Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Google did not respond to a request for comments.
In 2023, the researchers in security from Trend Micro obtained the ChatPPT to generate malicious code by encouraging it to the role of a safety researcher and a slopes. Chatgpt would then readily generate PowerShell scripts based on malware databases.
“You can use it to create malware,” explains Moussouris. “The easiest way to get around these guarantees set up by the manufacturers of AI models is to say that you are in competition in a-drape capture exercise, and this will gladly generate a malicious code for you.”
Non -sophisticated actors such as Kiddies script are a secular problem in the world of cybersecurity, and AI may well amplify their profile. “This reduces the barrier to the entry into cybercrime,” a cyber intelligence analyst told Wired Hayley Benedict in Rane.
But, she says, the real threat can come from established hacking groups that will use AI to further improve their already real capacities.
“It is the pirates who already have the capacity and already have these operations,” she says. “He is able to considerably change these cybercriminal operations, and they can create the malicious code much faster.”
Moussouris agrees. “Acceleration is what will make it extremely difficult to control,” she says.
Smith by Hunted Labs also says that the real threat of the code generated by AI is in the hands of someone who already knows the code in and the outside who uses it to extend an attack. “When you work with someone who has a deep experience and you combine this with:” Hey, I can do things much faster that would have taken me a few days or three days, and now it takes me 30 minutes. “It’s a really interesting and dynamic part of the situation,” he says.
According to Smith, an experienced pirate could design a system that defeats several security protections and learns as you go. The little malicious code would rewrite its malicious payload as it learns on the fly. “It would be completely crazy and difficult for a sorting,” he says.
Smith imagines a world where 20 zero-day events occur at the same time. “It makes him a little more scary,” he says.
Moussouris says that the tools to make this kind of attack a reality now exist. “They are quite good in the hands of a fairly good operator,” she says, but AI is not yet good enough for an inexperienced pirate to operate.
“We are not quite there in terms of AI able to fully take the function of a human in offensive security,” she said.
The primitive fear that the chatbot code is stretching is that anyone will be able to do so, but the reality is that a sophisticated actor having an in -depth knowledge of the existing code is much more scary. Xbow is perhaps the closest thing to an autonomous “hacking” that exists in nature, and it is the creation of a team of more than 20 qualified people whose previous work experience includes Github, Microsoft and a half-dozen assorted security companies.
It also indicates another truth. “The best defense against a villain with AI is a good guy with AI,” said Benedict.
For Moussouris, the use of AI by Blackhats and Whitehats is only the next evolution of a cybersecurity arms race that it has watched takes place over 30 years. “It went from:” I will do this hacking manually or create my own personalized feat “,” I will create a tool that anyone can run and perform some of these checks “, she says.
“AI is only another tool in the toolbox, and those who know how to direct it in an appropriate manner now will be those who make these vibey fronts that anyone could use.”
