Threat actors will take advantge of ChatGPT, says expert

Share post:

Microsoft, software developers, law enforcement agencies, banks, students writing essays and almost everyone in between thinks they can take advantage of ChatGPT.

So do threat actors.

The artificial-intelligence-driven chatbot is touted as the search engine that will dethrone Google, help developers generate flawless code, write the next great rock hit … heck, it’s so new people can’t imagine what it can do.

But history shows crooks and nation-states will try to leverage any new technology to their advantage, and no infosec professional should expect any different.

So, says a threat researcher at Israel-based Cyberint, they’d better be prepared.

If ChatGPT will help software companies write better code, said Shmuel Gihon, it will do the same for malware creators.

Not only that, he added, it could help them reverse-engineer security applications.

“As a threat actor, if I can improve my hacking tools, my ransomware, my malware every three to four months, my developing time might be cut by half or more. So the cat-and-mouse game that defence vendors play with threat actors could become way harder for them.”

The “if” in that sentence is not because of the capability of the tool, he added, but the capabilities of the threat actor using it. “AI in the right hands might be a very strong tool. Professional threat actors, ransomware groups and espionage groups will probably make better use of this tool than amateur actors.

“I’m pretty sure they will find great uses for this technology. It will probably help them reverse engineer software they are attacking … help them find new vulnerabilities, and bugs in their own code, in shorter periods of time.”

And infosec pros shouldn’t just worry about ChatGPT, he added, but any tool driven by artificial intelligence. “Tomorrow another AI engine will be released,” he noted.

“I’m not sure security vendors prepared for this rate of innovation from the threat actors’ side,” he added. “This is something we should prepare ourselves for. I know AI is already embedded in security tech, but I’m not sure if it’s at this level.”

Security vendors should think about how threat actors could use ChatGPT against their applications, he advised. “If some of my products are open source or my front-facing infrastructure is built on engine X, I should know what ChatGPT says about my technology. I should know how to translate ChatGPT capabilities in the threat actors’ eyes.”

At the same time, CISOs should see if the tool can be leveraged to help protect their environments. One possibility: Software quality assurance.

The post Threat actors will take advantge of ChatGPT, says expert first appeared on IT World Canada.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

AI pioneer expresses regret for not prioritizing safety during AI advancement

Professor Yoshua Bengio, a well-known expert in the field of artificial intelligence, has expressed remorse to the BBC...

OpenAI introduces “Shared Links” feature for ChatGPT conversations

OpenAI has introduced "shared links" for its ChatGPT language model. This feature produces a unique URL, allowing users...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways