X-Labs
Janvier 10, 2023

ChatGPT—Cybersecurity Nirvana... or Something Else?

Aaron Mulgrew

By now, most people have heard of ChatGPT, or least the possibilities for a future where AI plays a key role in our daily activities. For those that haven’t heard about it yet, ChatGPT is a technology developed by OpenAI, based upon GPT3.5 with a specific emphasis on responding to messages in a human friendly way, for use in chatbots.

 

But what are the implications for cybersecurity?

ChatGPT has been all over the news recently. Multiple security researchers have successfully used ChatGPT to find potential vulnerabilities in systems, even without the context of the full codebase. Here's an example from @payloadartist:

 I gave ChatGPT a code snippet and asked how I could exploit a vulnerability

 

Consulting ChatGPT will mean that attackers can potentially have the upper hand, as there has never been a system before which allows somebody looking to exploit a system such easy access to a repository of information that is contextual to that specific attacker, at that exact moment in time. This presents a short-term problem for cybersecurity. With so many vulnerabilities in systems around the world, it’s only a matter of time before attackers manage to exploit previously unknown vulnerabilities, with the aide of ChatGPT.

Although there may be potential challenges, it is important to recognize that ChatGPT also presents a chance for improvement. Specifically, for Blue teams, particularly those that are integrated with application development teams (such as devsecops), ChatGPT provides a chance to shape the development of the application in a way to ensure secure by design and ChatGPT helps achieve that by being utilized as a convenient ad-hoc pen-testing tool.

ChatGPT is still a new technology, so popular that it has been down sporadically forthe past 12 hours or so. It could be used as a force for good, in particular blue teams, by using it as ad-hoc pen testing. However, in the short term, it is likely that attackers will utilize ChatGPT to uncover vulnerabilities. Therefore, it is imperative to implement robust security measures such as Zero Trust Network Access (ZTNA) and Zero Trust CDR to protect against advanced and evolving attacks.

See this page for information on how Forcepoint can help protect against ChatGPT or reach out to talk to an expert.

Aaron Mulgrew

Aaron works with central government departments in the UK and abroad to secure their systems, as well as working alongside critical national infrastructure providers to make sure they aren’t an easy route to compromise. With a specialism in cryptocurrency...

Read more articles by Aaron Mulgrew

À propos de Forcepoint

Forcepoint est une entreprise leader en cybersécurité pour la protection des utilisateurs et des données. Son objectif est de protéger les entreprises tout en stimulant la transformation et la croissance numériques. Nos solutions s’adaptent en temps réel à la façon dont les personnes interagissent avec les données, et offrent un accès sécurisé tout en permettant aux employés de créer de la valeur.