Exploring How Generative AI Is Contributing To Cybersecurity Threats & Risks

Uploaded on 2023-09-22 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

Generative AI applications like ChatGPT, Brad, Stable, Diffusion, and Bing have captured unprecedented attention and popularity from all across the globe. These innovative tools can perform routine tasks like data classification, improving customer service, and providing real-time data analysis. But, they make headlines due to their ability to write text, create images, and other digital art forms.

Generative AI technology is growing and progressing rapidly without any chance of slowing down soon. ChatGPT is the fastest-growing AI tool released in November 2022, and four months later, OpenAI released a much improved and larger language model (LLM) popularly known as ChatGPT-4. The latest data reveals that ChatGPT has over 100 million users, while the platform crossed 1 million in just five days of its launch. This popularity is also extended to other platforms; in May 2023, Google announced new features for generative AI like Search Generative Experience and another LLM called PaLM-2.

 Amidst the growing popularity, it's also increasing the threat landscape as organizations see many threats and risks that come into fulfillment. Therefore, it's crucial to understand the AI-based risks and develop effective measures to mitigate the potential damages. 

The Darker Implications of Generative AI

Despite all the advances, AI technology has enhanced the capabilities of cybercriminals and enables them to launch more sophisticated and targeted attacks. Bad actors significantly misuse ChatGPT to improve phishing attacks or create polymorphic malware. The famous Blackberry Software company has shared examples of compromised business messages and phishing hooks that ChatGPT can craft. However, OpenAI has effectively put in measures to prevent it from responding to such requests.

The discovery of a fake ChatGPT Chrome browser extension that hijacked Facebook accounts and created rogue admin accounts is another example of how hackers can exploit ChatGPT to spread malware and misinformation. In addition, various generative AI tools, including ChatGPT, are vulnerable to prompt injection attacks. In this technique, attackers craft prompts that trick the model into performing tasks like writing malicious codes, providing inaccurate outputs, or creating phishing websites. 

Another significant issue around generative AI is that any information entered into ChatGPT becomes part of its training dataset. Though it sounds helpful, it isn't because if cybercriminals get hold of such data, they misuse it to fulfill their malicious intentions. For example, Samsung engineers entered the company's top-secret data, like proprietary code and internal meeting notes relating to their hardware, resulting in the leaking of sensitive data.  

Moreover, generative AI tools are much more affordable, and therefore, malicious actors can easily use them to spread misinformation and propaganda. The AI tool's impressive search capabilities help bad actors create convincing content that they can use to manipulate public opinion or cause significant harm. One may not forget the incident when the OpenAI tool ChatGPT defamed a mayor in Australia as being jailed for bribery when he was the whistleblower in a case.  

Defending Against Generative-AI Threats

Organizations need a proactive approach to defend against generative AI threats. This includes practicing robust security measures such as using unique passwords, beware of phishing and unsolicited communications, updating the software, and enabling phishing-resistant MFA instead of only MFA. Besides this, other safety measures that prove helpful to businesses are as follows:

  • Security Assessments and Audits: Regular security assessments and audits help identify potential vulnerabilities and security gaps within the generative AI models. Doing so allows organizations to address the issues before the bad actors exploit them.
  • Data Privacy and Protection: Prioritize data privacy and protection by implementing access controls and strong encryption via a VPN to protect sensitive information that the employees entered in generative AI models.
  • Model Validation: Enterprises must implement adversarial training techniques to recognize and eliminate the ethical concerns around generative AI models.
  • Ethical Considerations: Organizations must be mindful of the ethical implications of generative AI. They should establish clear guidelines regarding the ethical use of AI technology and keep a check on employees to ensure the guidelines are followed.
  • Cyber Awareness and Education: Cybersecurity is a shared responsibility of all individuals across the organization, and therefore, they need to educate the employees about the potential dangers of generative AI. Also, they must teach them to detect and respond to threats to mitigate risks.

Staying updated about the latest developments in generative AI technology and adopting provocative measures helps organizations minimize the challenges and risks to which generative AI exposes them.

The Future of Generative AI

The misuse of AI has affected businesses, consumers, and even the government. To combat the dangers of this technology in the future, the White House has taken the initiative and announced new investments in AI research and promoted responsible AI innovation that protects the rights and safety of American citizens. However, more innovative actions are needed to ensure that generative AI technology is used ethically and responsibly. 

Organizations looking to defend against emerging AI-related threats can adopt the Zero-Trust Network Access (ZTNA) approach now and in the future. This security framework eliminates the trust from the network perimeter and continuously monitors, authenticates, and authorizes each user and device within the network. This ensures that no unauthorized user or system can access the generative AI models.

As AI-based threats become more sophisticated, adopting AI-driven security solutions will become essential in detecting and preventing the threats. For example, the HackerOne Bounty program offers continuous adversarial testing and detects security loopholes within the attack surface, including those arising from poor implementation of generative AI. 

Similarly, a cybersecurity startup also announced the launch of an AI-powered search platform. It aims to help security teams improve their mean time to detection (MTTD) and mean time to response (MTTR) by 80% and offer correlation and risk validations for potential vulnerabilities. Overall, generative AI tools will continue to evolve and help shape a more technologically developed future. 

Final Words

Generative AI is trang significant risks and dangers in the hands of hackers. They can misuse this technology to craft phishing emails, spread propaganda and malware, and produce biased outputs.

As organizations increasingly rely on this technology, they must adopt cybersecurity measures to mitigate the risks and leverage the benefits they offer.

Farwa Sajjad is a Cyber Security Journalist & Product Marketing Writer               Image: Steve Johnson

You Might Also Read:

Numerous Organisations Are Banning ChatGPT:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Australian Government Suffers A Widespread Ransom Attack
Jargon Buster: Untangling The Complexity In Cybersecurity  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IGX Global

IGX Global

IGX Global is a provider of information network and security integration services and products.

Nexusguard

Nexusguard

Nexusguard is at the forefront of the fight against malicious Internet attacks, protecting organizations worldwide from threats to their websites, services, and reputations.

ITU Arab Regional Cyber Security Center (ITU-ARCC)

ITU Arab Regional Cyber Security Center (ITU-ARCC)

ITU-ARCC acts as ITU’s cybersecurity hub in the Arab Region localizing and coordinating cybersecurity initiatives.

GlobalPass

GlobalPass

Covering 200+ countries with 78 000 databases, GlobalPass provides sophisticated facial biometrics verification and deep screening, delivering peace of mind to every client.

Enterprise Ethereum Alliance (EEA)

Enterprise Ethereum Alliance (EEA)

EEA is a member-led industry organization whose objective is to drive the use of Ethereum blockchain technology as an open-standard to empower ALL enterprises.

Corsha

Corsha

Corsha is on a mission to simplify API security and allow enterprises to embrace modernization, complex deployments, and hybrid environments with confidence.

Reliance Cyber

Reliance Cyber

Reliance Cyber (formerly Reliance ACSN) help to monitor and manage your organisation’s security infrastructure 24/7, so you can make sure all threats and issues are dealt with.

IoTeX

IoTeX

Building the connected world. IoTeX is a fast, secure, and decentralized platform that connects real world devices/data to the blockchain.

Larsen & Toubro Infotech (LTI)

Larsen & Toubro Infotech (LTI)

LTI is a global technology consulting and digital solutions company with operations in 33 countries.

ITProTV

ITProTV

ITProTV is part of the ACI Learning family of companies providing Audit, Cyber, and IT learning solutions for enterprise and consumer markets.

CDS

CDS

CDS is a strategic change agency enabling organisations and businesses to create and build better services to meet the evolving needs of customers, employees and citizens.

SignMyCode

SignMyCode

SignMyCode is a one-stop shop for trusted and authentic code signing solutions to safeguard software.

Iolo

Iolo

Iolo develops patented technology and award-winning software that repairs, optimizes, and protects computers, to maximize system speed and performance while keeping them safe.

StealthMole

StealthMole

StealthMole is a deep and dark web threat intelligence company that delivers a cloud-based, unified platform for digital investigation, risk assessment, and threat monitoring.

Revytech

Revytech

Revytech is a tech company providing services in a broad range of areas including IT operations, cyber security and network engineering.

Blackmere Consulting

Blackmere Consulting

Blackmere Consulting is a Nationwide Technical and Executive Recruiting firm dedicated to Cyber Security and Information Technology.