The launch of ChatGPT, a free chatbot powered by artificial intelligence (AI), made waves from university lecture halls to boardrooms as users tested the AI-powered writing tool. What ChatGPT may lack in writing finesse, it makes up for in speed, making it a very attractive tool for threat actors. It didn’t take long for the Dark Web community to catch on to the opportunity that it could teach ChatGPT to write phishing emails and other malicious content quicker than any human.
Read: Reshaping the Threat Landscape in 2023: Cybersixgill Announces Top Trends in Cybersecurity
Early on, the developers of ChatGPT assured users that the anti-abuse controls in ChatGPT’s web user interface were strong enough to prevent any malicious operators from taking advantage of the chatbot. But, unfortunately, that was not the case.
A Boom in Dark Web Chatter About ChatGPT
Cybersixgill uncovered chatter on the dark web as early as December of 2022 between threat actors creating malware and phishing emails using ChatGPT’s web user interface. When ChatGPT improved safeguards on its web user interface, threat actors quickly moved on to use the API interface instead.
The application programming interface (API) is the technology that programs use to communicate with each other. For instance, API is how weather data gets from the National Weather Service to a phone app or how the Dow Jones index gets from Wall Street to a home computer. Unfortunately, ChatGPT’s API has fewer restrictions than its web interface, making it easier for malicious actors to use this tool for devious purposes.
Because Cybersixgill monitors the Dark Web 24-7, we were able to go very deep in researching the malicious use of ChatGPT’s API. For example, in one cybercrime forum, we found a threat actor sharing a filter bypass tool allowing users to skip any restrictions or “censorship.”
In a Russian language cybercrime forum, Cybersixgill found a member sharing a ready-to-go script that improves on existing Phyton code that creates stealer malware. ChatGPT wrote that script.
In yet another Dark Web forum, Cybersixgill found a threat actor who claims to have found ways to couple a Telegram bot with ChatGPT, making it extremely easy to spread the malicious code.
What this means for CISOs and IT
It makes a couple of things obvious:
- The current safeguards alleging to block the malicious use of ChatGPT are ineffective.
- Threat actors are always quick to exploit a new tool as they work to breach computer systems in faster and more innovative ways.
- Suppose you can’t monitor dark web activity 24-7 and present findings in a relevant and understandable manner. In that case, your network is at a higher risk of breach than before ChatGPT was released.
Most likely, ChatGPT is working on improving the safeguards of its API interface, but it has yet to make any announcements.
Cybersixgill can help you assess, measure, prioritize, and address emerging threats.