Post

AI Chatbots in Security

Posted Updated
What information are you giving to AI Chatbots?
What information are you giving to AI Chatbots?
By Tom Anderson 2 min read

ChatGPT

Is one of the biggest platforms using the AI platform developed by OpenAI. This chatbot is used by multiple organisations for development and has assisted me during the development of scripts. AI is being implemented into many search engines for enhanced search results as well as other applications, this is trending. Although ChatGPT can be an essential tool for organisations it can also be manipulated to create malicious chats, this can include:

  • Active exploits against vulnerabilities.
  • Sophisticated spear-phishing content.
  • Scripts to deploy malware, including ransomware.
  • Open-source intelligence gathering on an organisation’s weakness.

OpenAI have tried to prevent the chatbot from out putting these malicious chats. However, they can be easily overridden by using social engineering on the chatbot, utilising DAN or Jailbreak a string of text created to manipulate the chatbot to do anything (this can be found online). Therefore, can be manipulated by attackers to efficiently create new intelligent attacks.

Desktop View Source: ChatGPT (openai.com)

DarkBERT

Nevertheless, attackers don’t even need to manipulate ChatGPT to get the information they require, they can use a chatbot like DarkBERT based on the RoBERTa architecture and built as a research tool it is used for research purposes:

  • Targeted on Dark Web texts.
  • Removed all explicit content for research purposes.
  • Can be used to fine explicit or leaked information about companies of individuals.

Unlike ChatGPT, this chatbot will provide unethical answers that can assist in creating malware, systems to exploit known vulnerabilities, and smart phishing attacks all at an instance. This is a concerning time for anymore in the cyber security field.

Conclusion

It is not all bad news, chatbots can be used to enhance security content and can be used to mitigate the risk of potential attacks, it can be used to:

  • Automate technologies for security within scripts, firewalls, and program configuration.
  • Review insecure ports and justification behind closing/opening ports.
  • Use ChatGPT/DarkBERT to penetration test your organisation.
  • Create security policies on any level.
  • Investigation into a security incident.

AI technologies are rapidly growing, it is becoming more essential for organisation to develop using these types of tools. As of now, there are several pros and cons from using this tool, from a security perspective we need to utilise this tool to enhance security processes.

Security, AI, Chatbots
security ai chatbot chatgpt darkbert ice2023
This post is licensed under CC BY 4.0 by the author.