One Year of ChatGPT: The Impact of Generative AI on Cybersecurity​

OpenAI launched ChatGPT a year ago on November 30, 2022. The public release of the large language model (LLM) chatbot quickly sparked discussion about the societal impact generative AI will have – both good and bad. Numerous other AI chatbot tools were released soon after, including Google Bard and Microsoft’s Bing AI.

LLMs have had a huge impact in the world of cybersecurity. Of particular concern has been their use by threat actors in areas like social engineering campaigns and malware creation. Generative AI also offers potential opportunities as they can be used to augment the defenders’ capabilities.

The main way LLMs like ChatGPT have been utilized by cybercriminals so far is in social engineering campaigns. James McQuiggan, security awareness advocate at KnowBe4, explained that the ability to use such tools to write phishing emails in any language with good spelling and grammar means that traditional guidance and training in this area “pretty much goes out of the window now.” He added that this has broken down barriers for people who do not have experience of the cybercriminal underground to be able to launch social engineering attacks. The only real learning required is knowing how to type the right prompts into LLM tools to generate the right messages.

Etay Maor, senior director of security strategy at Cato Networks, explained that AI technology is on the radar of cybercriminal groups. He said much of the chatter on dark web forums suggesting the tools are 3-5 years away from being put to widespread use in malware campaigns.

InfoSecurity Magazine 12/04/2023