In the 19th century, Alan Turing suggested the possibility of a machine altering its own given instructions and learning from experience. Hailed as the father of Artificial Intelligence, Turing paved the way for the dramatic strides made in the field of AI advancements well into the 21st century.
Today we have AI technology infused into our lives through every service we use – from Siri to the facial recognition software used to unlock your phone. Machines were built to make life simpler and create a better future for us all, and we haven’t shied away from it. However, these innovations are not without their inherent risks. The latest and most interactive leap has been the advent of AI chatbots – most notably the ChatGPT model.
AI Chatbots and ChatGPT
What is a Chatbot? Simply put, a Chatbot is a computer program that simulates human conversation to aid in customer communication and services through the use of artificial intelligence. The software imitates this human-like response through voice commands or text box services and augments or replaces the need for human agents.
OpenAI is a leading research laboratory based in San Francesco and in November of 2022, the company released the ChatGPT model which was created in 2015 by Sam Altman and Elon Musk. The ChatGPT program was created to interact conversationally – enabling it to answer follow-up questions, admit to mistakes, challenge an incorrect premise, and reject inappropriate requests.
With over one million users already, ChatGPT has amassed quite a fanbase for its uncanny ability to mimic human conversation and provide numerous services across different fields – from essay writing and composing music to answering test questions and writing out computer code.
A distinguishing feature of the ChatGPT is that it does not simply give you an index of search results but rather uses its machine learning abilities to explain complex topics and provide practical solutions. This leaves room for error, however - with even the program’s website stating that ChatGPT sometimes writes “plausible-sounding but incorrect or nonsensical answers.”
This hasn’t deterred most companies from tightening up in the saddle though, as the New York Times even reported that Google was so alarmed by ChatGPT’s capabilities that it issued a “code red” to ensure the survival of the company’s search business.
The Gaining Popularity of Chatbots and ChatGPT
While the concept of Artificial Intelligence always seems to have a dystopian and futuristic implication, most major companies these days have invested in Chatbot technology already and you’ve most likely already become accustomed to it. Siri, Alexa, and Google Home are all service chatbots, and most media houses like Netflix, Hulu, CNN, and MTV have already successfully used Chatbot technology to engage with customers.
Businesses and brands are using chatbots in lots of exciting ways, according to Medium. Allowing you to order food, get recommendations, and even schedule flights. The publication lists Starbucks, Lyft, Spotify, and The Wall Street Journal as just some of the industry giants who are also using Chatbot technology to improve services.
The Covid-19 pandemic gave way for automated platforms to take a more central role in service delivery in an effort to reduce human interaction and the technology seamlessly became part of our everyday lives.
The Information reported that Microsoft has discussed incorporating OpenAI’s artificial intelligence into its suite of apps - such as Word, PowerPoint, and Outlook - to allow customers to automatically generate text using simple prompts. The computing giant recently invested $1 billion in OpenAI to support the building of Artificial General Intelligence (AGI).
Google isn’t a stranger to the AI game either and has its language model called LaMDA - which uses machine-learning techniques to help it understand the intent of search queries and allows it to engage in a free-flowing conversation about a seemingly endless number of topics.
Other companies that have made use of AI technology include Jasper - through its AI Content Generator, and Unbounce - which offers AI-powered copywriting tools to generate taglines, social media copy, emails, and product descriptions.
However, these huge steps to revolutionize the industry hail an array of risks as well.
The Cyber Security risks associated with ChatGPT
While the surge of Chatbot technology has proven beneficial, many remain skeptical still, and for good reason. According to CNET, The New York City Department of Education blocked access to ChatGPT on its network devices due to fears about cheating, the negative impacts on student learning, and the accuracy of content produced.
Misinformation has been a going concern for the ChatGPT program that only learns from existing human data on the internet – which is far from an accurate source at most times.
However, the most crucial aspect to consider is the threat to cybersecurity that the advanced Chatbot has suddenly created. The creator of ChatGPT himself agreed in a tweet that we are close to dangerously strong AI that can pose a huge cybersecurity risk and that approaching a real AGI reality within the next decade means taking that risk seriously.
TechCrunch recently wrote about the Check Point company performing a demonstration using the ChatGPT in which it was asked to create a phishing email. At first, the OpenAI mentions that this content might violate its content policy but upon further instructions, the ChatGPT program obliged and created a conceivable phishing email. Check Point also sounded the alarm over the chatbot’s apparent ability to help cyber criminals write out malicious code.
The extensive data and natural language capabilities of ChatGPT make it an attractive tool for cyber criminals who are new to the field or simply too lazy to create their malicious code/email and want to carry out a cyber-attack all the same.
ChatGPT Security Risks
Medium has suggested that four general categories can be used to classify ChatGPT security risks:
- Phishing emails: A phishing email is a type of malware wherein the attacker crafts a fraudulent, yet believable email to deceive recipients into carrying out harmful instructions. These instructions can be clicking on an unsecured link, opening an attachment, providing sensitive information, or transferring money into specific accounts. Phishing scams are the most common type of malware found today.
- Data theft: Data theft is any unauthorized exfiltration and access to confidential data on a network. This includes personal details, passwords, or even software codes – which can be used by threat actors in a ransomware attack or any other malicious purpose.
- Malware: Malware, or Malicious software, is a broad term referring to any kind of software that intends to harm the user in some form. It can be used to infiltrate private servers, steal information, or simply destroy data.
- Botnets: A botnet attack is a targeted cyber-attack during which a collection of devices that are all connected to the internet are infiltrated and hijacked by a hacker. Referring to a robot network, a botnet attack is carried out by a nefarious actor that aims to seize control of a collection of computers, servers, and other types of networks for a series of potential malicious purposes.
While these may seem frightening, there are still steps that can be taken to reduce the risk of these threats when using ChatGPT services.
How to Protect Against Phishing emails
With the growing popularity of ChatGPT, we’ve drafted up some tips to keep your network safe from any threat actor trying to take advantage of the technology. It's very important for organizations to invest in cybersecurity to prevent business loss. Check our recent blog on The Cost of Cybercrime vs. The Cost of Cybersecurity.
- Stay Informed. This may seem like a very basic tool, but your education and ability to recognize a cyber-attack or malware before allowing it onto your network is potentially the only thing between you and a threat actor. Being wary of emails and suspicious links will go far in protecting your information.
- Using a Secure Password. Another very basic security tip that is often overlooked while usually being the first line of defense against data theft. Ensure that the password you choose is complex and difficult to guess.
- Turning on Two-factor Authentication. Most networks have two-factor authentication capabilities already which ensure that unique factors are used to ascertain a user’s identity before granting them access. It provides an extra layer of security to your network to avoid any breaches from occurring.
- Leveraging a Network Detection and Response Platform. An NDR platform provides extensive cybersecurity monitoring for your network to ensure that no malicious threat actors can gain access. Sangfor’s Cyber Command provides unique and advanced threat-hunting capabilities for your company – whether big or small.
- Installing an Antivirus Software. Decent antivirus software will protect your network from malware, phishing attacks, and most other cyber threats.
- Monitoring your Accounts. Being aware of the activities in your bank account and on your network will help you to detect suspicious behavior fast and act immediately to reduce the risk of further damage to the network or account.
- Keeping your Software Updated. Your operating system needs to be at peak performance at all times to provide proper protection for your network. Ensure that the latest updates are installed on your device to mitigate security flaws and bugs that were found in previous versions. You can read more on Cybersecurity risks for small businesses here.
The Future of AI Chatbots and Cybersecurity
The Chatbot uprising has begun and has played nicely so far - but the risks of a program that can be trained to produce malicious software on a whim need to be supervised and approached with caution. We’ve created an all-too-human conundrum with every leap made in technology where the things we create can change the world, but in the wrong hands, can destroy it as well.
The ChatGPT is not without a positive evolution in terms of cybersecurity, as ESET’s Jake Moore revealed to TechCrunch when he said that “if ChatGPT learns enough from its input, it may soon be able to analyze potential attacks on the fly and create positive suggestions to enhance security.”
Uncapped accessibility and unlimited usage of ChatGPT made it quite dangerous but Greg Brockman, the president and co-founder of OpenAI, said in a tweet recently that a professional paid version of ChatGPT with faster performance is in the works – which might be able to address the issues of cybersecurity and malicious input suggestions.
As with everything, the future of AI technology remains murky to navigate at best. We can only hope that human engineering will create a better world – without compromising its safety.
At Sangfor Technologies, your cybersecurity and safety are our main priority – a fact that led to the creation of multiple products and services geared specifically towards negotiating an ever-changing technological landscape filled with cyber threats.
Sangfor’s Cybersecurity Solutions
Sangfor offers advanced security solutions for your company that can collaborate and coordinate skilled protocols to ensure that the highest security measures are maintained while our advanced threat detection and response tools make use of automated monitoring, sandboxing, behavioral analysis, and other functions to mitigate various advanced malware.
Sangfor's Threat Identification, Analysis, and Risk Assessment (TIARA)
Sangfor’s Threat Identification, Analysis, and Risk Assessment (TIARA) platform is a preliminary security posture assessment service that relies on the expertise of professionals in the field to provide capabilities for a network and helps customers understand their current threat posture within just 2-4 weeks.
The lightweight turnkey service leverages the automated detection and response capability of Sangfor’s threat intelligence platform to help customers with insufficient security expertise understand their threat landscape, improve their detection time, and rapidly improve their security posture.
Cyber Command (NDR) Platform
The Sangfor Cyber Command tool helps to monitor for malware, residual security events, and future potential compromises in your network and is coupled with an enhanced AI algorithm and threat intelligence – ensuring your data is always kept strictly protected and consistently monitored for lingering threats.
Sangfor’s Next Generation Firewall (NGFW)
Lastly, the Sangfor Next Generation Firewall (NGFW) is used in conjunction with Endpoint Security to identify malicious files at both the network level and endpoints. The advanced firewall is a security device designed to inspect network and application traffic for threats, secure the network environment from intrusion, and bring in security intelligence from outside the network. Anything that the on-premises features cannot analyze is automatically sent to the cloud-based Neural-X sandbox for isolation and critical inspection.
For more information on Sangfor’s cyber security and cloud computing solutions, visit www.sangfor.com.