simoneonofri
commented
5 months ago Hi @iherman,
That's a very good point. From my analysis, AI raises the bar from both a defender's and an attacker's point of view. It is a powerful tool that complicates the fateful cat-and-mouse game.
As you say, to defend sites from anti-automation, there are CAPTCHAs. CAPTCHAs can be resolved by AIs relatively easily, and then the defender perhaps puts other countermeasures in place to protect himself. Also, there is an ongoing discussion in several communities regarding CAPTCHAs' usefulness (and the use, for example, of JavaScript challenges that do not worsen the user's UX).
Conversely, defenders can use WAFs that use AIs to protect themselves from attacks and not use regexp or visitation behaviors to figure out whether it is a bot (which may also have privacy effects).
Is a particularly interesting and broad topic.
iherman
The section on security concentrates on the danger of impersonations. However, there may be additional dangers regarding the security measure taken by Websites for secure access. An obvious endangered approach is the use of captchas: an AI system may be in position to answer those captchas question, thereby making it, essentially, useless. Systems relying on biometric data might also be endangered (simple face or voice recognitions, for example).
Although the details of those techniques have not been developed at W3C, they also affect access to many Websites, so it is very much in the purview of this study.
cc @simoneonofri