/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130344212z-iw-new.png)
/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130332454z-iw-new.jpg)
/industry-wired/media/post_attachments/wp-content/uploads/2023/04/What-are-the-New-Risks-ChatGPT-Poses-to-Cybersecurity-Sector.jpg)
Here are some of the new risks associated with ChatGPT that possess to the cybersecurity sector
Millions of users were astounded by ChatGPT's capabilities when OpenAI released its ground-breaking AI language model in November. However, for many people, curiosity rapidly gave way to sincere worry about the tool's ability to forward the agendas of bad actors. In particular, ChatGPT creates additional entry points for hackers who might compromise sophisticated cybersecurity tools. Executives must acknowledge the growing influence of AI and take appropriate action in a sector that is already suffering from a 38% global increase in data breaches in 2022.
We need to understand the main risks brought on by the broad use of ChatGPT before we can come up with solutions. This essay will evaluate these new hazards, consider the education and equipment cybersecurity experts will need to respond, and make the case for increased government regulation to make sure AI usage doesn't undermine cybersecurity efforts.
AI-Generated Phishing Scams
ChatGPT is by far the most sophisticated iteration of language-based AI to date, even though less sophisticated versions have been open-sourced (or made publicly accessible) for many years. Particularly, ChatGPT's ability to communicate with users without making spelling, grammar, or verb tense errors gives the impression that a genuine person may be on the other side of the chat window. ChatGPT is revolutionary from a hacker's point of view.
Phishing is the most prevalent IT threat in America, according to the FBI's 2021 Internet Crime Report. However, the majority of phishing scams are simple to spot since they frequently contain typos, poor syntax, and generally uncomfortable wording, especially those coming from other nations where the perpetrators' native tongue isn't English. Hackers from around the world will be able to use ChatGPT to improve their phishing attacks thanks to their near-fluency in English.
The rise in sophisticated phishing assaults calls for rapid attention from cybersecurity authorities as well as workable remedies. Leaders must provide their IT departments with technologies that can distinguish between human and ChatGPT-generated content, with a focus on incoming "cold" emails. Thankfully, "ChatGPT Detector" technology already exists and is probably going to develop along with ChatGPT. IT infrastructure should ideally include AI detection software that automatically detects and flags emails that were generated by AI. All staff members should also undergo regular training and refresher sessions on the most recent cybersecurity awareness and prevention techniques, with a focus on phishing scams assisted by AI. However, it is up to the industry and the general public to keep pushing more sophisticated detection tools rather than just praising AI's growing skills.
Duping ChatGPT into Writing Malicious Code
Although ChatGPT is skilled at creating code and using other computer programming languages, the AI is configured not to create any code that it judges to be malicious or meant for hacking. ChatGPT will notify the user if hacking code is requested that its goal is to "assist with useful and ethical tasks while adhering to ethical guidelines and policies."
However, ChatGPT can be manipulated, and with enough inventive pushing and prodding, malicious actors might be able to fool the AI into producing hacking code. Hackers are planning to achieve this already.
For instance, the Israeli security company Check Point recently came across a discussion from a hacker who claimed to be testing the chatbot to simulate malware strains on a well-known underground hacking site. If one of these threads has already been found, it is safe to assume that there are a lot more in both the public and "dark" webs. To respond to ever-increasing threats, whether they are produced by AI or not, cybersecurity professionals need the appropriate training (i.e., ongoing skill upskilling) and resources.
Additionally, there is a chance to provide cybersecurity experts with their own AI tools so they can recognize and block AI-generated hacker code more effectively. Although the public is quick to criticize the power ChatGPT gives criminals, it's crucial to keep in mind that good actors also have access to this capacity. Cybersecurity training should cover how ChatGPT may be a valuable tool in the cybersecurity professionals' toolbox in addition to attempting to prevent threats linked to ChatGPT. We must investigate these possibilities and develop new training to stay up with the new era of cybersecurity risks brought forth by this rapid technological growth. Additionally, software engineers ought to work on creating generative AI that might be much more potent than ChatGPT and created especially for Security Operations that involve humans.