The tech world is all abuzz over ChatGPT, the AI chatbot trained by OpenAI (founded by Elon Musk, Sam Altman and others). The large language model has exploded on the scene, amassing 1 million users in the first five days of its launch in late 2022. The security community is highly interested in this AI tool — and so are hackers. From writing malware code to generating a never-ending stream of phishing campaigns, many have named ChatGPT a dream platform for cyber actors. But what about the good guys?

Nearly any technology these days is a double-edged sword. So how are security pros looking at ChatGPT to help thwart cyber threats? Let’s find out.

Is ChatGPT the hacker’s friend or foe?

Imagine a Russian-speaking cyber gang trying to write a sophisticated spear phishing message targeting a US-based CEO. The hacker would either have to be a language expert or hire a native writer. But now, in seconds, they can just ask ChatGPT to produce a nearly infinite number of believable phishing messages.

Attackers are already using ChatGPT to write malicious code. From infostealer to ransomware to entire Dark Web marketplaces, actors on underground forums are boasting about how they are using the AI chatbot to accelerate their efforts.

Legitimate research has also explored how ChatGPT could impact security. As reported by SC Media, security researcher Dr. Suleyman Ozarslan stated that he was able to utilize the program for a variety of offensive and defensive cybersecurity tasks. These included crafting a World Cup-related email in fluent English, generating Sigma detection rules to identify cybersecurity anomalies and creating evasion code that could circumvent detection rules.

Experts compare ChatGPT to other software, such as Cobalt Strike and Metasploit, which are popular with security professionals and attackers alike. These tools are useful for legitimate penetration testing and simulating potential adversaries. But hacking groups also use the tools to help them break into their victims’ systems.

Potential tech talent crunch solution

Jeff Pollard, vice president and principal analyst at Forrester, said the emergence of ChatGPT has enabled him to consider how companies might practically leverage AI for defensive cybersecurity work, as per SC Media.

“I do think there is an aspect of looking at what it’s doing now, and it’s not that hard to see a future where you could take a SOC analyst that maybe has less experience, hasn’t seen as much and they’ve got something like this sitting alongside them that helps them communicate the information, maybe helps them understand or contextualize it, maybe it offers insights about what to do next,” Pollard said.

Red vs. blue team games

The strength and versatility of ChatGPT caught the attention of HackerSploit, who did a variety of tests with the chatbot online. He asked the AI chatbot how to scan for SMB (Server Message Block) vulnerabilities with Nmap. I repeated the question on my own, and the results were striking:

ChatGPT explained the process in detail and even included code snippets. What really caught my attention was the part in the answer that said (emphasis added):

“You can also use the NSE script smb-vuln-ms17-010 to check if the target is vulnerable to the ETERNALBLUE exploit, a SMB vulnerability that was used in the WannaCry attack nmap –script smb-vuln-ms17-010 <target>”

For Red Team cybersecurity teams (and criminals), the implications are massive. And what about Blue Team defensive efforts? HackerSploit asked these questions and received high-level answers:

  • Write a search query to identify changes in the Windows registry (e.g., ELK query to detect registry changes).
  • Regular expression to filter IP addresses in Splunk (Regular expression, or “regex” for short, is a set of characters and symbols that can search for specific patterns in text. In Splunk, regular expressions search and filter through large amounts of data, such as log files, to find specific information.)

HackerSploit also asked ChatGPT to find problems in a PHP code with a known vulnerability. ChatGPT not only identified the security weakness but also provided the code to fix it.

AI and security use

As cyberattacks grow in volume and complexity, artificial intelligence is already assisting under-staffed security teams to mitigate threats. Curating threat intelligence from across research sources, blogs and news stories, AI technologies like machine learning and natural language processing (NLP) provide actionable insight that cuts through the clutter. And all this drastically reduces response times.

Meanwhile, cognitive security combines the strengths of AI and human intelligence. Cognitive computing is an advanced type of artificial intelligence that leverages machine-learning algorithms and deep-learning networks. And these systems get stronger and smarter over time.

ChatGPT and the future of cybersecurity

ChatGPT isn’t without its own bugs. Users have flagged the answers the chatbot provides for errors on numerous occasions. And, of course, you should always thoroughly test any code the AI writes before use. Still, the machine continues to learn as it interacts with the world. By design, it will get better and better at providing accurate answers.

Powerful AI tools are already available for both cyber criminals and security teams. The difference will be in which side learns to use the tools with more precision and efficiency. The worry is that these kinds of tools continue to lower the bar for malicious actors to launch attacks. As time goes on, even the most rudimentary skills might be enough to build dangerous cyber campaigns.

While organizations might be able to defend themselves using similar tools, what about the everyday person? How can the masses hope to outwit criminals armed with advanced AI tech?

Maybe, if ChatGPT-like tools remain accessible to everyone, all we will have to do is ask, “How should I defend myself against the threat of cyberattack?” And the chatbot will give us a detailed answer right away.

More from News

Securing critical infrastructure with the carrot and stick

4 min read - It wasn’t long ago that cybersecurity was a fringe topic of interest. Now, headline-making breaches impact large numbers of everyday citizens. Entire cities find themselves under cyberattack. In a short time, cyber has taken an important place in the national discourse. Today, governments, regulatory agencies and companies must work together to confront this growing threat. So how is the federal government bolstering security for critical infrastructure? It looks like they are using a carrot-and-stick approach. Back in March 2022, the…

650,000 cyber jobs are now vacant: How to tackle the risk

4 min read - How far is the United States behind in filing cybersecurity jobs? As per Rep. Andrew Garbarino, R-N.Y., Chairman of the HHS Cybersecurity and Infrastructure Protection Subcommittee, overseas adversaries have a workforce advantage over FBI cyber personnel of 50 to one. His statements were made during a recent subcommittee hearing titled “Growing the National Cybersecurity Talent Pipeline.” Meanwhile, recent CyberSeek data shows over 650,000 cyber jobs to fill nationwide. Given the rising rate of cyberattacks, these numbers are truly alarming. How…

Will data backups save you from ransomware? Think again

4 min read - Backups are an essential part of any solid anti-ransomware strategy. In fact, research shows that the median recovery cost for ransomware victims that used backups is half the cost incurred by those that paid the ransom. But not all data backup approaches are created equal. A separate report found that in 93% of ransomware incidents, threat actors actively target backup repositories. This results in 75% of victims losing at least some of their backups during the attack, and more than…

Should you worry about state-sponsored attacks? Maybe not.

4 min read - More than ever, state-sponsored cyber threats worry security professionals. In fact, nation-state activity alerts increased against critical infrastructure from 20% to 40% from 2021 to 2022, according to a recent Microsoft Digital Defense Report. With the advent of the hybrid war in Ukraine, nation-state actors are launching increasingly sophisticated attacks. But is this the most prominent danger facing companies today? While nation-state-based attacks cannot be ignored, it looks like insider cyber incidents are far more common. In fact, for the…