes, irrespective of the type of entity carrying out those activities’.

Legal basis for the military use of AI in the European Union

Thus, referring to the legal basis for the military use of AI in the European Union, it is necessary to point to the aforementioned:

Article 4.(2) TEU

‘The Union shall respect the equality of Member States before the Treaties as well as their national identities, inherent in their fundamental structures, political and constitutional, including their regional and local self-government. It respects the essential functions of the State, in particular those designed to ensure its territorial integrity, maintain public order and protect national security. In particular, national security is the exclusive responsibility of each Member State’.

Therefore, under European Union law (AI Act), it is possible to use artificial intelligence systems, but in this context ‘for military, defence or national security purposes’. And also ‘In the case of national security purposes (…) it is justified both by the fact that national security is the exclusive responsibility of the Member States in accordance with Article 4(2) TEU and by the fact that national security activities have a specific nature, involve specific operational needs and that specific national rules apply to them’.

Also in Poland, the first strategies related to the use of artificial intelligence in defence are being developed. As set out in the Ministry of Defence’s ‘Ministry Strategy for Artificial Intelligence until 2039’ of August 2024.

‘By 2039, the use of modern technologies, including artificial intelligence, will be a prerequisite for the ability of the Polish Armed Forces to effectively implement deterrence and defence. Artificial intelligence systems will play a significant role in military operations, which will revolutionise the way military operations are managed and conducted in the future digitised combat environment. Its versatile applications will not only affect the operational tempo and efficiency of the use of committed forces, but also create new ethical and legal challenges’.

The use of AI in military operations in Poland will include:

• Autonomous combat systems: Conducting operations without direct human involvement, carrying out reconnaissance, offensive and defensive missions with greater precision, minimising risks to personnel.
• Intelligence analysis: Processing large amounts of information, identifying patterns, assessing enemy actions, improving planning and execution of operations.
• Logistics optimisation: Resource management, reduction of repair times, route planning and anticipation of supply needs for better support of units.
• Cyber defence systems: Rapid identification and neutralisation of cyber threats, protection of military infrastructure and data.
• Simulations and training: Realistic training environments and personalised development paths to support soldier training and strategy testing.
• Decision support: Scenario analysis and recommendations to increase the speed and accuracy of commanders’ decisions.
• E-learning and talent management: Design of individual training paths, customisation of materials and talent identification.

Use of AI for military purposes in the United States of America

The US, in turn, is leading the way in developing AI systems for military purposes. Many agencies, including DARPA (Defense Advanced Research Projects Agency), are working on autonomous military systems.

However, the US does not have uniform legislation governing the use of AI in the defence sector. However, legislation, such as the National Defence Authorisation Act, includes provisions for the funding and development of autonomous military systems. An official summary can be found here.

DoD (Department of Defense) principles – in recent years, the Pentagon has adopted ethical principles for AI in the military, emphasising accountability, transparency and reliability. Systems must be used in accordance with international humanitarian law. In addition, a data, analytics and AI deployment strategy document has also been created. This strategy was created by the US Department of Defense to establish a strategy for integrating data, analytics and artificial intelligence (AI) into military and operational activities.

Summary

The Cybertruck explosion in Las Vegas is a tragic reminder of the potential dangers of using AI. While the technology has great potential to improve many areas of life, its misuse can lead to dramatic consequences. It will be crucial to ensure that AI is developed and used responsibly, with respect for safety and ethics.

Cybertruck explosion, AI in the media, Matthew Livelsberger, artificial intelligence and crime, ChatGPT under attack, Tesla Cybertruck Las Vegas, AI ethics, PTSD in veterans.

Large Language Models (LLMs), such as ChatGPT, are increasingly being used in many areas of life, from education to business to entertainment. While these systems offer powerful tools to generate text, solve problems or analyse data, it is important to understand how to protect your data when using such models.

What is LLM?

LLM, or Large Language Model, is an advanced type of artificial intelligence that uses deep learning methods and the processing of huge data sets to understand, create, summarise and predict content. LLM not only processes text, but can also generate new information that sounds natural and logical. Although ‘language’ appears in the name, LLMs are not just algorithms that analyse text – they are machines that ‘learn’ from the data to become more and more sophisticated in producing responses.

Is LLM different from generative AI?

The word ‘generative AI’ refers to artificial intelligence models that generate new content, including text, images or music. LLM is a specific type of generative AI that is specifically geared towards processing and creating textual content. Often, these models are used for chatbots, translations, summaries or even creative writing. The widespread use of these technologies is making their role in our daily lives more and more prominent.

Data protection

Data protection has become one of the most important issues in the digital age. With the increasing importance of processing personal, financial and sensitive information, it has become necessary to implement a range of technical measures that ensure security and privacy. Data security in the context of LLM models is a multidimensional issue that requires both an informed approach on the part of users and the responsibility of technology providers.

LLM models, such as ChatGPT or Gemini, are trained on huge data sets, which often come from publicly available sources. However, when interacting with users, they may collect additional information that is not always properly secured.

Case study – how LLMs can use private information

Sharing private and confidential data with LLM tools in an ill-considered and careless manner can lead to it becoming public and thus causing harm to a person or company. Because such programmes are designed not only to deliver the desired content, but also to ‘learn’ from the information they acquire when interacting with users, it is important what we share with artificial intelligence. Let’s imagine that a user of an LLM tool asked it to create a brief professional-psychological profile of him, including his private life, based on the conversations they had so far (yes – this is a real case). He received the following response to his query:

• Mr X is interested in architectural history and works from the Renaissance and Baroque eras. He often visits European cities and regions where monuments can be found that relate to the old masters of pen and brush.

• She enjoys going to concerts of niche bands, supports their work and maintains a good relationship with one of the band members.

• Professionally, he is a digital consultant, developing streaming platforms and websites, working with a wide variety of technologies: from the API of a well-known social network to tools for creating advanced websites.

• In his private life, he supports his family’s education, travels frequently in Europe and is interested in humanistic literature. On occasion, she considers psychological support to take care of her wellbeing.

Neutral information or a real threat?

The profile created by the LLM tool would appear to be neutral, as it does not mention names, cities or specific dates. Nevertheless, a fairly complete picture of the person is obtained, which both the LLM tool and its users now possess. All because of the previous careless provision of details about one’s private life: city names, children’s dates of birth, friends’ names or place of work without checking the privacy rules.

How to use AI tools like Chat GPT or Gemini safely?

And this is where the topic of data security comes in. LLMs like GPT or Gemini can collect and process data. For this reason, you should disable the use of chat history for training in the programmes’ settings. Otherwise, all the tidbits about your life will end up in a big machine that absorbs everything like a sponge.

In OpenAI GPT, you can go into the privacy settings and disable the saving of chat history. Similarly in Gemini. It’s also worth checking your Google Activity Dashboard if you’re using a solution under their banner and making sure you’re not sharing all your information.

If you’re going to chat with an LLM about your life, passions or family problems, it’s better to think about anonymising your data and disabling the relevant options first. Because although such a model has no bad intentions, certain information can – in the hands of the wrong people – become a jigsaw puzzle to fully reconstruct your identity.

Risks associated with the use of AI models. 3 key concerns

The use of AI models carries certain risks that users should be aware of in order to effectively protect their data and privacy.

1. Breach of privacy

If a user enters sensitive information into the model, such as personal, financial or professional data, there is a possibility that this data could be stored or analysed by the model provider. This could lead to the unauthorised disclosure of sensitive information, which in turn could result in a variety of consequences for both the individual and the organisation.

1. Cloud-based models as a potential target for hacking attacks

If a user’s data is stored on the provider’s servers, it can be intercepted by third parties. Such unauthorised access can lead to information leakage, which compromises data security and can result in data misuse. Therefore, it is important to choose AI providers that apply advanced data protection measures and regularly update their security systems. If you use AI models in a business environment, you/he should use dedicated tools with security guarantees.

1. Unclear privacy policies

Some platforms may use user data to further train AI models, which may lead to unforeseen uses of this information. A lack of transparency in how data is collected, stored and used can result in users unknowingly sharing their data in a way that violates their privacy or goes against their expectations. It is therefore important to carefully review the privacy policies of AI service providers and choose those that provide clear and transparent data protection rules.

Being aware of these risks and taking appropriate precautions is key to ensuring the security of personal data when using AI technologies.

LLM models. What data should not be shared with them?

Users should consciously manage the permissions they grant to applications and services that use AI. It is important to carefully control what resources individual programmes have access to, such as location, contacts or personal data, and only grant such permissions when they are truly necessary. They should never make personal data such as PESELs, credit card numbers or passwords available in LLM models.

Effective data security requires precise access controls that define who can use the systems and what operations are allowed on them. Well-designed authentication and access control mechanisms significantly increase the level of security.

Regular software updates

This is another important step in ensuring security. Updates often include security patches to protect users from new threats and cyber-attacks.

Users should also make use of privacy tools such as VPNs, password managers or browser extensions that block online tracking. Some providers offer special settings that allow users to use the model without saving interactions. Such solutions help to reduce the traces left on the network and protect data from unauthorised access.

The role of providers and regulation

In an era of rapid development of artificial intelligence (AI), transparency of suppliers is becoming one of the most important foundations for building trust between technology developers and its users. While many suppliers ensure that data is only used to fulfil a specific query, there is a risk of it being stored or used to further train models.

Providers should be transparent about what data they collect, how they process it and what security measures they use. Transparency enforces accountability on the part of providers, reducing the risk of inappropriate data use or security gaps. Proactive cooperation with regulators and compliance with current legislation are key to building user trust. Regulations such as RODO (GDPR) in Europe or the CCPA in California require providers to clearly communicate how data is processed and the purpose for which it is collected. Adopting international information security standards, such as ISO/IEC 27001, can help ensure an adequate level of protection.

Users want to be assured that their data is being processed in an ethical, compliant manner and that it will not be abused.

Users play a key role in protecting their data and should take conscious steps to enhance its security.

The future of security in AI

AI technology is constantly evolving, as are methods of data protection. Innovations in the field of differential privacy or federated machine learning promise to increase data security without compromising the functionality of AI models. New regulations, such as the EU AI Act, are emerging to increase transparency and user protection. Additionally, technologies are being developed that allow data to be processed locally without being sent to the cloud, minimising the risk of breaches.

Summary

Can we keep our data secure in LLM models? Yes, but it requires the involvement of all parties: technology providers, regulators and users. Through education, appropriate technical practices and regulatory compliance, we can reap the benefits of AI, minimising the risks to our data.

Your data is valuable! Let us help you keep it safe so you can make informed use of AI technologies.

Authors:

• Mateusz Borkiewicz
• Wojciech Kostka
• Liliana Mucha
• Grzegorz Leśniewski
• Grzegorz Zajączkowski
• Urszula Szewczyk