The developer of WormGPT is selling access to the chatbot, which can help hackers create malware and phishing attacks, according to email security provider SlashNext.
WormGPT Is a ChatGPT Alternative With ‘No Ethical Boundaries or Limitations’::undefined
I work in Cybersecurity for an F100 and we’ve been war gaming for shit like this for a while. There are just so many unethical uses for the current gen of AI tools like this one, and it keeps me up at night thinking about the future iterations of them to be honest.
Treat CVEs as prompts and introduce target fingerprinting to expose CVEs. Gets you one step closer to script kidding red team ops. Not quite, but it would be fun if it could do the network part too and chain responses back into the prompt for further assessment.
We’re expecting multiple AI agents to be working concert on different parts of a theoretical attack, and you nailed it with thinking about the networking piece. While a lot of aspects of a cyber attack tend to evolve with time and technical change, the network piece tends to be more “sturdy” than others and because of this it is believed that extremely competent network intrusion capabilities will be developed and deployed by a specialized AI.
I think we’ll be seeing the development of AI’s that specialize in malware payloads, working with one’s that have social engineering capabilities and ones with network penetration specializations, etc…all operating at a much greater competency than their human counterparts (or just in much greater numbers than humans with similar capabilities) soon.
I’m not really even sure what will be effective in countering them either? AI-powered defense I guess but still feel like that favors the attacker in the end.
I work in Cybersecurity for an F100 and we’ve been war gaming for shit like this for a while. There are just so many unethical uses for the current gen of AI tools like this one, and it keeps me up at night thinking about the future iterations of them to be honest.
Treat CVEs as prompts and introduce target fingerprinting to expose CVEs. Gets you one step closer to script kidding red team ops. Not quite, but it would be fun if it could do the network part too and chain responses back into the prompt for further assessment.
We’re expecting multiple AI agents to be working concert on different parts of a theoretical attack, and you nailed it with thinking about the networking piece. While a lot of aspects of a cyber attack tend to evolve with time and technical change, the network piece tends to be more “sturdy” than others and because of this it is believed that extremely competent network intrusion capabilities will be developed and deployed by a specialized AI.
I think we’ll be seeing the development of AI’s that specialize in malware payloads, working with one’s that have social engineering capabilities and ones with network penetration specializations, etc…all operating at a much greater competency than their human counterparts (or just in much greater numbers than humans with similar capabilities) soon.
I’m not really even sure what will be effective in countering them either? AI-powered defense I guess but still feel like that favors the attacker in the end.