From the supercomputer known as War Operation Plan Response (WOPR) in WarGames to the Borg in Star Trek, for decades, computers have been portrayed as taking over the world and people have feared terrible things would happen. ChatGPT is the next computing advancement, and, once again, people are getting caught up in gloom and doom prognostications. It’s a storyline that sells movie tickets and captures clicks. But if we look back at history, the benefits of the digital age greatly outweigh any of the cybersecurity downsides we’re dealing with today. Instead of focusing solely on the potential risk surrounding ChatGPT, let’s start looking at the potential gains and positive outcomes.
A Closer Look at the Perceived Risks
Malware provides a great opportunity for a balanced discussion around ChatGPT. A recent report discussed how hackers are using ChatGPT to recreate malware strains. But thinking they can rely on ChatGPT to pull off an entirely new malware campaign, end-to-end, is pretty far-fetched. In most cases, malware campaigns are based on exploiting vulnerabilities that are either true zero days or publicly known.
Creating a malware campaign using zero days is extremely difficult because discovering them is complex. Especially when you consider that a good portion of the vulnerabilities that are being exploited come from code that isn’t open source. Attackers don’t have access to feed closed source code into ChatGPT or other AI tools to look for vulnerabilities. Even if they did have that level of access, AI cannot do this yet. ChatGPT’s capabilities are only as good as the level of training and retraining it receives over time, and there is no way for bad guys to accomplish this currently.
If a vulnerability has been disclosed so it has a CVE, then a hacker could potentially ask ChatGPT to create a program that makes use of this known vulnerability. But in this case, as defenders, we have mitigations to patch known vulnerabilities and protect against these types of attacks.
There’s also been concern about bad guys using ChatGPT to create more convincing spear phishing emails. Poor grammar, misspellings and awkward phrasing are telltale signs of scam emails. But there are already numerous free apps to help with this. If attackers wanted to invest the time and effort to go the extra mile to improve their writing, they would already be doing this today.
What’s more, lazy hackers using shortcuts to create malware is just one small part of what goes into effectively running a full-blown campaign. They still need ways to identify targets, gain initial access, remain undetected and move laterally once inside the network, encrypt and exfiltrate data or disrupt operations and monetize their efforts.
The Opportunity for Reward
Current concerns about ChatGPT being used for malicious purposes far outweigh the reality. In fact, the upside for defenders is as great, if not greater. Here are just some of the benefits to be gained:
- Reduce the exploitation of vulnerabilities. When good guys have a tool based on ChatGPT that can be trained to scan across closed source code and look for common vulnerabilities that could be exploited, we have a huge opportunity to reduce the number of zero days and make life much more difficult for bad guys. And with all the talk about security automation, let’s start talking about intelligent automation to help us accelerate vulnerability prioritization and patching/updates to stay ahead of bad guys more effectively.
- Jump-start quality coding. The value of ChatGPT lies in its potential as an underlying technology that we can feed very specific best practices for writing code and even examples of what not to do and then build on that output. So, while we can’t ask ChatGPT to write an entire subsystem for us (good news engineers – your jobs are safe for the foreseeable future!), we can ask it to write an algorithm or a procedure to do a specific function and, in return, receive a framework as a starting point. This leg-up saves time and helps programmers avoid common mistakes that could lead to vulnerabilities in the future. In fact, there’s a GitHub project that does this very thing. When you’re writing code, you can comment in your integrated development environment (IDE) about what you want to do with a procedure, giving you a structure to start with.
- Accelerate threat hunting and investigation. We could also take ChatGPT to a level where we train it to look at massive volumes of event data stored in the SIEM and correlate and look for patterns across the external threat intelligence sources an organization subscribes to. Identifying behaviors that match tactics, techniques and procedures (TTPs) we’ve seen from a particular threat actor can point threat hunters and forensics teams in the right direction faster and accelerate detection and response. ChatGPT can be used to close the Observe, Orient, Decide, Act (OODA) loop and gain the upper hand against threat actors – the ultimate benefit for security teams.
It’s easy to get swept up in the hype and forget that there are two sides to this coin; for every negative, there is a positive. Instead of only speculating about the dangers on the horizon, let’s learn how emerging capabilities can help us better defend ourselves across the security landscape. That’s the real opportunity ChatGPT affords us, and the sooner we start to take advantage of it, the better.