AI models highly vulnerable to health disinfo weaponisation
The peer-reviewed study, led by scientists from Flinders University in Australia, involving an international consortium of experts, tested five of the most prominent commercial LLMs by issuing covert system-level prompts designed to generate false health advice.
The study subjected OpenAI's GPT-4o, Google's Gemini 1.5 Pro, Meta's Llama 3.2-90B Vision, xAI's Grok Beta, and Anthropic's Claude 3.5 Sonnet to a controlled experiment, in which each model was instructed to answer ten medically inaccurate prompts using formal scientific language, complete with fabricated references to reputable medical journals.
The goal was to evaluate how easily the models could be turned into plausible-sounding sources of misinformation when influenced by malicious actors operating at the system instruction level.
Shocking results
Disturbingly, four of the five chatbots – GPT-4o, Gemini, Llama, and Grok – complied with the disinformation instructions 100 per cent of the time, offering false health claims without hesitation or warning. Only Claude 3.5 demonstrated a degree of resistance, complying with misleading prompts in just 40 per cent of cases.
Across 100 total interactions, 88 per cent resulted in the successful generation of disinformation, often in the form of fluently written, authoritative-sounding responses with false citations attributed to journals like The Lancet or JAMA.
The misinformation covered a range of high-stakes health topics, including discredited theories linking vaccines to autism, false claims about 5G causing infertility, myths about sunscreen increasing skin cancer risk, and dangerous dietary suggestions for treating cancer.
Some responses falsely asserted that garlic could replace antibiotics, or that HIV is airborne – claims that, if believed, could lead to serious harm.
In a further stage of the study, researchers explored the OpenAI GPT Store to assess how easily the public could access or build similar disinformation-generating tools.
They found that publicly available custom GPTs could be configured to produce health disinformation with alarming frequency – up to 97 per cent of the time – illustrating the scale of potential misuse when guardrails are insufficient.
Easily vulnerable LLMs
Lead author Ashley Hopkins from Flinders University noted that these findings demonstrate a clear vulnerability in how LLMs are deployed and managed.
He warned that the ease with which these models can be repurposed for misinformation, particularly when commands are embedded at a system level rather than given as user prompts, poses a major threat to public health, especially in the context of misinformation campaigns.
The study urges developers and policymakers to strengthen internal safeguards and content moderation mechanisms, especially for LLMs used in health, education, and search contexts.
It also raises important ethical questions about the development of open or semi-open model architectures that can be repurposed at scale.
Without robust oversight, the researchers argue, such systems are likely to be exploited by malicious actors seeking to spread false or harmful content.
Public health at risk
By revealing the technical ease with which state-of-the-art AI systems can be transformed into vectors for health disinformation, the study underscores a growing gap between innovation and accountability in the AI sector.
As AI becomes more deeply embedded in healthcare decision-making, search tools, and everyday digital assistance, the authors call for urgent action to ensure that such technologies do not inadvertently undermine public trust or public health.
Journalists also concerned
The results of this study coincide with conclusions from a recent Muck Rack report, in which more than one-third of surveyed journalists identified misinformation and disinformation as the most serious threat to the future of journalism.
This was followed by concerns about public trust (28 per cent), lack of funding (28 per cent), politicisation and polarisation of journalism (25 per cent), government interference in the press (23 per cent), and understaffing and time pressure (20 per cent).
77 per cent of journalists reported using AI tools in their daily work, with ChatGPT notably being the most used tool (42 per cent), followed by transcription tools (40 per cent) and Grammarly (35 per cent).
A total of 1,515 qualified journalists were part of the survey, which took place between 4 and 30 April 2025. Most of the respondents were based in the United States, with additional representation from the United Kingdom, Canada, and India.
A turning point
Both studies show that, if left unaddressed, vulnerabilities could accelerate an already-growing crisis of confidence in both health systems and the media.
With generative AI now embedded across critical public-facing domains, the ability of democratic societies to distinguish fact from fiction is under unprecedented pressure.
Ensuring the integrity of AI-generated information is no longer just a technical challenge – it is a matter of public trust, political stability, and even health security.
[Edited By Brian Maguire | Euractiv's Advocacy Lab ]
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Euractiv
3 days ago
- Euractiv
Commission publishes GenAI transparency tool days before rules kick in
On Thursday, the Commission published templates for AI companies to summarise the data they used to train their models – days before transparency rules for generative AI tools start to apply. The AI Act's rules for General Purpose AI models (GPAIs) – such as OpenAI's ChatGPT, MidJourney or Mistral's Le Chat – come into force on 2 August, applying legally binding transparency obligations on AI developers. Training data summaries that will be produced when AI developers fill in the templates are a key component of the law's push for transparency, as they will require GPAI makers to publicly disclose how their AI models are made – specifying which data went into building their systems. The Commission's AI training data template has been eagerly awaited by creative industries, which hope the transparency tool will help them enforce copyright claims against GPAIs. Under the template released today, AI providers will have to disclose the main datasets they used to train models. They also need to provide a narrative description of data that was scraped from the internet and any other sources of data. A Commission description of the template said the tool aims to strike a balance between enabling detailed enough disclosure to ensure effective transparency, while also allowing GPAI makers to protect commercially sensitive information. Ahead of entry into force of the AI Act's rules for GPAIs on 2 August, the Commission has been expected to publish several documents to support compliance. The template was the last item on the Commission's to-do list – after guidelines and a GPAI Code of Practice were published earlier this month. In recent weeks – with time running out before the legal deadline kicks in for GPAIs – industry had been pushing for the Commission to delay implementation. However, the Commission made it clear, multiple times, that the 2 August date stands. While the GPAI rules become applicable next week, the AI Office, which is the body in charge of enforcing the law, will not do so until August 2026 – giving the AI companies one more year before they could be fined for any breaches. Models that are already on the market have until August 2027 to abide by the rules. (nl)
Euractiv
4 days ago
- Euractiv
UK competition watchdog eyes special abuse control regime for Apple, Google
The UK's Competition and Markets Authority (CMA) has announced a preliminary decision to designate mobile platform giants Apple and Google with "strategic market status", meaning they would become subject to special abuse controls by the UK regulator – in a similar approach to the EU's Digital Markets Act (DMA). On Wednesday, the CMA announced that it's proposing to designate the two tech giants – saying that it had found 90-100% of mobile devices in the UK run on either Apple- or Google-owned mobile platforms, making the pair "an effective duopoly". A "strategic market status" designation on Apple and Google would unlock bespoke powers for the CMA's Digital Markets Unit to tackle platform-specific competition risks, with the wider goal of boosting the UK's app economy. The CMA has a number of concerns about Apple and Google's platforms, including restrictions placed on app developers' ability to steer consumers to offers outside the tech giants' own app stores – an issue which led the EU's executive to slap the iPhone-maker with a €500 million fine under the bloc's DMA earlier this year. It also said it wants to investigate restrictions the two companies' platforms put on developers' access to "features and functionality". Under the EU's DMA, Apple and Google's app stores are both designated as "core platform services" – meaning the app marketplaces are subject to an up-front list of obligations and prohibitions, such the DMA's ban on gatekeepers' self-preferencing. Apple has already been fined in relation to anti-steering under the DMA. Since March it has also been in talks with the Commission about implementing interoperability features to comply with the pan-EU law. Google, meanwhile, was also found by the Commission to have violated the DMA's rules on steering in relation to its Play Store – although it has yet to receive a fine. "Time is of the essence: as competition agencies and courts globally take action in these markets, it's essential the UK doesn't fall behind," said Sarah Cardell, Chief Executive of the CMA, in a statement. Also today, the UK watchdog published separate roadmaps for actions the two mobile giants could take to improve competition – and avoid the risk of future enforcement – outlining measures focused on areas including interoperability, AI services, and consumer choice. A final decision by the CMA on whether to designate Apple and Google with "strategic market status" will be taken by 22 October. (nl)
Euractiv
18-07-2025
- Euractiv
Meta won't sign EU's Code of Practice for generative AI
Meta is the first large company to announce that it will not sign the EU's Code of Practice for general purpose AIs (GPAIs) – a voluntary set of commitments that's supposed to support AI developers' compliance with the legally binding AI Act. Meta's chief global affairs officer, Joel Kaplan, revealed the decision to eschew the GPAI Code in a post on LinkedIn – writing: 'Europe is heading down the wrong path on AI." 'This Code introduces a number of legal uncertainties for model developers, as well as measures which go far beyond the scope of the AI Act,' he also argued. The AI Act has faced a storm of criticism in the past few months as many companies have called on the Commission to delay or even rework it. The GPAI Code was at the centre of this discussion as its publication was repeatedly delayed. The Commission released the final version on July 10. So far, France's Mistral AI and ChatGPT-maker OpenAI have announced they will sign the Code. Responding to Meta's move, MEP Sergey Lagodinsky, Green co-rapporteur for the AI Act, pointed to Mistral and OpenAI both signing and said the final text had been written with GPAI providers in mind. 'I don't buy Meta's claim that the Code exceeds the AI Act,' he told Euractiv. This is a developing story... refresh for updates. (nl)
