Is ChatGPT a Security Risk?

ChatGPT is taking the world by storm. After amassing over 100 million users, the chatbot is entertaining new users and terrifying the tech world alike. But while the AI technology behind ChatGPT is both concerning and impressive, does it pose a cybersecurity risk? What is ChatGPT? ChatGPT is a chat bot created by OpenAI, a company with an impressive track record
February 7, 2023
 / 
meritsolutions
 / 
Image

ChatGPT is taking the world by storm. After amassing over 100 million users, the chatbot is entertaining new users and terrifying the tech world alike. But while the AI technology behind ChatGPT is both concerning and impressive, does it pose a cybersecurity risk?

What is ChatGPT?

ChatGPT is a chat bot created by OpenAI, a company with an impressive track record of AI-powered apps. OpenAI develops DALL•E 2, a program that creates art from user inputs, as well as Whisper, which generates speech from transcripts.

ChatGPT, on the other hands, takes your questions and spits out a result that sounds conversational. Ask ChatGPT who the first president of the United States was, and it will answer. Ask it to write you an essay about the first president of the United States, and it will return a multi-paragraph breakdown about George Washington.

ChatGPT can do this for just about anything you can think of. Essays, poems, stories, code, etc. It’s relying on models OpenAI trained it on, but it doesn’t stop there. ChatGPT learns from every user interaction in order to improve itself.

It’s an interesting position to be in, because ChatGPT is widely popular. The app has amassed over 100 million users in its first two months, more than four times quicker than it took TikTok. All those users means a lot of data for ChatGPT’s models, and a lot of potential to improve itself. ChatGPT is far from perfect. In fact, it’s pretty imperfect. While it’s certainly impressive, and fun, you’ll find the bot offers inaccurate answers. It doesn’t help the bot’s data sets aren’t connected to the internet, so it’s only knowledgable on events prior to 2022.

Is ChatGPT a security risk?

On the surface, it wouldn’t seem to be. While ChatGPT can write and review code, and even develop programs for you, it will not write malware, outright refusing requests to do so.

However, perhaps unsurprising, researchers were successful in getting around ChatGPT’s security limits, and forced the bot to write them executable malware. Again, though, there’s a silver lining: Just as an English professor might raise an eyebrow at an essay written with ChatGPT, security software will likely be able to spot malware written by such a bot.

The greater concern, however, is ChatGPT’s machine learning. It’s always improving, which means, theoretically, bad actors could train it to develop malware that was good enough to evade security software. Bad actors are, reportedly, already using ChatGPT to help them with their malicious activities, relying on the chatbot to write them emails for phishing, basic malware, and malicious Java script. One bad actor apparently used ChatGPT to finish writing an encryptor to be used in ransomware attacks.

As it stands, ChatGPT isn’t posing an imminent cybersecurity risk. But the same can’t be said for the future. And that future might be here sooner than we think.

Share This

Leave a Reply



Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.