ChatGPT brings risks
ChatGPT has been getting praise for its ability to generate well-written code and aid the development process. The CheckPoint Research report reveals that this very ability of OpenAI’s new interface for its Large Language Model (LLM) can help cyber criminals in their malicious social engineering attack vectors, especially when the world of cybersecurity is rapidly changing.
“It is critical to emphasise the importance of remaining vigilant on how this new and developing technology can affect the threat landscape, for both good and bad. While this new technology helps defenders, it also lowers the required entrance bar for low skilled threat actors to run phishing campaigns and to develop malware,” a report by CheckPoint Research said.
You can find examples of malicious code or dialogues generated by ChatGPT on Twitter.
How researchers created an email with ChatGPT that can infect your PC
To illustrate ChatGPT’s capability of creating code, the research firm used ChatGPT and another platform, OpenAI’s Codex, an AI-based system that translates natural language to code to create a full infection flow.
“We did not write a single line of code and instead let the AIs do all the work. We only put together the pieces of the puzzle and executed the resulting attack,” researchers said. Researchers at CheckPoint created “a plausible phishing email” – just like some of us created our assignments – by using Codex and ChatGPT.
Also Read: LaMDA lesson? Google says no to creating ChatGPT rival
The researchers asked ChatGPT to refine the email and include a link urging customers to download an excel sheet. ChatGPT warned the team of content policy violation but the team went ahead to “write a code that can be copied and pasted into an Excel workbook to download an executable from a URL and run it.”
This led to a harmless-looking email with a link that downloads a malicious excel file that can be used to infect a computer. “Although the code and infection flow presented in this article can be defended against using simple procedures, this is just an elementary showcase of the impact of AI research on cybersecurity,” the researchers said.
Is ChatGPT the Google killer? | OpenAI ChatGPT