ChatGPT accelerates all sorts of workflows. Will crafting threats be one of them?
Marty fears AI might help attackers customize and modify their techniques faster then defensive technologies can keep up. “We know this is how an attack looks, and we have these big signature databases for that. Now they can change the attack to look however they want based on the target that they’re going after,” he says.
Wisniewski worries about artificial assistance making ransomware gangs more efficient as well as more targeted.
“I can have a thousand victims on the hook with one person managing those victims instead of 20,” he says. “That worries me a little bit.”
But only a little bit. Large language models like OpenAI’s GPT 4 are exceptionally good at mashing up previously created content into something that appears new, but it doesn’t actually generate original thought, he notes. The same thing will be true of any malware it produces.
“It writes code the way it saw other code being written, which means that when it writes malicious code, it writes malicious code that looks like other malicious code,” Wisniewski says. Today’s security software already knows how to defeat that.
“We’re going to see possibly more attacks, but it’s not going to create new attacks,” he predicts.
Nick Biasini, head of outreach for Cisco Talos Threat Intelligence Group, agrees. AI can help experienced cybercriminals move faster but it won’t uncork a torrent of new threats and threat actors.
“ChatGPT is a great tool for people who already know what they’re doing,” he says. “It’s not going to create this massive sea of attackers who all of a sudden have these incredible capabilities.”
To the contrary, Wisniewski says, AI’s likely to help more than it harms by enabling developers to write safer code.
“If a generative model can find vulnerabilities, that just means all the good guys are going to fix all the vulnerabilities on their own stuff before it gets out,” he notes.
AI can help security software diagnose and defeat threats more quickly too, which is why companies like SentinelOne are already building it into their products. Anscombe, however, prefers a more careful approach to incorporating generative AI into security software until its output and behavior is more predictable than it is at present.
“There’s a huge rush to look cool,” he says. “I would err toward caution on building some of this in too quickly. A bad implementation of it could be disastrous.”
