As TechCrunch reports, Israeli cybersecurity company Check Point showed early on that the natural language processing tool could be used alongside OpenAI’s code-writing platform Codex to draft up malware-capable phishing emails. Check Point threat intelligence group manager Sergey Shykevich told the news site that ChatGPT has the “potential to significantly alter the cyber threat landscape.”
Numerous security experts said that cybercriminals will adopt ChatGPT because it can create phishing emails that seem genuine. Phishing remains the No. 1 attack vector for ransomware. Threat actors who aren’t native English speakers could especially see a benefit. Suleyman Ozarslan, a security researcher and the co-founder of Picus Security, told TechCrunch that ChatGPT will “democratize cybercrime.”
However, Laura Kankaala, F-Secure’s threat intelligence lead, is quoted as saying that cybersecurity pros can find uses for ChatGPT, too. The tool could help simulate cyberattacks or automate certain attacks, she said. ESET’s Jake Moore even told TechCrunch that “if ChatGPT learns enough from its input, it may soon be able to analyze potential attacks on the fly and create positive suggestions to enhance security.”
Indeed, as HelpNetSecurity reports, information security teams can look to ChatGPT as “an all-around assistant.” Security operation teams may particularly find the chatbot useful in scripting, malware analysis and forensics.
Still, as Dark Reading reports, ChatGPT’s ability to reply realistically to content queries could be useful for threat actors using the attack method known as business email compromise. The tool could potentially make it more difficult for organizations to detect BEC attacks, where cybercriminals send a deceptive email that fools a recipient into giving them the data they seek.
In the end, as Computer Weekly reports, threat actors will use AI in their attacks, and organizations must be prepared to defend against it. That could include using tools like ChatGPT in protecting code, educating users or learning more about a threat.