Threat actors will take advantge of ChatGPT, says expert

Share post:

Microsoft, software developers, law enforcement agencies, banks, students writing essays and almost everyone in between thinks they can take advantage of ChatGPT.

So do threat actors.

The artificial-intelligence-driven chatbot is touted as the search engine that will dethrone Google, help developers generate flawless code, write the next great rock hit … heck, it’s so new people can’t imagine what it can do.

But history shows crooks and nation-states will try to leverage any new technology to their advantage, and no infosec professional should expect any different.

So, says a threat researcher at Israel-based Cyberint, they’d better be prepared.

If ChatGPT will help software companies write better code, said Shmuel Gihon, it will do the same for malware creators.

Not only that, he added, it could help them reverse-engineer security applications.

“As a threat actor, if I can improve my hacking tools, my ransomware, my malware every three to four months, my developing time might be cut by half or more. So the cat-and-mouse game that defence vendors play with threat actors could become way harder for them.”

The “if” in that sentence is not because of the capability of the tool, he added, but the capabilities of the threat actor using it. “AI in the right hands might be a very strong tool. Professional threat actors, ransomware groups and espionage groups will probably make better use of this tool than amateur actors.

“I’m pretty sure they will find great uses for this technology. It will probably help them reverse engineer software they are attacking … help them find new vulnerabilities, and bugs in their own code, in shorter periods of time.”

And infosec pros shouldn’t just worry about ChatGPT, he added, but any tool driven by artificial intelligence. “Tomorrow another AI engine will be released,” he noted.

“I’m not sure security vendors prepared for this rate of innovation from the threat actors’ side,” he added. “This is something we should prepare ourselves for. I know AI is already embedded in security tech, but I’m not sure if it’s at this level.”

Security vendors should think about how threat actors could use ChatGPT against their applications, he advised. “If some of my products are open source or my front-facing infrastructure is built on engine X, I should know what ChatGPT says about my technology. I should know how to translate ChatGPT capabilities in the threat actors’ eyes.”

At the same time, CISOs should see if the tool can be leveraged to help protect their environments. One possibility: Software quality assurance.

The post Threat actors will take advantge of ChatGPT, says expert first appeared on IT World Canada.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Cyber Security Today, June 14, 2024 – Employee downloaded a file that led to hospital chain’s ransomware attack

An employee downloaded a file that led to hospital chain's ransomware attack Welcome to Cyber Security Today. It's Friday...

The good and the bad of AI generated code

Generative AI tools are transforming the coding landscape, making both skilled and novice developers more efficient. However, the...

Cyber Security Today, June 12, 2024 – More Snowflake storage victims found, Microsoft issues new Windows patches,

More Snowflake storage victims found, Microsoft issues new Windows patches, and more. Welcome to Cyber Security Today. It's Wednesday,...

Former OpenAI employee alleges plan for AGI bidding war

In a recent interview, former OpenAI safety researcher Leopold Aschenbrenner made startling claims about his ex-employer's strategy regarding...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways