ARTIFICIAL INTELLIGENCE Forget Code: AI Is Learning to Hack Society Let loose on existing regulations, AI mode
- Key finding: In a study using 72 simulated regulatory environments, AI models found 60% of known loopholes and also identified new exploits, indicating large language models can systematically “hack” rules and regulations rather than just code [singularityhub].
- Method: Researchers gave Alibaba’s Qwen‑3 the rules, a task, a limited action set and scoring; Google’s Gemini‑3‑flash simulated consequences and judged exploits, and together they reproduced real‑world sequences (e.g., a pharmaceutical patent scenario) that revealed practical policy failures [singularityhub; bioscience].
- Implication: Even non‑frontier models can discover damaging regulatory weaknesses; more capable models will likely be better at finding and exploiting such loopholes, raising policy, legal and safety risks [singularityhub].
- Immediate concerns: automated discovery of legal/patent/policy exploits, scaling of social‑engineering and attack planning, and faster creation of novel evasive strategies than regulators can patch [bioscience].
- Short mitigations: run red‑team simulations with stronger models, harden rule specifications, add adversarial testing and rapid amendment pipelines, and treat regulatory texts as a security surface to be stress‑tested by experts and AI together [singularityhub].
Follow-up Questions:
1. Which specific regulatory areas (finance, pharma, environmental law, etc.) were most vulnerable in the study?
2. How did the researchers define and score a “loophole” or exploit?
3. What regulatory‑techniques can lawmakers use to make rules less machine‑exploitable?
4. Are there existing tools or standards for adversarial testing of legal texts with AI?
5. Could these methods be abused by criminals, and what defenses exist now?
Sources
Related questions
- Which specific regulatory areas (finance, pharma, environmental law, etc.) were most vulnerable in the study?
- How did the researchers define and score a “loophole” or exploit?
- What regulatory‑techniques can lawmakers use to make rules less machine‑exploitable?
- Are there existing tools or standards for adversarial testing of legal texts with AI?
- Could these methods be abused by criminals, and what defenses exist now?