March 9, 2023

As the Chief Technology Officer at Social Mobile, I am always interested in the latest technologies and their potential uses. One area of great interest is the intersection of cybersecurity and artificial intelligence (AI). ChatGPT, a chatbot developed by OpenAI, is a powerful tool that can be integrated into current cybersecurity systems and processes to improve their effectiveness. However, as with any technology, there are also potential risks and ethical implications to consider. As we navigate the use of AI in cybersecurity, it is important to recognize the opportunities and challenges that lie ahead.

What is ChatGPT?

ChatGPT is a chatbot developed by OpenAI and is based on a Large Language Model (LLM). Its main design is to function as a conversational tool that closely mirrors human interactions. In the context of cybersecurity, there are two planes here. The first is for bad or black hat use cases where nefarious actors will use ChatGPT to impersonate others or write malware code. On the good side, ChatGPT can be used by security vendors to help comb through substantial amounts of security telemetry data for signs of all sorts of terrible things.

Enhancing Cybersecurity with ChatGPT Integration

One way to improve the effectiveness of current cybersecurity systems and processes is by integrating ChatGPT’s capabilities into security tools. This integration can help augment human manual reviews and enhance the review of security logs, SIEM logs, firewall logs, EDR logs, malware logs, and other relevant logs. Unlike other AI/ML tools, ChatGPT can identify patterns and anomalies in language and provide insights into the intent behind text-based logs.

For example, in the case of Google Play, the platform already uses a wide range of AI capabilities to inspect applications submitted to the Google Play Store. By integrating ChatGPT into existing security tools, the detection of trends and anomalies will be exponentially more efficient, quicker, and without the human error factor. ChatGPT can analyze the logs for any unusual or suspicious activity and provide insights into the possible causes of such activity.

ChatGPT can also be helpful in addressing cybersecurity threats such as phishing, malware, and cyber-attacks. Unfortunately, bad actors can also use ChatGPT to craft more realistic and convincing phishing emails. While many phishing emails today have obvious errors, removing these visible signs will make phishing emails look more convincing. To combat this, a defensive model is to use AI to proactively look for phishing email signals in less visible parameters of emails, such as email headers.

As part of the effort to detect and prevent the misuse of ChatGPT for cybersecurity threats, tools are being developed that can identify text generated by ChatGPT. Machine learning algorithms can analyze language patterns to detect specific characteristics unique to language models, while behavioral analysis systems look for patterns in how language models are being used. In addition, AI can be used to analyze email headers for suspicious patterns that may indicate phishing attacks. While these tools are still being refined and may not be foolproof, they show promise in detecting the misuse of ChatGPT and other language models. Ethical and responsible use is crucial, and measures must be in place to detect and prevent their misuse.

Potential Threats of ChatGPT and Generative AI models

We must consider the ethical implications of using ChatGPT technology in cybersecurity, as well as any privacy aspects for many fringe uses. Early in the release of ChatGPT, I asked it to write me a Python script to automate attacking a Wi-Fi network utilizing the Aircrack-ng line of tools. It was happy to comply.

In the spirit of the recent UFO and UAP chatter in the world, I asked ChatGPT to write me a story about aliens coming to earth and using humans as a food source (dark, I know). It happily produced a story that was a 5-minute read. With all that said, now the system will kindly reply that it will not do either of these.

Guardrails on the use of AI will be important moving forward.

While there are risks associated with the use of ChatGPT in cybersecurity, it is essential to recognize that the future of cybersecurity lies in the integration of AI into security tools. As AI capabilities continue to develop, attackers will undoubtedly find ways to use AI for their advantage. Therefore, defenders will have to use AI more effectively to fight AI attacks. In the future, we may see a world where AI fights AI.

Apart from ChatGPT, other generative AI models pose a potential threat to enterprises. For example, AI is already being used to create “deep fake” videos and images that are startlingly realistic. Additionally, AI could potentially be used to launch large-scale social engineering attacks. Imagine an AI trained on hours of social engineering content, teaching it how to convince, negotiate, and react in the perfect way to each response over the phone. Such an AI would be a powerful tool for conducting successful social engineering attacks on millions of people. It is critical to consider such potential threats when assessing the use of AI in cybersecurity.

Navigating the Use of AI in Cybersecurity for Enterprises

ChatGPT is a powerful tool that can be both a benefit and a threat to enterprises, particularly in the realm of cybersecurity. As mentioned previously, bad actors will always find ways to use technology to their advantage, and the use of ChatGPT and other large language models (LLMs) by hackers is a growing concern. However, the same AI tools that pose a threat can also be leveraged by enterprises to defend against attacks, and the use of AI in cybersecurity will only continue to evolve.

Enterprises can also turn to hardware and software vendors like Google/Android/Android Enterprise for assistance in defending against AI-based threats. These companies have some of the most accomplished security experts in the industry, and their security teams are exceptionally skilled. Vendors can help maintain device integrity through the use of hardware roots of trust to verify integrity, which is becoming increasingly important as the threat landscape evolves. Ultimately, as AI becomes more prevalent in both attack and defense strategies, enterprises will need to keep pace with these changes to stay ahead of the threats posed by bad actors.

The Future of ChatGPT and Social Mobile

At Social Mobile, we already implement a zero-trust framework, which is a key element in our cybersecurity strategy. We believe that multiple layers of defense are the best approach to protect our assets and systems. As we look to the future of ChatGPT for Social Mobile, we plan to layer on AI to enhance our cybersecurity defenses further. We are carefully monitoring how our suite of solutions introduces AI into their products, and we will review how best to implement these features. By combining our existing zero-trust framework with AI capabilities, we can better identify and respond to potential threats to our systems and data.