Eight analyst predictions for where ChatGPT security will be in 2023
The recent release of ChatGPT-4 by artificial intelligence developer OpenAI shocked the world again, but what it means in the field of data security has yet to be determined. On the one hand, generating malware and ransomware is easier than ever. On the other hand, ChatGPT can also provide a series of new defense use cases.
The recent release of ChatGPT-4 by artificial intelligence developer OpenAI shocked the world again, but what it means in the field of data security has yet to be determined. On the one hand, generating malware and ransomware is easier than ever. On the other hand, ChatGPT can also provide a series of new defense use cases.
Industry media recently interviewed some of the world's top cybersecurity analysts, and they made the following predictions for the development of ChatGPT and generative artificial intelligence in 2023:
- ChatGPT will lower the threshold for cybercrime.
- Creating convincing phishing emails will become easier.
- Businesses will need security professionals who understand AI technology.
- Businesses will need to validate the content of generative AI output.
- Generative AI will escalate existing threats.
- Enterprises will define their expectations for the use of ChatGPT.
- Artificial intelligence will enhance human capabilities.
- Businesses will still face the same old threats.
Here are some predictions from cybersecurity analysts.
1.ChatGPT will lower the threshold for cybercrime
Steve Grobman, senior vice president and chief technology officer of McAfee, said, “ChatGPT lowers the threshold for use, making it possible to invest in highly skilled personnel that have traditionally been required. and large amounts of money, some techniques are available to anyone with access to the Internet. Unskilled cyberattackers now have the means to generate malicious code in bulk.
For example, they can ask programs to write code , generates text messages sent to hundreds of people, just like what a non-criminal marketing team would do. Instead of directing recipients to a safe website, it takes them to a website with malicious threats. While the code itself is not malicious, it can be used to deliver dangerous content.
Like any emerging technology or application that has pros and cons, ChatGPT will be used by both good and bad actors, so the network The security community must remain vigilant about how it is being exploited."
2. Crafting convincing phishing emails will become easier
Justin Greis, a partner at McKinsey & Company, said, "Broadly speaking, Generative AI is a tool, and like all tools, it can be used for good or evil purposes. There are already many use cases cited today, both by threat actors and by curious researchers. More convincing phishing emails are being crafted, malicious code and scripts are being generated to launch potential cyberattacks, or even just to query for better, faster intelligence.
But for every case of abuse, Controls will continue to be put in place to counter them. This is the nature of cybersecurity, a never-ending race to outmaneuver your adversaries and outrun your defenders.
As with any tool that can be used for malicious harm , companies must put guardrails and safeguards in place to protect the public from abuse. There is a very fine ethical line between experimentation and exploitation."
3. Businesses will need security professionals who understand artificial intelligence
David Hoelzer, a SANS researcher at the SANS Institute, said, "ChatGPT is currently popular around the world, but we are only in its infancy in terms of its impact on the cybersecurity landscape. This marks the adoption of artificial intelligence on both sides of the dividing line/ The beginning of a new era of machine learning, not so much because of what ChatGPT can do, but because it pushes artificial intelligence/machine learning into the public spotlight.
On the one hand, ChatGPT can potentially be used for social purposes The democratization of engineering gives inexperienced threat actors new capabilities to quickly and easily generate excuses or scams and deploy sophisticated phishing attacks at scale.
On the other hand, when it comes to creating novel ChatGPT is much less capable when attacking or defending. This is not a failure of it, but rather that people are asking it to do things it is not trained to do.
What does this mean for security professionals? Can we safely ignore ChatGPT? No. As security professionals, many of us have tested ChatGPT to see how well it performs basic functions. Can it write Pen test scenarios? Can it write phishing excuses? How can it help build attack infrastructure and C2? So far, its testing results have been mixed.
However, the larger security conversation is not about ChatGPT. It’s about whether we currently have security roles that understand how to build, use and interpret AI/ML technologies. ”
4. Enterprises will need to verify the content of the output of generative AI
Gartner analyst Avivah Litan said, “In some cases, when security personnel cannot verify the content of their output, At the same time, ChatGPT will cause more problems than it solves. For example, it will inevitably miss the detection of some vulnerabilities and give enterprises a false sense of security.
Similarly, it can miss detection of phishing attacks it is notified about and provide incorrect or outdated threat intelligence.
Therefore, we will definitely see in 2023 that ChatGPT will be responsible for missed cyberattacks and vulnerabilities that lead to data leakage of enterprises using it. ”
5. Generative AI will escalate existing threats
Rob Hughes, chief information security officer at RSA, said, “Like many new technologies, I don’t think ChatGPT will bring New threats. I think the biggest change it will make to the security landscape is to amplify, accelerate and enhance existing threats, particularly phishing.
At a basic level, ChatGPT can provide cyber attackers with syntactically correct phishing emails, something we don’t see very often these days.
While ChatGPT remains an offline service, it is only a matter of time before cyber threat actors begin to combine internet access, automation and artificial intelligence to create persistent and advanced attacks.
With chatbots, humans don’t need to write bait for spamming. Instead, they could write a script that says "Use internet data to get familiar with so-and-so and keep messaging them until they click the link."
Phishing remains a major cause of cybersecurity breaches one of the reasons. Having a natural language bot use a distributed spear phishing tool while working at scale on hundreds of users' machines will make it harder for security teams to do their job. ”
6. Enterprises will define expectations for the use of ChatGPT
Matt Miller, head of cybersecurity services at KPMG, said that as more enterprises explore and adopt ChatGPT, security will is top of mind. Here are some steps to help enterprises get a head start in 2023:
(1) Set expectations for how ChatGPT and similar solutions should be used in enterprise environments. Develop acceptable Usage policy; defines a list of all approved solutions, use cases, and data that employees can rely on; and requires inspections to verify the accuracy of responses.
(2) Establish internal processes to review relevant usage awareness The impact and evolution of regulations on automated solutions, in particular the management of intellectual property, personal data, and appropriate inclusion and diversity.
(3) Implement technical network controls, paying particular attention to testing the operational resilience of code and scanning for malicious payloads. Additional controls include but are not limited to: multi-factor authentication and allowing access only to authorized users; application of data loss prevention schemes ensuring that all code generated by tools undergoes a standard review process and cannot be copied directly to production environments and configure network filtering to alert employees when they access unapproved solutions.
7. Artificial Intelligence will augment human capabilities
Senior Vice President, Analyst Services, ESG Corporation And senior analyst Doug Cahill said, "As with most new technologies, ChatGPT will become a resource for cyber attackers and defenders, with adversarial use cases including reconnaissance and defenders looking for best practices and the threat intelligence marketplace. As with other ChatGPT use cases, the fidelity of user test responses will vary as the AI system is trained on an already large and growing corpus of data.
While the ChatGPT use case is widely used, sharing threat intelligence among team members for threat hunting and updating rules and defense models is promising. However, ChatGPT is another example of AI augmenting (rather than replacing) the human element required in any type of threat investigation application scenario. ”
8. Enterprises will still face the same old threats
Candid Wuest, vice president of global research at Acronis, said, “While ChatGPT is a powerful language generation model, this technology is not A stand-alone tool cannot run independently. It relies on user input and is limited by the data it is trained on.
For example, the phishing text generated by this model still needs to be sent from an email account and directed to a website. These are traditional indicators that can be analyzed to help detect them.
While ChatGPT has the ability to write exploits and payloads, testing has shown that these features are not as good as initially suggested. The platform can also be used to write malware, and while this code can already be found online and on various forums, ChatGPT makes it more accessible to the masses.
However, its variations are still limited, making this malware easily detectable by behavior-based detection and other methods. ChatGPT is not specifically designed to target or exploit vulnerabilities, but it may increase the frequency of automated or simulated messages. It lowers the barrier to entry for cybercriminals but does not introduce entirely new attack methods to established businesses. ”
The above is the detailed content of Eight analyst predictions for where ChatGPT security will be in 2023. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
ChatGPT now allows free users to generate images by using DALL-E 3 with a daily limit
Aug 09, 2024 pm 09:37 PM
DALL-E 3 was officially introduced in September of 2023 as a vastly improved model than its predecessor. It is considered one of the best AI image generators to date, capable of creating images with intricate detail. However, at launch, it was exclus
Bytedance Cutting launches SVIP super membership: 499 yuan for continuous annual subscription, providing a variety of AI functions
Jun 28, 2024 am 03:51 AM
This site reported on June 27 that Jianying is a video editing software developed by FaceMeng Technology, a subsidiary of ByteDance. It relies on the Douyin platform and basically produces short video content for users of the platform. It is compatible with iOS, Android, and Windows. , MacOS and other operating systems. Jianying officially announced the upgrade of its membership system and launched a new SVIP, which includes a variety of AI black technologies, such as intelligent translation, intelligent highlighting, intelligent packaging, digital human synthesis, etc. In terms of price, the monthly fee for clipping SVIP is 79 yuan, the annual fee is 599 yuan (note on this site: equivalent to 49.9 yuan per month), the continuous monthly subscription is 59 yuan per month, and the continuous annual subscription is 499 yuan per year (equivalent to 41.6 yuan per month) . In addition, the cut official also stated that in order to improve the user experience, those who have subscribed to the original VIP
Context-augmented AI coding assistant using Rag and Sem-Rag
Jun 10, 2024 am 11:08 AM
Improve developer productivity, efficiency, and accuracy by incorporating retrieval-enhanced generation and semantic memory into AI coding assistants. Translated from EnhancingAICodingAssistantswithContextUsingRAGandSEM-RAG, author JanakiramMSV. While basic AI programming assistants are naturally helpful, they often fail to provide the most relevant and correct code suggestions because they rely on a general understanding of the software language and the most common patterns of writing software. The code generated by these coding assistants is suitable for solving the problems they are responsible for solving, but often does not conform to the coding standards, conventions and styles of the individual teams. This often results in suggestions that need to be modified or refined in order for the code to be accepted into the application
Can fine-tuning really allow LLM to learn new things: introducing new knowledge may make the model produce more hallucinations
Jun 11, 2024 pm 03:57 PM
Large Language Models (LLMs) are trained on huge text databases, where they acquire large amounts of real-world knowledge. This knowledge is embedded into their parameters and can then be used when needed. The knowledge of these models is "reified" at the end of training. At the end of pre-training, the model actually stops learning. Align or fine-tune the model to learn how to leverage this knowledge and respond more naturally to user questions. But sometimes model knowledge is not enough, and although the model can access external content through RAG, it is considered beneficial to adapt the model to new domains through fine-tuning. This fine-tuning is performed using input from human annotators or other LLM creations, where the model encounters additional real-world knowledge and integrates it
To provide a new scientific and complex question answering benchmark and evaluation system for large models, UNSW, Argonne, University of Chicago and other institutions jointly launched the SciQAG framework
Jul 25, 2024 am 06:42 AM
Editor |ScienceAI Question Answering (QA) data set plays a vital role in promoting natural language processing (NLP) research. High-quality QA data sets can not only be used to fine-tune models, but also effectively evaluate the capabilities of large language models (LLM), especially the ability to understand and reason about scientific knowledge. Although there are currently many scientific QA data sets covering medicine, chemistry, biology and other fields, these data sets still have some shortcomings. First, the data form is relatively simple, most of which are multiple-choice questions. They are easy to evaluate, but limit the model's answer selection range and cannot fully test the model's ability to answer scientific questions. In contrast, open-ended Q&A
SOTA performance, Xiamen multi-modal protein-ligand affinity prediction AI method, combines molecular surface information for the first time
Jul 17, 2024 pm 06:37 PM
Editor | KX In the field of drug research and development, accurately and effectively predicting the binding affinity of proteins and ligands is crucial for drug screening and optimization. However, current studies do not take into account the important role of molecular surface information in protein-ligand interactions. Based on this, researchers from Xiamen University proposed a novel multi-modal feature extraction (MFE) framework, which for the first time combines information on protein surface, 3D structure and sequence, and uses a cross-attention mechanism to compare different modalities. feature alignment. Experimental results demonstrate that this method achieves state-of-the-art performance in predicting protein-ligand binding affinities. Furthermore, ablation studies demonstrate the effectiveness and necessity of protein surface information and multimodal feature alignment within this framework. Related research begins with "S
ChatGPT is now available for macOS with the release of a dedicated app
Jun 27, 2024 am 10:05 AM
Open AI’s ChatGPT Mac application is now available to everyone, having been limited to only those with a ChatGPT Plus subscription for the last few months. The app installs just like any other native Mac app, as long as you have an up to date Apple S
SK Hynix will display new AI-related products on August 6: 12-layer HBM3E, 321-high NAND, etc.
Aug 01, 2024 pm 09:40 PM
According to news from this site on August 1, SK Hynix released a blog post today (August 1), announcing that it will attend the Global Semiconductor Memory Summit FMS2024 to be held in Santa Clara, California, USA from August 6 to 8, showcasing many new technologies. generation product. Introduction to the Future Memory and Storage Summit (FutureMemoryandStorage), formerly the Flash Memory Summit (FlashMemorySummit) mainly for NAND suppliers, in the context of increasing attention to artificial intelligence technology, this year was renamed the Future Memory and Storage Summit (FutureMemoryandStorage) to invite DRAM and storage vendors and many more players. New product SK hynix launched last year
