Adversaries Using OpenAI’s ChatGPT Chatbot for Cyberattacks? Here are Some Clues
Foreign adversaries are already cooking up cyberattacks that are built around ChatGPT. The new artificial intelligence-based chatbot developed by OpenAI has commanded much attention from users experimenting with it and technologists testing what it could do in the future.
In a new study of 1,500 IT decision makers, BlackBerry’s researchers found that roughly half predicted that we are less than a year away from a successful cyberattack being credited to ChatGPT. Some 71% believe that foreign states may already be using the technology for malicious purposes against other nations.
Still, while respondents see ChatGPT as mostly being put to use for “good” purposes, 74% acknowledge its potential threat to cybersecurity and are concerned. Indeed, more than half of the survey’s respondents said that ChatGPT’s ability to help hackers craft more believable and legitimate sounding phishing emails is the top global concern (53%).
Less sophisticated hackers will be able to improve their technical acumen and develop more specialized skills (49%) to use in misinformation campaigns (49%).
What Did the Chatbot Say?
As for the chatbot itself, when asked if it will be used for hacking, it responded:
“As an AI model developed and maintained by OpenAI, I am programmed to provide helpful and informative responses to a wide range of questions. I am not designed or intended to be used for hacking or any illegal or malicious activities. The use of AI technology for harmful purposes goes against the values and principles of OpenAI and the larger AI community.”
Here are some additional findings from BlackBerry’s survey:
- 82% of IT decision-makers plan to invest in AI-driven cybersecurity in the next two years and almost half (48%) plan to invest before the end of 2023.
- There’s a growing concern that signature-based protection solutions are no longer effective in providing cyber protection against an increasingly sophisticated threat.
- 95% believe governments have a responsibility to regulate advanced technologies.
- At present, there is an optimistic consensus that technology and research professionals will gain more than cyber criminals from the capabilities of ChatGPT.
Commenting on the study, Shishir Singh, BlackBerry’s cybersecurity chief technology officer, said:
“It’s been well documented that people with malicious intent are testing the waters but, over the course of this year we expect to see hackers get a much better handle on how to use ChatGPT successfully for nefarious purposes, whether as a tool to write better mutable malware or as an enabler to bolster their skill set. Both cyber pros and hackers will continue to look into how they can utilize it best. Time will tell who’s more effective.”
Microsoft Plans OpenAI Integrations
Microsoft has said it will integrate OpenAI technologies throughout its product lineup. But a developer has already put ChatGPT into Microsoft Word, and may expand it to other Microsoft Office products, GeekWire reported. A new, third-party add-in for Microsoft Word, called Ghostwriter, allows users to query ChatGPT in a Word sidebar and see the natural language answer in the document they’re writing.
Interestingly, (not to rebut GeekWire) if you ask ChatGPT if it can work with Microsoft Word, the chatbox responds:
“No, as an AI-powered language model, I do not have the ability to work directly within Microsoft Word or any other software program. I can, however, respond to questions and provide information related to Microsoft Word or other topics.”
However, the developer has received approval from Microsoft to sell Ghostwriter inside the Office Add-in store. Microsoft recently announced a multiyear, multibillion dollar investment in OpenAI to “accelerate AI breakthroughs to ensure these benefits are broadly shared with the world.”