Abstract
Our society increasingly benefits from Artificial Intelligence (AI).Unfortunately, more and more evidence shows that AI is also used for offensivepurposes. Prior works have revealed various examples of use cases in which thedeployment of AI can lead to violation of security and privacy objectives. Noextant work, however, has been able to draw a holistic picture of the offensivepotential of AI. In this SoK paper we seek to lay the ground for a systematicanalysis of the heterogeneous capabilities of offensive AI. In particular we(i) account for AI risks to both humans and systems while (ii) consolidatingand distilling knowledge from academic literature, expert opinions, industrialvenues, as well as laypeople -- all of which being valuable sources ofinformation on offensive AI. To enable alignment of such diverse sources of knowledge, we devise a commonset of criteria reflecting essential technological factors related to offensiveAI. With the help of such criteria, we systematically analyze: 95 researchpapers; 38 InfoSec briefings (from, e.g., BlackHat); the responses of a userstudy (N=549) entailing individuals with diverse backgrounds and expertise; andthe opinion of 12 experts. Our contributions not only reveal concerning ways(some of which overlooked by prior work) in which AI can be offensively usedtoday, but also represent a foothold to address this threat in the years tocome.