The world’s most popular chatbot, ChatGPT, is being used by threat actors to exploit its power to create new malware.
Cybersecurity company WithSecure has confirmed that it has discovered examples of the notorious malware AI writer in the wild. What makes ChatGPT particularly dangerous is that it can produce countless variations of the malware, which makes them difficult to detect.
A bad actor could simply give ChatGPT examples of existing malware code and instruct it to craft new strains based on them, making it possible to perpetuate the malware without needing to be nearly identical to the previous one.
do good or evil
News abounds about regulating AI to prevent it from being used for malicious purposes. When ChatGPT started going viral last November, its use was largely unregulated, and within a month it had been hijacked to write malicious emails and files.
There are certain protections within the model designed to prevent malicious prompts from executing, but there are ways threat actors can bypass these.
WithSecure CEO Juhani Hintikka told InfoSec cybersecurity defenders often use AI to find and remove malware created manually by threat actors.
However, it now appears that things are looking up with the free availability of powerful AI tools like ChatGPT. Remote access tools have been used for illegal purposes, and now so too has AI.
Tim West, director of threat intelligence at WithSecure, added: "ChatGPT will support both good and bad software engineering and is an enabler that lowers the barrier to entry for threat actors to develop malware."
While the phishing emails ChatGPT can write are typically discovered by humans, as LLMs become more advanced, it may become more difficult to prevent such scams in the future, according to Hintikka.
What's more, as the success of ransomware attacks increases at an alarming rate, threat actors are reinvesting and becoming more organized, expanding operations through outsourcing and further developing their understanding of AI to launch More successful attacks.
Hintikka concluded that looking to the future of cybersecurity, “it’s going to be a game of good AI versus bad AI.”
techradar 