Source: ITPro Today - ChatGPT and Cybersecurity: The Good, the Bad, and the Careful (Publication Date: March 15, 2023)

Despite its benefits, ChatGPT has opened a Pandora’s box of security risks. Here’s what to know about protecting your company from criminal exploitation of AI-based chatbots.

The Good: How Companies Benefit From AI, Done Right

Companies are using AI for many purposes, including improving internal and customer-facing searches and employee productivity. AI usage is expected to grow significantly, with Gartner predicting that by 2025, 30% of outbound marketing messages from organizations will be generated using AI, up from just 2% in 2022.

Randy Lariar, practice director of big data, AI, and analytics at Optiv, notes:

“[ChatGPT] takes things to another level. [You can] ask it anything you’re thinking about and [get] an answer that’s at least as good as an intern or entry-level worker could provide.”

Lariar also points out that ChatGPT can help security and IT professionals:

“Now you’ve got ChatGPT, which takes that same kind of workflow, but you can now talk to it.”

Companies can use AI to strengthen cybersecurity defenses by:

  • Inferring patterns from incomplete or changed data
  • Reducing false positives
  • Identifying and responding to attacks
  • Creating better security detections

The Bad: How AI-powered Chatbots Could Aid Cybercriminals

Despite its benefits, ChatGPT gives threat actors more ways to do harm:

  1. Crafting more convincing phishing emails
  2. Stealing passwords, software codes, and sensitive corporate data
  3. Writing malware and ransomware
  4. Probing and penetrating networks
  5. Circumventing security controls

The Careful: Protecting Organizations From AI-based Threats

To protect against AI-equipped criminal efforts, organizations should consider:

  1. Implementing strong authentication measures
  2. Educating users on responsible AI use
  3. Studying AI frameworks like MITRE ATLAS and NIST’s AI Risk Management Framework
  4. Anticipating new AI-based cybersecurity products

As Lariar suggests:

“We’re still in the early days, but companies that are relying on AI more and more are likely to introduce new attack surfaces.”

The most effective way to combat AI-based threats may be with AI itself, developing tools to evaluate and determine whether content is fake or not.