Artificial Intelligence

  • 1.  ChatGPT Research

    Posted Jan 24, 2023 07:48:00 AM
    Hi All,

    I would appreciate the community helping us to think through what CSA's approach to research should be in light of the quick uptake of ChatGPT. I know ChatGPT is not unique in the world, but it certainly has reached mainstream and caught the attention of some of the smartest people I follow in our industry. I believe the attention it is currently getting is going to help us build better AI/ML security best practices and I think CSA should put together a white paper in short order as part of a longer term research effort. It seems to me the four dimensions are: 1) How malicious actors can use it to create new and improved cyberattacks, 2) How defenders can use it to improve cybersecurity programs, 3) How it can be directly attacked to produce incorrect or otherwise bad results and finally, 4) How to enable the business to use it securely.

    I appreciate any input you have on how I am framing this and any anecdotes you want to share!


    ------------------------------
    Jim Reavis CCSK
    Cloud Security Alliance
    Bellingham WA
    ------------------------------


  • 2.  RE: ChatGPT Research

    Posted Feb 05, 2023 01:15:00 PM

    The power of language models like ChatGPT to generate coherent and convincing text has the potential to greatly simplify the process of creating malicious code for both beginners and experts alike. This can lead to a higher number of attacks and more sophisticated attacks, which can have serious consequences for individuals, organizations, and society as a whole.

    For beginners, the ability to generate convincing code with little to no prior technical knowledge can make it easier for them to carry out malicious activities, such as writing phishing emails, impersonating others, or spreading misinformation.

    For experts, the ability to use language models to automate and streamline the code-writing process can lead to the creation of more advanced and sophisticated attacks. This can be especially dangerous in the hands of those with malicious intentions, as they can use the power of language models to carry out more effective and efficient attacks.

    This is a potential area of concern that should not be taken lightly, as the ease and speed with which malicious code can now be created has the potential to greatly increase the number and severity of attacks. It's important to be aware of this risk and to take steps to minimize it through responsible use and development of language models, as well as through improved cybersecurity measures.



    ------------------------------
    Satish Govindappa MS-Cybersecurity | MCA | CEH | OSCP
    ------------------------------



  • 3.  RE: ChatGPT Research

    Posted Feb 28, 2023 09:02:00 AM

    Hi Jim. 

    In my opinion, first of all Chat GPT and such language models can significantly ease the development of malicious codes. There are already platforms that allow people to create viruses online. Despite the fact that such viruses are not very sophisticated, it is just a matter of time, when more advanced models will show up. This will lead to a significant increase in the number of cyber attacks. This is real threat.  In terms of protection, language models can provide a range of information and guidance related to cybersecurity that can help individuals and organizations improve their security posture. And here I am curious what Google Bard will offer, as it will use the fresh data from Google's index. 



    ------------------------------
    Joseph Harisson
    IT Companies Network
    Dallas TX
    ------------------------------



  • 4.  RE: ChatGPT Research

    Posted Feb 28, 2023 09:31:00 AM
    I agree with you, Joseph. I think it is up to our industry to be ahead of the curve in understanding its implications.--
    Jim Reavis
    [email protected]
    CEO, Cloud Security Alliance
    +1.360.820.2545



    This e-mail account is used only for work-related purposes; it is not guaranteed that any correspondence sent to this address will be read by the addressee only, as it may be necessary, under certain circumstances, for third parties appointed by the Cloud Security Alliance to access this e-mail account. Please do not send any messages of a personal nature to this address.





  • 5.  RE: ChatGPT Research

    Posted Feb 28, 2023 10:17:00 AM

    Jim, exactly. And staying ahead of the curve, we must prioritize offensive cybersecurity over defensive cybersecurity.



    ------------------------------
    Joseph Harisson
    IT Companies Network
    Dallas TX
    ------------------------------