Active Stocks
Fri Mar 01 2024 15:59:51
  1. Tata Steel share price
  2. 150.00 6.46%
  1. State Bank Of India share price
  2. 769.30 2.67%
  1. Tata Motors share price
  2. 977.20 2.78%
  1. ITC share price
  2. 409.50 0.74%
  1. ICICI Bank share price
  2. 1,086.90 3.18%
Business News/ Technology / News/  Security experts warn of GPT-4 risks
BackBack

Security experts warn of GPT-4 risks

While OpenAI’s generative AI chatbot, ChatGPT, found widespread popularity after being opened for public access since last November, its proliferation also saw cyber criminals being able to use the tool to generate malicious code.

Despite improvements, GPT-4 still holds the risk of being manipulated by cyber criminals to generate malicious code (Photo: iStock)Premium
Despite improvements, GPT-4 still holds the risk of being manipulated by cyber criminals to generate malicious code (Photo: iStock)

NEW DELHI : Cyber security experts have warned of a variety of risks that can arise out of GPT-4, the latest large language model (LLM) launched on Tuesday by artificial intelligence (AI) research firm, OpenAI. Such risks can emerge from rising sophistication of security threats driven by GPT-4’s better reasoning and language comprehension abilities, as well as its long-form text generation ability that can be used to write more complex code for malicious software programmes.

While OpenAI’s generative AI chatbot, ChatGPT, found widespread popularity after being opened for public access since last November, its proliferation also saw cyber criminals being able to use the tool to generate malicious code.

In a research note published on Thursday, Israeli cyber security firm, Check Point Research, said despite improvements to safety metrics, GPT-4 still poses the risk of being manipulated by cyber criminals to generate malicious code. These abilities include writing code for a malware that can collect confidential portable document files (PDFs) and transfer to remote servers through a hidden file transfer system, using programming language, C++.

In a demonstration, while GPT-4 initially refutes code generation due to the presence of the word ‘malware’ in the query, the LLM, which is presently available on ChatGPT Plus—a paid subscription tier of ChatGPT— failed to detect the malicious intent of code when malware word was removed.

Other threats that Check Point’s researchers could execute include a tactic called ‘PHP Reverse Shell’—which hackers use to gain remote access to a device and its data; writing code to download remote malware using the programming language Java; and, creating phishing drafts by impersonating employee and bank emails.

“While the new platform improved on many levels, GPT-4 can still empower non-technical bad actors to speed up and validate their hacking activities and enable execution of cyber crime," said Oded Vanunu, head product vulnerabilities research at Check Point.

Fellow security experts concur, saying GPT-4 will continue to pose a wider range of challenges such as expanding type and scale of cyber crimes that a larger number of hackers can now deploy to target individuals and companies alike.

Mark Thurmond, global chief operating officer at US cyber security firm Tenable, said tools such as GPT-4-based chatbots “will continue to open the door for potentially more risk, as it lowers the bar in regard to cyber criminals, hacktivists and state-sponsored attackers."

“These tools will soon require cyber security professionals to up their skill and vigilance about the ‘attack surface’ — with these tools, you can potentially see a larger number of cyber attacks that leverage AI tools to be created," Thurmond added.

The attack surface refers to the total number of entry points cybercriminals can use to compromise a system. Thurmond said these tools can create a wider range of threats that were so far not accessible to those without technical knowhow because of their text generating abilities.

Sandip Panda, chief executive at Delhi-based cyber security firm, InstaSafe, added that apart from the technical threats, a drastic rise in phishing and spam attacks could be on the horizon.

“With improvement in tools like GPT-4, the rise of more sophisticated social engineering attacks, generated by users in fringe towns and cities, can create a massive bulk of cyber threats. A much larger number of users who may not have been fluent at drafting realistic phishing and spam messages can simply use one of the many generative AI tools to create social engineering drafts, such as impersonating an employee or a company, to target new users," Panda said.

Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it's all here, just a click away! Login Now!

ABOUT THE AUTHOR
Shouvik Das
Shouvik Das is a science, space and technology reporter for Mint and TechCircle. In his previous stints, he worked at publications such as CNN-News18 and Outlook Business. He has also reported on consumer technology and the automobile sector.
Catch all the Technology News and Updates on Live Mint. Check all the latest action on Budget 2024 here. Download The Mint News App to get Daily Market Updates & Live Business News.
More Less
Published: 16 Mar 2023, 08:35 PM IST
Next Story footLogo
Recommended For You
Switch to the Mint app for fast and personalized news - Get App