• NATURAL 20
  • Posts
  • ChatGPT is seen as a major security threat

ChatGPT is seen as a major security threat

Global cybersecurity companies show how accessible hacking becomes with a tool like ChatGPT

Happening this week

  • Getting know to the different types of AI companies and big players

  • Chamath and the All-In boys talk AI

  • Reid Hoffman starts a podcast where he talks about with AI *with* AI.

  • DeepMind (Google's AI) is launching ChatGPTs competitor

  • GPT-4 is gonna be HUGE (but delayed)

Quick Survey (helps us make you happy):

What are MOST interested in learning about AI?

What stories or resources will be most interesting for you to hear about?

Login or Subscribe to participate in polls.

A.I. Art "Selfies From the Last Day on Earth"

AI impression of what "Selfies From Last Day Of Earth" will look like

ChatGPT Creates a Massive Security Risk

Israeli cybersecurity company Check Point demonstrated how ChatGPT, when used in tandem with OpenAI’s code-writing system Codex, could create a phishing email capable of carrying a malicious payload.

In this article, Check Point Research demonstrates:

-How artificial intelligence (AI) models can be used to create a full infection flow, from spear-phishing to running a reverse shell

-How researchers created an additional backdoor that dynamically runs scripts that the AI generates on the fly 

The researchers used ChatGPT to develop a malicious macro that could be hidden in an Excel file attached to the email. Once again, they didn’t write a single line of code. At first, the outputted script was fairly primitive.

When the researchers instructed ChatGPT to iterate the code several more times, however, the quality of the code vastly improved.

The researchers then used a more advanced AI service called Codex to develop other types of malware, including a reverse shell and scripts for port scanning, sandbox detection, and compiling their Python code to a Windows executable.

“And just like that, the infection flow is complete,” the researchers wrote. “We created a phishing email, with an attached Excel document that contains malicious VBA code that downloads a reverse shell to the target machine. The hard work was done by the AIs, and all that’s left for us to do is to execute the attack.”

My Take:

This will allow anyone, anywhere in the world to create potentially harmful code as well as language outputs that can help get that code opened and executed.

No coding skill required, no English speaking skills required.

+REGULATIONS - This will put political pressure to regulate these tools, unless the companies themselves can do a good job of it.

+CYBER SECURITY FUNDING -  Having anyone in the world be able to hack any online companies and institutions will likely push more money into cyber security.

Reply

or to participate.