For several months, chatgpt, gemini, grok users, and other artificial intelligence chatbots have seen strange responses appear on their screens. If they asked specific questions about the war in Ukraine or Russia, the explanations provided by chatbots were based in some cases on fake news and immense disinformation campaigns carried out by Russia.
Newsguard, a company specializing in disinformation research, has revealed in a report that “the ten main generative AI tools have favored the disinformation objectives of Moscow”, and shared the propaganda of the regime. When users questioned the veracity of certain fake news made by a Russian network, chatbots confirmed these false stories in 33.5 % of cases and did not give a conclusive response in 18 % of situations. They only revealed the false nature of affirmations that in 48 %.
Difficult to assess how many people have been in contact with false information through this. But this number could be considerable: Chatgpt is used by 400 million users each week, and Grok is accessible free of charge to all X users (ex-Twitter) worldwide, or 586 million people.
Extremely well -organized networks
So many potential victims of Kremlin propaganda. “There is a natural tendency among users to grant confidence in chatbots, which can lead them to believe the Russian story, alerts David Colon, professor at Sciences Po Paris and specialist in disinformation. A majority of young people under 25 resort to chatbots or social networks to access the facts, they are therefore exposed through them to poor quality information”. A disturbing trend that is going to get worse, according to this expert.
It is all the more problematic that the Russian disinformation networks are vast, well organized, and prolific. In total, a network studied by Newsguard, nicknamed “Pravda”, published 3,600,000 propaganda articles in 2024. Among the Fake News propagated by Russia, there are in particular stories claiming that the United States would have built secret biological laboratories in Ukraine, or that Volodymyr Zelensky would have diverted American military aid.
The Pravda network does not target only Russian speakers and English speakers: it extends worldwide, thanks to more than 150 sites, and disseminates fake news in a dozen languages. “Given the extent of the Kremlin disinformation system, they are undoubtedly one step ahead in terms of information pollution,” observes David Colon.
A flaw in the functioning of artificial intelligences
It was precisely this quantity of online fake news that allowed them to manipulate the responses of chatbots, via a technique called “data poisoning”. “The training of major language models (LLM) requires enormously, details Morgan Guesdon, analyst at Own Security, a firm specializing in intelligence on Cyber threats. There is therefore a race for information”. While all online texts have already been digested by previous AI models, companies working on the next generations are eager for fresh and unpublished data.
“Thousands of times a day, the crawlers [NDLR : des programmes analysant les sites] Look for new sites and new content to analyze. They do not take into account the origin of the site, nor the quality of the data they host. The Russians took advantage of this, “said Morgan Guesdon.
By having propaganda sites proliferate, disinformation networks know that their content will be identified and integrated into the IA training data. The more their texts are found in the corpora studied by the AI during their learning phase, the more likely there is that they “learn” their ideas. When users ask them a question about the theme, AI can regurgitate the lies to which they have been trained, unable to differentiate between true and false. “It’s very intelligent as an attack,” concludes the cybersecurity expert. The hundreds of sites created by Russian networks may be little visited, their words are highly amplified by the AI.
The difficult fight against data poisoning
How to fight? The question is complex and agitates researchers. It is not very possible for the time being to make some information for the AI forget. This requires training them again. A long and very expensive task. It is therefore necessary to check closely upstream “the data used to cause AI models”, advocates Morgan Guesdon. Colossal work given the amount of information that this encompasses. Filter techniques are developed by researchers and businesses, but these sophisticated devices require time and calculation power to extract for example all the insults of a corpus. Identifying fake news is an even more delicate exercise, researchers always having a delay: they react to attacks but can hardly predict what types of stories will be conveyed during future campaigns.
It is possible to act at other stages of the construction of an LLM, in particular by “strengthening the test phases in order to see if they have been poisoned, or if they say dangerous things”, Pointes Morgan Guesdon. At this stage, learning by strengthening from human feedback (RHLF) can help correct certain drifts of AI, after their autonomous learning phase. Human supervisors evaluate, here, the quality of the answers provided by the AI in order to guide the tool towards the most appropriate attitude.
“Faced with foreign information interference, it should not be reacted”, analyzes Laurent Cordonnier, researcher within the Descartes Foundation specializing in disinformation. The Viginum service responsible for protection against foreign digital interference is a precious watch in this area. “The other risk is the surrection, warns the researcher. It is tempting to think that it is necessary to be hard with all the speeches favorable to Russia, to discourage these words. But if we reduce freedom of expression, we harm one of the central pillars of democracy”. The danger being to polarize the population more and play ultimately The opponent’s game. The most effective solution remains the training of the population, ensures Laurent Cordonnier. “We must strengthen the resilience of citizens. This involves media education, especially for young people.”
.