OpenAI’s latest GenAI platform, GPT-4o, is smarter than ever. But while we admire GPT-4o, hackers are busy finding ways to misuse it. Researchers discovered that GPT-4 could exploit 87 percent of one-day vulnerabilities. These are vulnerabilities with available fixes that sysadmins haven’t yet applied.
Exploiting such vulnerabilities is a common method for hackers. Alarmingly, GPT-4 can do this autonomously. Although no real-world attacks using GenAI have been reported, the potential threat is already causing concern for cybersecurity experts. Sharef Hlal, head of digital risk protection at Group-IB for the Middle East and Africa, notes that cybercriminals are already using GenAI as a weapon. He says, “Generative AI, while a remarkable tool, carries a dual nature in the realm of cybersecurity.”
Mike Isbitski, director of cybersecurity strategy at Sysdig, agrees. He points out that GenAI helps attackers find vulnerabilities and move quickly within compromised environments. The homogeneity of the cloud landscape, with its similar public images and infrastructure, enables attackers to automate their attacks.
Hlal also highlights that scammers use AI advancements to refine their schemes. He points to the rise of compromised ChatGPT credentials on the dark web as evidence of this trend. Social engineering, including improved phishing emails and deep fakes, is another area where attackers leverage GenAI. Recent examples include the fake Joe Biden robocall in New Hampshire, designed to disrupt voting. These incidents show how easily attackers can use AI tools to deceive people.
Unfortunately, Hlal expects the use of AI for cyberattacks to increase. However, it’s not all bad news. Isbitski believes that security professionals can also use GenAI to combat threats. GenAI can help with system hardening, contextualizing risks, and managing security vulnerabilities. Hlal agrees that while AI is not a cure-all, it significantly enhances cybersecurity defenses by boosting human expertise.
In the end, Hlal argues, the focus should be on how we use AI responsibly. AI’s potential for societal good should be harnessed while ensuring it doesn’t become a tool for malicious activities.