Steve Povolny, Principal Engineer and Director, Trellix
ChatGPT is a term that has seemingly graduated to dinner table conversation status over the last month. While its predecessors garnered interest in the data science industry, very few had realized practical uses for the average consumer. That can be put to rest now, as the “smartest text bot ever made” has inspired thousands of innovative use cases, applicable across nearly every industry. In the cyber realm, examples range from email generation to code creation and auditing, vulnerability discovery and much more.
However, with breakthrough advances in technology, the inevitable security concerns are never far behind. While ChatGPT attempts to limit malicious input and output, the reality is that cyber criminals are already looking at unique ways to leverage the tool for nefarious purposes. It isn’t hard to create hyper realistic phishing emails or exploit code, for example, simply by changing the user input or slightly adapting the output generated.
While text-based attacks such as phishing continue to dominate social engineering, the evolution of data science-based tools will inevitably lead to other mediums, including audio, video and other forms of media that could be equally effective. Furthermore, threat actors may look to refine data processing engines to emulate ChatGPT, while removing restrictions and even enhancing these tool’s abilities to create malicious output.
While cyber security concerns have manifested, it’s important to remember that this tool has even greater potential to be used for good. It can be effective at spotting critical coding errors, describing complex technical concepts in simplistic language, and even developing script and resilient code, among other examples. Researchers, practitioners, academia, and businesses in the cybersecurity industry can harness the power of ChatGPT for innovation and collaboration.
It will be interesting to follow this emerging battleground for computer-generated content as it enhances capabilities for both benign and malicious intent.
