ChatGPT has taken the world by storm with over 100 million monthly users in January, setting the record for the fastest growing app since its launch at the end of 2022. This AI Chatbot has a wide range of uses, from writing essays to penning a business plan, it can even generate code. But what exactly is it, and what are the potential cybersecurity risks?
What is ChatGPT?
ChatGPT is an AI driven natural language processing tool created by OpenAI. Designed to answer questions and assist with tasks, it is currently open to the public and free of charge. Additional features and functionality are also available with a paid subscription.
The application sources its data from textbooks, websites, and articles, using these to model its own language and responses to the questions posed. It is suitable for chatbots, AI system conversions and virtual assistant applications but it also has the capability to develop code, write articles, translate, and debug, among other tasks.
Why does ChatGPT pose a risk to cybersecurity?
Researchers have found that ChatGPT can develop code that can be used for malicious purposes. And while ChatGPT has some content filters in place to restrict malicious output, these filters can be bypassed.
For example, the software company CyberArk was able to successfully bypass these filters and use the program to create polymorphic malware. Â They were also able to use ChatGPT to mutate the code, thus creating a code that was highly evasive and difficult to detect. Additionally, they were able to generate programs that could be used in malware and ransomware attacks. Cybersecurity solutions provider Check Point was also able to use ChatGPT to create a convincing spear-phishing attack.
When Forbes magazine asked the AI Bot itself whether it was a cybersecurity threat, they received an answer stating that it is not a threat, but did add that "any technology can be misused."
As ChatGPT is an example of machine learning, the threat will continue to grow in line with the demand for malicious code. Â With the increasing input it receives, it will learn to craft more sophisticated answers, leading to the possibility of more sophisticated coding capabilities. With these capabilities available to the public, it will require less skills from threat actors to carry out these attacks.
BlackFog can help defend against these attacks.
We did some research of our own and found that ChatGPT is capable of writing a PowerShell attack, if asked in a "non malicious" way. Take a look at the video below to find out how the code was created, what happened during the attack and how BlackFog prevented the attacker from stealing the victim's data.
The PowerShell script is generated quickly by ChatGPT and can be easily used in an attack.
As you can see, once the script has been installed onto the victim's device, data is exfiltrated every five seconds, but the victim is completely unaware that anything is happening in the background.
BlackFog, once installed, immediately stopped the attack in its tracks and no further data was exfiltrated from the victims device. This happened automatically and without the need for any intervention from the user. The attacker then sees that the script has stopped functioning and they have no option but to abandon the attack, while the user now has peace of mind that their data is safe.
BlackFog's Anti Data Exfiltration (ADX) technology automatically blocks all types of cyberthreats and ensures that no unauthorized data leaves an organizations' devices or networks. The 24/7 protection is on-device, meaning that no matter where employees are working, as long as they have an internet connection, they are 100% protected.
With ChatGPT growing in popularity, and the reality that its machine learning capabilities will only produce more sophisticated code, it's inevitable that less skilled threat actors will be empowered to launch cyberattacks. To stay ahead of cybercriminals, organizations must evaluate their cybersecurity strategy and ensure they have third generation defenses in place to combat these cyberattacks.
Share This Story, Choose Your Platform!
Related Posts
The Role of Wireless Intrusion Detection: Guard Against Invisible Threats
Learn everything you need to know about wireless intrusion detection and why it should have a place in your cybersecurity strategy.
IPS Tools in Cybersecurity: Still Essential in 2025?
Learn why businesses need IPS tools and how these offerings work to boost cybersecurity defenses.
IDS vs IPS: What’s the Difference and Why Do You Need Both?
Understanding the differences in IDS vs IPS technology and what each is capable of is essential in building a comprehensive cybersecurity defense strategy.
What Makes Deep Learning in Cybersecurity Different and Why it Matters for Cybersecurity
Explore how deep learning in cybersecurity offers advanced threat detection, behavioral analytics and real-time responses.
5 Key Challenges When Adopting AI and Machine Learning in Cybersecurity
While AI and machine learning in cybersecurity offer powerful benefits, businesses face major challenges when adopting these technologies. Learn what to expect and how to prepare.
Machine Learning in Cybersecurity: Tactics and Trends
Find out how machine learning in cybersecurity is transforming how businesses can defend against increasingly sophisticated hacking attacks in our comprehensive guide to these trends.