ChatGPT: The Advent of Synthetic Malware

What, exactly, is ChatGPT?

ChatGPT (Generative Pre-trained Transformer) is what is colloquially known as a “chatbot”: software frameworks that can somewhat mimic human interaction. Chatbots are commonly found in customer support websites, are generally fairly simple, and have very limited parsing abilities as well as answers. ChatGPT is different from these common chatbots for a parsing abilities as well as answers. ChatGPT is different from these common chatbots for a few reasons: 

  • It’s far more complex and can process significantly more data than the majority of chatbots
  • It “remembers” previous prompts in the same conversation
  • It’s capable of crafting semi-unique text from any prompt, up to and including scripts

The last point is the most salient one – ChatGPT can craft poems, stories, simulate chat rooms, compose essays, and craft scripts/software. This has been a point of contention in academia when it comes to composing essays, but we’re more interested in scripts, specifically: What happens if you prompt ChatGPT to craft malware for you?

Easy Malware for All

As you can likely discern from the header, yes, ChatGPT can and will craft malware depending on whatever prompt it is given. While, currently, ChatGPT suffers from a notable lack of accuracy in its answers and scripting, it’s a harbinger of what’s to come in terms of the information security landscape.

Perhaps ChatGPT won’t be able to surpass its accuracy issues; however, the likelihood of more such frameworks being created in the 21st century is very high – nearly a statistical certainty. If you consider the fact that ChatGPT has been “jailbroken” already by some users to provide the “recipe” to make a Molotov cocktail or build a nuclear bomb, it’s clear that some potentially advanced and mutable malware could be crafted this way by anyone. The near-term pressing issue isn’t that the malware will be highly complex (we have a few years to go for that), rather the sheer volume of “easily” generated malware will likely cause significant problems.

If anyone can have malware custom-crafted for them, what’s to stop amateurs with little knowledge from requesting and using it indiscriminately? Additionally, when considering the overall risk of this dissemination of malware, one must consider the sheer volume of malware that might soon become commonplace. So, how does one fight against the potential incoming tide of malware?

Fighting Fire with Fire

Most antivirus solutions utilize specific signatures to identify threats and are able to prevent execution of any malicious files. In the past, this worked just fine against the most commonly used malware. However, in the modern age, a novel solution is needed to keep up with the stunningly fast rate of new vulnerabilities being found in major applications, as well as the crafting of exploits for said vulnerabilities. Thankfully, there is a known solution: EDRs (endpoint detection and response). EDRs are solutions that, as the name suggests, detect any threats on endpoints (e.g., mobile phones, laptops, Internet of Things devices, etc.) and respond to them accordingly. Many of these solutions utilize heuristic analysis, essentially looking for dangerous/malicious components within the software itself, rather than relying on signatures submitted by users and experts. This, coupled with several other compensating controls in EDRs, results in a lower risk surface for organizations that utilize them, and can help stem the proverbial tide of incoming malware.

Ultimately, while the potential threat created by frameworks such as ChatGPT is considerably high in the information security field, EDRs can provide the security needed to prevent an incident. With the advent of “synthetic malware,” perhaps soon we will see the advent of a “synthetic shield” that operates in the same way as ChatGPT, but is specifically geared to stopping this new brand of widely distributed custom malware.

References

https://arxiv.org/abs/2203.02155

http://chat.openai.com/chat

https://www.theverge.com/23488017/openai-chatbot-chatgpt-ai-examples-web-demo

https://www.nbcnews.com/tech/tech-news/chatgpt-ai-chatbot-viral-rcna59628

    Share this Post

Contact Our Team Now