Does ChatGPT have the capability to evolve into an autonomous hacking system? Not yet, and not exactly, say Kaspersky cybersecurity experts, but there are use cases both aggressors and defending companies can draw on, as well as tactics and capabilities that companies should be aware of.

In the first part of Kaspersky’s presentation, ChatGPT – good or evil? AI impact on cybersecurity, data scientists, security researchers and incident response experts walk webinar attendees through a number of scenarios, demonstrating how the model can be used to enable “script kiddies” (novice hackers) and more sophisticated actors, alike.

Can give hacking advice 

“ChatGPT can give some general hacking advice to script kiddies or even to more sophisticated actors, about how to proceed in some offensive hacking situations. It can generate texts. It can generate beautiful, versatile, grammatically correct text to be used as spam emails,” says Vladislav Tushkanov, lead data scientist. “It can be used to generate spear phishing emails. It can be used to generate programming code.” Although it will warn users that certain activities are illegal, Tushkanov goes on to point out that these protestations can usually be overcome with different ways of asking the same question. 

For analysts, meanwhile, the team also says artificial intelligence (AI) is one of the most promising technologies ever poised to transform the field of cybersecurity, allowing companies to identify and respond to attack patterns and simulate attacks to provide insights. They stress that the tool should be used to augment human decision-making processes, rather than replace them. “There’s still a need for the human brain to do the sanity check,” Maher Yamout, senior security researcher says.

Privacy risk 

“With all those use cases described,” Yamout adds, “what’s common across all of them are the associated risks. I think privacy is a major risk for many use cases.” 

As for whether or not ChatGPT has the ability to become an autonomous hacking system at this stage, Yamout says it does not – other elements are required, he says – “but it has the potential.”