Pattern Drive Private Limited

chatgpt-in-cybersecurity
ChatGPT In Cybersecurity

How Is ChatGPT In Cybersecurity Both Boon And Bane?

Updated on: 14/02/2023

625 Views | 0 Comments

OpenAI created a chatbot named ChatGPT that was released on the 30th of November 2022. Soon after its launch, it has become the talk of the town owing to its AI capabilities. One million users downloaded the app in a week. ChatGPT has caught the attention of ordinary people who do not have PhDs in data science, unlike most other AI research projects. Users can type in queries and receive human-like responses. Answers are usually short and to the point. With all the capabilities, it is a serious question whether ChatGPT in cybersecurity is a boon or a bane.

This article will focus on both aspects and let you take the decision on how ChatGPT can take over cyberspace.

What Is ChatGPT?

ChatGPT (Generative Pre-trained Transformer) is a new AI development created by OpenAI under the leadership of Sam Altman and backed by Microsoft, Elon Musk, Reid Hoffman of LinkedIn, and Khosla Ventures. This AI chatbot is capable of mimicking various writing styles during conversations. ChatGPT's text is much more imaginative and complex than previous Silicon Valley chatbots. Wikipedia, archived books, and web data were used to train the algorithm.

One million people signed up for the trial of the technology in the first five days after its launch. Users' queries and AI's responses flooded social media - poems, plots, copywriting, relationships, weight loss, brainstorms, studying, and even programming were all answered.

According to Open AI, ChatGPT is capable of answering follow-up questions, challenging incorrect premises, rejecting inappropriate queries, and apologizing for its errors. Thus, ChatGPT in cybersecurity is also noteworthy among other sectors.

Is ChatGPT Accurate?

It seems that it is not always accurate. Stack Overflow, one of the most prominent coder’s forums, has completely banned AI-generated answers owing to the heavy volume of incorrect yet reasonable responses. Stack Overflow mentioned in a statement,

“Because the average rate of getting correct answers from ChatGPT is too low, the posting of answers created by ChatGPT is substantially harmful to the site and users.”

OpenAI has revealed that the project ChatGPT is still in the Beta phase. The team is also training the model depending on user feedback. If users explain where the system went wrong, they can improve the code and responses. However, it can be anticipated that the company will make the complete capabilities of ChatGPT public anytime in 2023. This will also help the companies to develop products relying on the software and might include optimization, coding and call center tools. 

Similar to all NLP (Natural Language Processing) models, ChatGPT also possesses the power to produce inaccurate, negative as well as toxic content. That said, it does not cite any sort of ultimate fact authority. The knowledge of the AI is unique to that of the training data. Although it attempts to avoid controversial topics, issues can still arise. The OpenAI Moderation API limits ChatGPT's outputs as a result.

Do not limit your knowledge. Check out https://www.patterndrive.com/blog?category=infosec-research for more such infosecurity research articles.

ChatGPT In Cybersecurity: The Pros And Cons

Even when advanced technology is developed with the best of intentions, it inevitably ends up being misused. No exception can be made when it comes to AI. The technology has been taken up a notch both in terms of its positive and negative uses with OpenAI's ChatGPT. In terms of cybersecurity, there's growing evidence that AI-powered chatbots could be powerful tools for both hackers and cyber defenders. Thus, ChatGPT in cybersecurity can act in both ways based on how it is implemented.

We will definitely talk about the pros and cons of ChatGPT in cybersecurity. However, let us take a look at the general pros and cons of the OpenAI-launched ChatGPT.

General Advantages Of ChatGPT

  1. At the moment, Chat-GPT is free, and there is no subscription fee. Due to its incubation status, it may eventually become a paid application. 
  2. With smart, properly cited text, it can answer a variety of questions.
  3. Personalized answers based on user input. Depending on the question asked, answers are provided. Synthetic answers are derived from sources.
  4. Provide detailed and conversational answers to questions. With the chatbot, questions are answered in a human-like manner. As it has a conventional outlook, a wide range of questions can be asked.
  5. Real-time answers are provided. The time needed to find answers is reduced since answers are not coming from a couple of web pages. Responses are simple and quick.
  6. Assisting with essay writing and solving problems. The chatbot will be useful to students who need answers to assignments and essays. Codes can be written and college-level essays can be generated.
  7. Chatbots are available 24/7.
  8. Using it is easy and efficient.
  9. Answers to a question can be changed by a slight change in the user's input. A question can be phrased one way and get no answer, but phrased another way and get an answer.
  10. By assuming the user's intent, vague questions suggest possible answers.
  11. Human brains are relieved of stress and workload by using it.
  12. A moderating API was installed in the program to prevent the chatbot from revealing harmful and injurious information. It is strictly forbidden to ask questions that would harm or injure other humans. If you search for homemade bombs, you will not find the answers you need.
  13. Compared to other chatbots, it provides detailed explanations. It tries to answer questions in a clear and concise manner.

General Disadvantages Of ChatGPT

  1. Since ChatGPT is free to use as of now, ChatGPT In cybersecurity can be used extensively mostly for illegal purposes.
  2. There is no guarantee that the answers will be natural or based on reality. Most answers on search engines come from authoritative sources, such as articles and news. ChatGPT can't be compared to that.
  3. When it comes to ChatGPT, creatives are at a disadvantage because anyone can go there and find answers to questions while creatives provide original works. It is not difficult for them to write articles, solve math problems, and review code as well.
  4. Using chatbots like ChatGPT too heavily could result in fewer employees due to the lack of significance of their jobs in the future.
  5. In some cases, ChatGPT and other chatbots provide incorrect and confusing responses. Their comprehension is inferior to that of humans.
  6. ChatGPT often overuses certain words in its attempt to generate detailed text and can be unnecessarily wordy at times.
  7. There are multiple users who can access the answers. Two users may end up using the same essay if they search for the same topic. When the same questions are not asked, personalization works.
  8. Words it produces cannot be understood by it. The context and intent of a communication may not be understood, resulting in unrelated replies.
  9. As with every other language model, it is incapable of learning. Thus, even with a changed context, the user may still receive the same response.
  10. Assumptions it can make when vague questions are asked can result in answers that are not tailored to the user.

Advantages And Disadvantages Of ChatGPT In Cybersecurity

Here are some pros and cons of the OpenAI chatbot.

1. Automating Security Incident Analysis (Pro)

A security analyst typically pulls other data sources after receiving an alert about a potential security incident, in order to "tell a story" and decide if it's a real attack or not. To automate that process, a SOAR (security orchestration, automation and response) tool is used.

According to Accenture's research, combining data from a SIEM and ChatGPT can quickly yield the "story" of a security incident based on the outputs from the SIEM. Using ChatGPT to create that narrative from the data “is really giving you a clear picture faster than an analyst would by having to gather the same information.”

The massive shortage of skilled security professionals continues, despite the fact that many cybersecurity professionals are overburdened. While it helps to "erase some of the noise from the signal. ChatGPT has the potential to automate some of the work of overwhelmed security teams.

2. Automating Other Areas Of Cybersecurity (Pro)

Besides automating cyber incident analysis by security operations teams, ChatGPT can also automate some of the work of penetration testers who test cyber defence systems for weaknesses. "Ethical hackers" can also benefit from ChatGPT in cybersecurity with its malware creation capabilities. It may also be a sign that more automation of cyber defence decision-making is not far away in the future.

3. Reducing The Knowledge Gap For Execs And Boards (Pro)

Almost any field of inquiry can be improved using ChatGPT at an accelerated pace. ChatGPT is often a faster way to find information about a new topic than scouring the internet with Google because of the chatbot's ability to efficiently answer specific questions with highly relevant information. 

ChatGPT in cybersecurity can, however, be particularly helpful for those who want to learn about cybersecurity. As a result of its intricacies and complexity, security has always been a mystery to those who do not regularly deal with it, and it is widely misunderstood. In spite of the high stakes in cybersecurity, ChatGPT could be particularly useful for corporate executives and board members, who are increasingly expected to be knowledgeable about cybersecurity, since it can rapidly summarize complex topics.

ChatGPT may allow the world to "close the knowledge gap that exists between non-security executives and security executives" more quickly. In spite of the chatbot's utility for any industry, cybersecurity has a particularly high profile right now, making it particularly useful.

4. Enabling Phishing And Social Engineering (Con)

Recorded Future researchers have reported that ChatGPT specializes in imitating human writing offering the potential to be a robust phishing and social engineering tool. This AI-powered tool can prove to be especially beneficial for threat actors who are not easygoing with English. It can help them to more efficiently distribute malware.

During the researchers' test of ChatGPT, neither spelling nor grammar mistakes nor misusing English vocabulary were evident in the email text generated by the tool.

The researchers wrote,

“We believe that ChatGPT can be used by ransomware affiliates and initial access brokers that are not fluent in English to more effectively distribute infostealer malware, botnet staging tools, remote access trojans, loaders and droppers, or one-time ransomware executables that do not involve data exfiltration.”

5. Accelerating Malware Development (Con)

In technical explainers, researchers from CyberArk and Deep Instinct explained how to write malware, including ransomware, using the ChatGPT tool. Researchers at CyberArk Eran Shimony and Omer Tsarfati reported that the tool is capable of creating polymorphic malware that is highly evasive. Researchers concluded ChatGPT in cybersecurity can be used to create polymorphic malware easily based on their findings that will go against cyber safety.

Several advanced uses for the tool were highlighted by Recorded Future's research team. As a result, ChatGPT was trained to create unique variations of malware code evading antivirus detections by training it on malware code found in open-source repositories. The model was tricked into writing code that exploited security vulnerabilities by using syntactical workarounds.

According to Recorded Future researchers, ChatGPT can also generate malware payloads for distribution as part of cyberattacks. In addition to infostealers and remote access trojans, ChatGPT can also generate cryptocurrency stealers and remote access trojans.

OpenAI seems to be of the opinion that ChatGPT functions more like a search engine when it comes to user requests for code, and cannot be customized to the same level as a human. ChatGPT, according to Deep Instinct threat intelligence researcher Bar Block, “works more than just as a search engine,” she said.

ChatGPT Update On Subscription

OpenAI is trialing a subscription service in the US for ChatGPT. OpenAI's chatbot creator said subscribers will get "priority access" to new features and access to the platform even during peak hours.

Initially, the trial will only be available to those on a waiting list, but it will be extended to a wider audience in the future. According to the firm, the free version will still be available. A blog post by OpenAI expressed hope that free access would be supported by the subscription. Currently, using the chatbot costs the company a small amount.

With Teams, Microsoft is bringing ChatGPT to its video collaboration platform through models based on OpenAI's GPT-3.5. Initially, Microsoft is charging $7 a month for the subscription, which will increase to $10 per month afterward, as stated by Microsoft in a blog post.

Teams Premium will feature an intelligent recap, AI-generated chapters, timeline markers, AI-generated notes and tasks, and live translations, according to the software maker. Microsoft mentioned,

“With intelligent recap in Teams premium, you’ll get automatically generated meeting notes, recommended tasks, and personalized highlights to help you get the information most important to you, even if you miss the meeting.”


We hope that this article has been helpful. If you find this article on the uses and misuses of ChatGPT in cybersecurity useful, please share it with your friends, and colleagues so that they are aware of ChatGPT’s potential. You can find more such infosec research reads under the Infosec Research category in our Blog section.

Keep up with us on Facebook, Twitter, Instagram, and LinkedIn. Get regular updates on how to keep yourself anonymous by joining Telegram. If you are looking for cybersecurity consulting services or want to know more about our services, contact us through the contact form, drop in an email at [email protected], drop in a text on WhatsApp, or call us directly at +91 907 396 3301.


You Might Also Enjoy These Related Reads:

Latest Cybersecurity Predictions: What To See In 2023 & Beyond?

How Does The Line Of Social Engineering Attacks Look Now?

EvilProxy Phishing: How Are Cybercriminals Proven To Bypass 2FA & MFA?

LockBit Ransomware: An Exclusive Interview With The Administrator


Tags


Share


Leave a Comment

By Submitting you agree to our Terms of Service and Privacy Policy.