Electoral Commission adjusting to AI threat in lead-up to November

The country's electoral system is adjusting to the newly identified threat posed by the most advanced models of AI software in the lead-up to November's general election, says the Electoral Commission.

"As with any potential change in the threat environment, we will of course be considering the implications of this newly identified threat on our systems readiness," acting chief electoral officer Mark Lawson told RNZ.

"We are confident in the security of our systems."

Governments are moving to shore up critical national infrastructure systems, after alarming results from tests of unreleased frontier AI models, the most advanced models of AI.

US lawmakers are making a last-chance effort to craft federal rules around AI ahead of November's mid-term elections, Politico has reported.

The UK and Australian AI safety institutes have also agreed to work together to meet the threat.

"No country can tackle that alone," they said.

New Zealand does not have an equivalent institute, but does receive back-up from Five Eyes partners.

Lawson said the commission was acting based on advice about the risks issued to the wider government sector by the National Cyber Security Centre, which issued a joint warning statement with its partner Five Eyes agencies on Tuesday.

"While we cannot comment in detail about steps we take to protect against specific threats for security reasons, we can reassure the public that our current information security practices take into account... NCSC guidance," Lawson said.

"Our systems are tested thoroughly leading up to an election, including final testing and adjustments to any new potential risks."

Frontier model Mythos was shared by creator Anthropic with the NZ government recently, as part of pre-release testing.

Earlier testing in the US prompted leading cyber security firm Palo Alto Networks to warn of a "tsunami" of cyber attacks ahead. It told RNZ this week the speed and scale of the looming issue was "not hype".

"The democratic process of elections will always be targeted," said company vice president Nicole Quinn.

"We've got to continue with the democratic process, but I would certainly be having all my national cybersecurity people behind ensuring that is as secure as we can make it."

No specific new testing

Asked by RNZ if electoral systems had been tested yet using the likes of Mythos, Lawson said: "We note that the guidance does not recommend the implementation of any specific new testing against Frontier AI."

Instead, the official advice was to implement existing cyber security mitigations and practices.

Science, a publication of the American Association for the Advancement of Science, recently published a piece 'How malicious AI swarms can threaten democracy'.

It said: "Swarms of collaborative, malicious AI agents ... are capable of co-ordinating autonomously, infiltrating communities, and fabricating consensus efficiently. By adaptively mimicking human social dynamics, they threaten democracy."

The rash of warnings and rush to safeguard critical systems has accelerated globally, in part because the first models with superhacking powers are edging closer to public release.

In the US, government officials were given just three days to deal with the most serious categories of digital vulnerabilities in their networks.

"These models are already reshaping the threat landscape, and the federal government cannot be the last to understand what they can do," said a chair of a key cyber security Homeland Security committee.

In the UK, agencies were warned several weeks ago about the "narrowing window".

'We know where the targets are'

In New Zealand's last election, Victoria University research found online disinformation was not as widespread as many had feared or speculated it would be.

"Most governments - and the New Zealand government would not be excluded - to knowing those risks and to focus on ensuring that it is as secure as they can be," Quinn said.

"We know where the targets are and what will be the ones who will be targeted the most."

Palo Alto Networks' lead security unit was part of briefings by the NCSC for government agencies and private companies.

Lawson said the commission's confidence in its security is based on its assurance and testing practices that follow NZ Information Security Manual (NZISM) requirements, in the leadup to the general election.