Perspectives and opinions, both positive and negative, are everywhere concerning ChatGPT. This AI tool has many use cases, from content creation to translation to coding. Since it’s a new and emerging technology, the cybersecurity community needs to take notice and ask if ChatGPT is a cybersecurity threat.
The ChatGPT Era
Are we living in the ChatGPT era? It’s the fastest-growing digital platform ever, with over 100 million users. This AI is much more powerful than anything before because it’s the first true natural language processing chatbot widely available. With such a dynamic and intelligent tool, bad actors are already finding ways to exploit it for their gain.
What Cybersecurity Threats Does ChatGPT Pose?
Cybersecurity teams and cybercriminals are both leveraging ChatGPT. We’ll focus on how the latter is doing so. Some cyber risks that ChatGPT poses include the following:
- AI-generated phishing scams: Phishing is the most common IT threat in the U.S., according to the FBI. What makes ChatGPT an attractive tool is that it’s a conversational AI that creates grammatically correct content. It adds a new layer of sophistication to these typical scams, so you must figure this into your cyber awareness plans.
- Smarter social engineering: Social engineering is a favorite approach for hackers, and ChatGPT could make them better at it. It can facilitate fake support requests, spoof caller IDs, and more to catch a user off guard.
- Malicious code: ChatGPT can be a proficient programmer, trained not to generate code it would identify as malicious. However, manipulation of ChatGPT can still occur to “trick” the AI into delivering such code. Threads on how to do this are already on hacker communities. Combating this means your cyber team has to be aware of the possibility and have AI tools as a resource to catch this.
- Data poisoning: This occurs when ChatGPT “poisons” data with an effective attack on machine learning models. It can then infect the integrity of data, something researchers from Cornell University explained. As a result, it’s much more than a bug in the system or an error; it could weaponize the data and cause destabilization.
- AI becomes a misinformation machine: ChatGPT’s creation was to remain objective, but it can experience the influence that skews it into disseminating misinformation. This matters in cybersecurity because it can have a negative effect on the use of AI in general. There are calls to strengthen oversight of AI tools by experts, which includes security. For example, search engines use generative AI tools, which could be susceptible to exploitation without a minimum-security threshold.
So, how does the cyber industry support checks and balances?
Checks and Balances of AI Technology
AI technology can be a force for good in cybersecurity. Many enterprises have advanced tools in place that use it to protect networks. However, any tool can be hijacked by hackers. Maybe, we need a bigger mindset shift when thinking about the promise and risks of AI.
First, we need to integrate ChatGPT and AI into cybersecurity protocols, thinking of it as more than a technology tool. Cyber teams need to understand its full potential and what can go wrong. Treating it as just another tactic undermines its propensity for positive and negative outcomes.
Second, is the ethics question of AI, which comes up a lot with many different perspectives. Your message to your team should be in terms of evaluating ChatGPT for gaps that could be ripe for manipulation. You’ll want how you use the technology to align with your standards around cyber ethics. ChatGPT may inspire a time to renew and review these with your team.
Third, adoption should be phased, measured, and consistent. Jumping on the ChatGPT bandwagon could cause you to expose your organization to more risk. Rather, you want to pace out the implementation, understand its use cases, test its capabilities, and make changes as you go. Continue to do this regularly so you have visibility into its impact.
Fourth, using ChatGPT can be a dense mechanism. ChatGPT can be a tool for malicious code development, but it can also simulate these. In the future, ChatGPT could be a tool for ethical hacking (penetration testing).
ChatGPT Is an Undeniable Cyber Risk
ChatGPT has opened up the threat landscape and given hackers a tool to wreak havoc. Thus, we can agree it’s a risk. However, it does have value in the modern cyber landscape. What’s critical is how you use it and the guardrails you put in place. Cybercriminals are continually honing their techniques, and your team will need to know all its possibilities, for good and bad. Only then can you leverage it to be part of cyber resilience over risk.