Security News > 2023 > November > Offensive and Defensive AI: Let’s Chat(GPT) About It

Offensive and Defensive AI: Let’s Chat(GPT) About It
2023-11-07 10:21

ChatGPT: Productivity tool, great for writing poems, and a security risk?! In this article, we show how threat actors can exploit ChatGPT, but also how defenders can use it for leveling up their game.

Finding Vulnerabilities - Attackers can prompt ChatGPT about potential vulnerabilities in websites, systems, APIs, and other network components.

According to Etay Maor, Senior Director of Security Strategy at Cato Networks, "There are guardrails in ChatGPT and the Playground to prevent them from giving answers that support doing something bad or evil. But, 'social engineering' the AI enables finding a way around that wall."

Deciphering Attacker Code - Analysts can upload attacker code to ChatGPT and get an explanation of the steps taken and the executed payload. Predicting Attack Paths - ChatGPT can predict future probable attack paths of an attack, by analyzing similar past cyber attacks and the techniques that were used.

Identifying Vulnerable Web Pages - Web developers or security professionals can prompt ChatGPT to review a website's HTML code and identify vulnerabilities that would enable SQL injections, CSRF attacks, XSS attacks, or DDoS attacks.

AI vs. AI - Currently ChatGPT is not able to identify if a prompted text was written by AI or not.


News URL

https://thehackernews.com/2023/11/offensive-and-defensive-ai-lets-chatgpt.html