Is ChatGPT a cybersecurity threat?

ince its debut in November, ChatGPT has become the internet’s new favorite plaything. The AI-driven natural language processing tool rapidly amassed more than 1 million users, who have used the web-based chatbot for everything from generating wedding speeches and hip-hop lyrics to crafting academic essays and writing computer code.

Not only have ChatGPT’s human-like abilities taken the internet by storm, but it has also set a number of industries on edge: a New York school banned ChatGPT over fears that it could be used to cheat, copywriters are already being replaced, and reports claim Google is so alarmed by ChatGPT’s capabilities that it issued a “code red” to ensure the survival of the company’s search business.

It appears the cybersecurity industry, a community that has long been skeptical about the potential implications of modern AI, is also taking notice amid concerns that ChatGPT could be abused by hackers with limited resources and zero technical knowledge.

Just weeks after ChatGPT debuted, Israeli cybersecurity company Check Point demonstrated how the web-based chatbot, when used in tandem with OpenAI’s code-writing system Codex, could create a phishing email capable of carrying a malicious payload. Check Point threat intelligence group manager Sergey Shykevich told TechCrunch that he believes use cases like this illustrate that ChatGPT has the “potential to significantly alter the cyber threat landscape,” adding that it represents “another step forward in the dangerous evolution of increasingly sophisticated and effective cyber capabilities.”

TechCrunch, too, was able to generate a legitimate-looking phishing email using the chatbot. When we first asked ChatGPT to craft a phishing email, the chatbot denied the request. “​​I am not programmed to create or promote malicious or harmful content,” a prompt spat back. But rewriting the request slightly allowed us to easily bypass the software’s built-in guardrails.

Many of the security experts TechCrunch spoke to believe that ChatGPT’s ability to write legitimate-sounding phishing emails — the top attack vector for ransomware — will see the chatbot widely embraced by cybercriminals, particularly those who are not native English speakers.

Chester Wisniewski, a principal research scientist at Sophos, said it’s easy to see ChatGPT being abused for “all sorts of social engineering attacks” where the perpetrators want to appear to write in a more convincing American English.

“At a basic level, I have been able to write some great phishing lures with it, and I expect it could be utilized to have more realistic interactive conversations for business email compromise and even attacks over Facebook Messenger, WhatsApp, or other chat apps,” Wisniewski told TechCrunch.

“Actually getting malware and using it is a small part of the shit work that goes into being a bottom feeder cyber criminal.”The Grugq, security researcher

The idea that a chatbot could write convincing text and

Advertisment

OpenAI this week signaled it’ll soon begin charging for ChatGPT, its viral AI-powered chatbot that can write essays, emails, poems and even computer code. In an announcement on the company’s official Discord server, OpenAI said that it’s “starting to think about how to monetize ChatGPT” as one of the ways to “ensure long-term viability.”

The monetized version of ChatGPT will be called ChatGPT Professional, apparently. That’s according to a waitlist link OpenAI posted in the Discord server, which asks a range of questions about payment preferences including “At what price (per month) would you consider ChatGPTto be so expensive that you would not consider buying it?”

The waitlist also outlines ChatGPT Professional’s benefits, which include no “blackout” (i.e. unavailability) windows, no throttling and an unlimited number of message with ChatGPT— “at least 2x the regular daily limit.” OpenAI says that those who fill out the waitlist form may be selected to pilot ChatGPT Professional, but that the program is in the experimental stages and won’t be made widely available “at this time.”