The ChatGPT security conundrum: How the benefits can nullify the threats
By Edy Almer, Product Manager for Threat Detection and Incident Response, Logpoint
OpenAI’s creation, ChatGPT, has been named as the fastest-growing consumer application in history after recording 100 million users in January 2023. From solving coding errors and complex mathematical equations to writing essays and cover letters, the chatbot has proven a hit owing to its ability to complete tasks in a highly polished and practically applicable manner. However, while many have praised the platform, others cited some extreme concerns.
From a security perspective, there is a growing worry that advanced Natural Language Processing (NLP) models will be leveraged by threat actors for nefarious means. Indeed, CheckPoint’s research stands as a case in point, the company having created a phishing email, complete with a malicious Excel file, with ChatGPT that could result in unsuspecting victims implicating their computer or other endpoints.
With ChatGPT’s core strength lying in its ability to harness huge amounts of information and expedite processes, the key security concerns centre around the fact that the platform could make it easier for cybercriminals to develop and carry out attacks.
We’ve already seen the barriers to entry in cybercrime lowered when it comes to less sophisticated attacks. For example, many infamous threat groups have developed monetised models such as ransomware-as-a-service (RaaS) that sees them sell toolkits, enabling technically inexperienced threat actors to carry out sophisticated attacks. Therefore, the concern is that ChatGPT, as a freely accessible platform, could exacerbate this growing problem.
Four potential security benefits of ChatGPT
There are, of course, two sides to this coin. We must remember that OpenAI ultimately developed ChatGPT to be a force for good, and in this sense may also be leveraged by security professionals to enhance their own operations.
The use of artificial intelligence in cybersecurity is nothing new. From eliminating the need to complete low-value, repetitive, time-consuming tasks manually to recognising patterns and performing proactive actions on the user’s behalf, industry professionals have been leveraging a variety of AI-empowered security tools for some time. However, as technology evolves, so a host of new possibilities emerges.
Take Security Orchestration, Automation and Response (SOAR). An automated system that collects, analyses and prioritises alerts and security data from many sources and systems, it provides security teams with all the contextual information and intelligence they need for rapid detection and response. How could this then benefit from generative AI?
Using highly intelligent language learning models like ChatGPT it becomes possible to enhance SOAR with a generative AI integration as part of the SOAR’s toolkit. Doing so can enable security teams to experiment with the technology to rapidly speed up time to insight. Four ways in which security teams may benefit from the chatbot’s ability to expedite processes include:
#1 – Rapidly producing breach reports
SOAR uses workflows and playbooks to automate repetitive tasks, to assure consistent threat analysis, and to guide security analysts to the right decision. With this in mind, a SOAR playbook may also be used to provide ChatGPT with the context it needs to generate breach reports following attacks.
Moreover, the chatbot could also be used to reduce the Mean Time to Response (MTTR) in the event of attacks by consolidating data from multiple sources to produce comprehensive reports in just minutes. Such reports will still need to be reviewed and approved by an expert. However, if done well, ChatGPT can save analysts copious amounts of time, freeing them up to focus on higher value tasks.
#2 – Enhancing C-Suite understanding
Increasingly, boards are demanding meticulous and measurable performance reviews from all business functions, security included. In this sense, CISOs and CSOs are being pushed to provide data-driven insights so that they may provide those answers that management are looking for.
Here, ChatGPT could be used alongside a SOAR playbook to produce security performance summaries and highlight key areas for improvement. Indeed, by feeding lengthy reports into ChatGPT, it’s possible to generate short, easily digestible executive summaries for board members, improving communication and helping to inform business decision making. These will also need to be reviewed to ensure the accuracy of summations, but again this may save analysts significant amounts of time.
#3 – The benefit to Managed Security Service Providers (MSSPs)
MSSPs typically provide outsourced monitoring and management of security devices and systems for their customers – and in the event of a breach, those same customers want to understand the impacts as quickly as possible. ChatGPT can be used to expedite the processes of data collection and analysis, freeing up MSSPs to focus on tending to distressed clients and providing key advice on remediation and recovery. With demands on MSSPs increasing, they are having to find ways to operate more efficiently and effectively, making ChatGPT an indispensable time-saving tool.
#4 – Enhancing security training programmes
Vendors have already demonstrated the ability of ChatGPT to generate malicious phishing emails but, conversely, security teams can use this capability to create their own phishing awareness campaigns and evaluate awareness among a company’s employee base.
Leveraging the NLP model to summarise SOAR playbook outputs, phishing awareness training programmes could be created automatically using ChatGPT. This can then be used to identify areas where further education is necessary.
Unquestionably, ChatGPT is here to stay. Despite concerns surrounding the technology, the proverbial genie cannot be put back in the bottle. Therefore, we need to find ways in which highly intelligent AI models such as these can be used for good to ensure that security teams ultimately come out on top in any kind of cybersecurity arms race against threat actors. Indeed, by proactively leveraging ChatGPT’s potential benefits, we can help to nullify its potential threats.