Connecticut
Information Security

Al Chat: Friend or Foe?

person with letters on his palms

Recently there has been a lot of chatter around ChatGPT and the Bing Chat platform. These AI engines are being used in a number of creative ways like composing jokes or writing essays in the ‘tone’ of specific individuals. Aside from these recreational uses, the platforms have considerations for cybersecurity as well.

A simple example to consider is the creation of phishing emails. A hallmark tell tale of phishing is broken English or improperly worded phrases. English is not always the first language for phishing groups and using online translations such as Google doesn’t always capture the proper sentence structure. This will change with the new AI engines which will be able to produce perfectly formed emails that remove doubt caused by awkwardly structured emails.

Beyond emails and essays, the engines are also able to write and debug code. This will lower the threshold for attackers to payload a vulnerability disclosure. Similarly, creating custom code to be used in a potentially malicious way may be as simple as a request.

Next, expect attackers to leverage live chat and coercive discussions against targets. Instead of a call from a scammer on the phone, a digitized version of these AI engines will be making the calls. They will sound friendly, familiar, and have all the answers.

The next generation engines promise to be even more sophisticated, which begs the question, how can we protect ourselves from such potential scenarios? In our view, most of the protections will be the same as they are today, but AI will need to be put to use for defense. If an engine outputs a request, that request can be requested again. Comparing the similarities between requests using the AI engines will help to spot fakes. Traditional defenses will need to shift slightly to include more dynamic testing, but the foundations of layers, education, and good operational execution are still crucial.

For the time being, ChatGPL and other AI engines are still on the attack fringes, but they will become more common over time. The key is for security teams to continue to evolve alongside the attacks and react accordingly.