Unless you’ve been avoiding the news recently, you’re probably aware of ChatGPT, a language learning model introduced by OpenAI in November 2022. The intelligent chatbot has elicited excitement and concern due to its many potential applications, from fielding search queries to churning out e-books. Just two months after its launch, ChatGPT has already amassed over 30 million users, receiving 5 million visits per day, according to The New York Times.
The bot’s applications extend beyond conducting keyword research, answering searchers’ inquiries, and authoring books. It also has enormous potential in the realm of cybersecurity as a vital tool for both the businesses combating cyberattacks and the criminals perpetuating them.
The potential dark side of ChatGPT: Cyberattacks powered by artificial intelligence
If you google “ChatGPT and cybersecurity,” the results hint at a perception of the program as a double-edged sword for the security community. For example, a headline from Help Next Security proclaims “ChatGPT is bringing advancements and challenges for cybersecurity.”
In the Help Net article, Randy Lariar – practice director of big data, artificial intelligence, and analytics for the information security company Optiv – notes that the “bad guys” of cyberspace have just as much access to ChatGPT and other AI programs as everyone else. They can use its excellent writing capabilities to craft phishing emails and texts that sound convincingly human, supercharging social engineering tactics.
Additionally, ChatGPT has displayed coding proficiency, which means criminals who previously didn’t have the programming know-how to create their own malware can now rely on ChatGPT to compensate for their lack of skills.
Check Point Research has found that bad actors are already finding ways to utilize ChatGPT for nefarious purposes. In a December 2022 thread in an underground hacking forum, one user wrote about leveraging the AI program to replicate malware and strategies detailed in research publications and write-ups. Another thread focuses on the AI program’s ability to generate dark web marketplace scripts.
Daniel Spicer, chief security officer of the IT software company Ivanti, told Channel Futures that “…ChatGPT is really going to be a risk for just about everyone, even as far as threat actors that target individuals with SMS phishing or attacks of that sort. It’s going to really change our lives.”
The upside: How artificial intelligence can help security professionals
On the other hand, ChatGPT also has the potential to bolster efforts to combat malware and other IT security threats. Lariar told Channel Futures that the bot could help remedy the cybersecurity talent shortfall that has plagued the industry for years. As of 2022, the world needed an additional 3.4 million cybersecurity professionals, according to the most recent (ISC)² Cybersecurity Workforce Study.
With its ability to learn and deliver results of a consistent quality, however, ChatGPT could become a valuable colleague for workers in the IT security space, mitigating the talent shortfall. The program can assist with brainstorming, code writing, and pinpointing weaknesses and knowledge gaps, boosting productivity for those working in cybersecurity, according to the Help Net article.
In terms of combating attacks, ChatGPT also has the potential to search for vulnerabilities in decompiled code for applications and analyze and reverse-engineer the code for suspicious programs, Stan Kaminsky wrote in the Kaspersky blog entry, “How ChatGPT will change cybersecurity.” With access to what people across the world wide web are saying about security, ChatGPT could even serve as a consultant (although you should fact-check its answers for accuracy).
Ultimately, only time will tell how ChatGPT will change the cybersecurity landscape and whether it will prove more useful to those fighting cybercrime or those committing it.
If you’d like guidance on safeguarding your IT environment against evolving threats, our trusted technology advisors would be happy to help you. Drawing on our expansive partner network and background as a former managed security services provider, we can identify the best cybersecurity solutions for your company with tools like objective comparison matrices. Additionally, our price parity guarantee means working with us won’t cost you more than going straight to the supplier.
Get started today by calling 877-599-3999 or emailing firstname.lastname@example.org to schedule a consultation.