Tag Archives: theft

AI Infiltration

Leave a reply

Do you want an AI to be able to read and reply to your email? Wouldn’t that be great? Yes, but I’m not doing it!

My personal email is a gateway to everything I do on the web, and that includes my digital banking. It also includes access to EVERY web tool that I use. I can’t count the number of times that I’ve used ‘Forgot my password’ on a website, or an app, and retrieved that information in my email. So, my email gives me, and anyone or anything that has my password a lot of control over the online tools that I regularly use.

As an aside, this is why two-factor authentication is so important, it protects you from someone having full control of everything you do online, simply by having access to your email. Yet, to me, this protection isn’t enough to allow me to give an AI agent access to my email. To me, this is allowing too much access to my whole digital life.

It’s not the reading of my email I’m concerned about. And frankly, I’d love to have an AI respond to basic email communication on my behalf, or to add items to my calendar for me. That would be great. But to do that I’m essentially saying to an AI company, “I’m an open book, go ahead and read me in order to train your AI model.’ And I’m also allowing an Agent full access to my digital life.

What happens when a ‘helpful’ agent decides that in order to help me it needs access to my online banking to make a purchase? Or worse yet, what happens when an AI is injected with a virus designed to collect my passwords and to update this passwords, then delete the ‘Forgot password’ emails so I don’t even know they were changed.

We’ve already seen countless examples of people being able to trick an AI into giving access to programming information that should have been kept private. Or people convincing an AI to respond to inappropriate questions it was trained not to respond to. Knowing this is not terribly hard to do, what makes you believe an AI agent with full access to your email, your life online, can’t be convinced or exploited to share your information and access in a way that will completely compromise you and your personal information?

I’m not convinced the risk is worth the reward. As I use AI more, I’m using it as a tool to help me understand and connect to the world in better, more efficient ways. But I’m not ready to let AI into my email and into my digital life. I’m wondering when the horror stories of full identity theft are going to start to happen? And I’m guessing these stories are going to start with, “I gave an AI agent access to my email.”