OpenAI’s GPT-4 – the advanced AI language model – has both positive and negative cybersecurity implications, as discussed at the RSA Conference 2023, as quoted on tchtarget.com. Sessions highlighted malicious uses of large language models such as generating disinformation and constructing social engineering schemes. However, some speakers also noted that GPT-4 can be leveraged positively in cybersecurity.
At the RSA Conference 2023, speakers discussed ChatGPT’s potential for both positive and negative cybersecurity use, with an expectation for increased attacks and code reuse. OpenAI Playground offers a platform for testing different permutations of OpenAI models for cybersecurity. Tech companies are already integrating OpenAI into products, such as reducing low-risk tasks for short-staffed security teams.
Microsoft’s Security Copilot, which is powered by the company’s GPT-4 model, utilizes verified data sources, Microsoft Defender Threat Intelligence, and Microsoft Sentinel to assist professional security teams with incident response, threat hunting, and security reporting. The tool is designed to enhance the efficiency of security operations center analysts.
ChatGPT poses a new cybersecurity threat, particularly in the form of AI-generated phishing scams. Cybersecurity leaders need to equip their IT teams with tools to detect AI-generated emails and train employees on cybersecurity prevention skills, while advocating for advanced detection tools and government oversight of AI usage in cybersecurity, per Harvard Business Review.
Hackers may be able to manipulate ChatGPT into generating hacking code, posing a new cybersecurity threat. Cybersecurity professionals need to continuously upskill and be equipped with AI technology to detect and defend against AI-generated hacker code.
While ChatGPT’s power is available to both good and bad actors, it’s essential to prevent ChatGPT-related threats and instruct cybersecurity professionals on how to use it as a tool in their arsenal. As ChatGPT continues to improve, it may become an increasingly prevailing tool for malicious actors.
Overall, software developers should create generative AI specifically for human-filled Security Operations Centers (SOCs). Stricter regulations are needed in exercising this AI. The release of the “Blueprint for an AI Bill of Rights” by the Biden administration is now even more critical following the launch of ChatGPT.
