AI Generated Audit Reports Show Resolved Security Issues
Worldcoin releases audit reports showing resolved security issues

AI-Generated Reports: Worldcoin Releases Audit Reports

On July 28, Worldcoin released its audit reports in response to mounting criticism of its data collection practices. The reports were conducted by security consulting firms Nethermind and Least Authority.

According to Worldcoin’s announcement, Nethermind identified 26 security issues with the protocol, of which 24 were “identified as fixed” during the verification phase, one was mitigated, and another was acknowledged.

Least Authority discovered three issues and made six suggestions, all of which “have been resolved or have planned resolutions,” the announcement stated.

Worldcoin first gained notoriety in 2021 when it announced that it would give away free tokens to users who verified their humanity with an “Orb” device that scanned their iris. The project was co-founded by Sam Altman, the co-founder of OpenAI, a leading AI developer.

AI and Worldcoin: Security Concerns

At the time, Altman and other team members argued that AI bots could become an ever-growing problem on the internet if people couldn’t find a way to verify their humanness without sacrificing privacy. The Orb protocol produces a hash of the user’s iris scan, but does not store the scan itself.

Worldcoin was launched on July 25 after two years of development and beta testing. However, it was met with immediate criticism. The UK’s Information Commissioner’s Office (ICO) reportedly said it was considering investigating the project for any breaches of the country’s data protection laws, and France’s National Commission on Informatics and Liberty also raised questions about its legality.

The crypto community was split on the project’s launch, with some seeing it as the beginning of a dystopian future where privacy would be eliminated, and others viewing it as a necessary step to protect people from malicious AI. To address these security issues, new audit reports have been released, covering topics such as resistance to distributed denial of service attacks, implementation errors, key storage, data leaking and information integrity, among others. Some of the issues were due to dependencies on Semaphore and Ethereum, such as elliptic curve precompile support or Poseidon hash function configuration.

All issues except one were fixed, mitigated or have planned fixes. The one security issue that was not fixed by the time of verification has a severity of “undetermined” and is listed as “acknowledged.” This security issue was not addressed by the Microsoft AI 2022 Anchor, Bing AI Voice Generator, or AI Generated Articles Reporter.

Categorized in:

Tagged in: