Is ChatGPT a Cybersecurity Threat? (Debunking Common Misconceptions)
Are you worried about ChatGPT and its potential for criminal use?
You’re not alone. Many business owners - from small shops to large enterprises - look at ChatGPT and wonder: “How will this affect my business?”
And since Intelligent Technical Solutions (ITS) is in the business of keeping your business safe from cyber attacks, we’ve decided to take a closer look at this topic.
We sat down with Ed Griffin, ITS Partner and Cybersecurity Specialist, to clarify why ChatGPT is like Schrodinger's cat of cyber threats: it both is and isn't a threat.
We’ll dive deep into questions like:
- Is ChatGPT a cybersecurity threat?
- What are common cybersecurity misconceptions about ChatGPT?
- How can ChatGPT be used to threaten your cybersecurity?
By the end of this article, you’ll be able to separate fact from fiction and decide for yourself if ChatGPT is a tool to be wary of or a tool to celebrate.
Is ChatGPT a cybersecurity threat?
No, ChatGPT is not a cybersecurity threat, like how a kitchen knife isn’t a murder weapon.
“Firearms, for example, are they inherently evil? I guess arguments can be made that they are, but they require something to act upon that gun to make it do a bad thing,” Griffin said.
So, while ChatGPT can technically be used for nefarious purposes, at the end of the day, someone still needs to sit behind the screen and direct it to cause harm.
We even took to asking it if it is a cybersecurity threat:
However, just because it isn’t inherently made to exploit cybersecurity vulnerabilities, that doesn’t mean it can’t be used to do so.
What are common cybersecurity misconceptions about ChatGPT?
Let’s start by identifying false beliefs about ChatGPT’s capabilities.
1. ChatGPT produces malware.
ChatGPT does not directly produce malware, ransomware, or any code used for bypassing cybersecurity processes.
For example, when asked to write malware, this appeared:
However, this does not mean it can’t write any code for malware or phishing email templates. You just need to phrase it differently and put your own spin on it before sending it out.
“If you know how ransomware works or if you know how a computer exploit works, you know the underlying techniques,” Griffin explained, “you can ask it for that, and it might give you that code.”
2. ChatGPT threatens your privacy.
ChatGPT doesn’t threaten your privacy more than any other free online resource. They do not install anything on your PC that tracks you, and they state that they don’t feed personal or financial information into the learning corpus.
However, they do collect information. You should be as wary of giving your info to them as any other website.
ChatGPT, based on their privacy policy, collects the following information:
- Log Data - IP address, browser type, settings, date & time of requests, how you interacted with the ChatGPT website
- Usage Data - The type of content you engage with, the features you use and the actions you take, time zone, country, dates and times of access, user agent and version, type of computer or mobile device, computer connection, IP address, etc.
- Device Information - Name of the device, operating system, and browser you are using
- Cookies & Online Analytics Products - ChatGPT & their third-party service providers may use cookies to collect information about your browsing activities over time and across different websites following your use of the website.
It’s also important to know that ChatGPT does not respond to “Do Not Track” (DNT) signals and “operates as described in this Privacy Policy whether or not a DNT signal is received.”
3. ChatGPT hacks into your system.
Since ChatGPT is an AI language model, it can’t access or change computer systems, networks, or other digital devices.
How can ChatGPT be used to threaten your cybersecurity?
Despite the general misconceptions surrounding ChatGPT, there’s still some truth to it being a tool cybercriminals use.
Because it’s an easily accessible online tool, hackers also have access to ChatGPT. And there are multiple ways for those hackers to use ChatGPT for cyber threats:
1. Templates for Bad-Faith Actions
Nothing’s stopping hackers from asking for benign templates for emails and codes, then incorporating them into their crime.
“Maybe you could have ChatGPT correct some text for you that essentially is a solicitation email. But that solicitation can be easily adjusted to become the body of a phishing email.” Griffin explained.
If you also know how malware works and avoid trigger words, such as malware, ransomware, and the like, you can find ways around the barriers the ChatGPT team is using to stop hackers from using their program maliciously.
2. Fake Profiles
ChatGPT is also being used as a front by different cyber criminals. There are multiple fake apps and websites out there, using ChatGPT’s logo to collect information and trick consumers into giving their personal and financial information.
3. Information leaks
Lastly, any online communication, including interactions with ChatGPT, may carry a certain level of risk.
Users should take necessary precautions to protect their personal information and sensitive data.
They also have this big disclaimer on their privacy policy:
“You use the Service at your own risk. We implement commercially reasonable technical, administrative, and organizational measures to protect Personal Information [...]. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. [...] In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third party websites.”
The bottom line: ChatGPT boon or bane? .
At the end of the day, is ChatGPT something you should be scared of? Our cybersecurity expert doesn’t think so.
“I'm happy about this,” Griffin said. “I think this is going to be a boon to humanity. But we're in such early days and there is no directly applicable regulation in place.”
The biggest problem with ChatGPT is the lack of broadly accepted ethics. Griffin pointed out that there are proposals and de facto ethical standards, but there isn’t anything that ensures ChatGPT always acts with humanity's best interest in mind and will not allow itself to be subverted to criminal purposes.
But he chooses to believe ChatGPT is a good thing, part of an AI trend that will benefit us as a whole.
Want to improve your company’s cybersecurity features?
Whether a cybercriminal uses ChatGPT or not, they’re still finding ways to exploit any network vulnerabilities. You need to stay on top of your cybersecurity game.
As a Managed IT company with over 20 years of experience helping businesses keep their network safe, we know how crucial it is to be completely aware of your network’s security strengths and weaknesses.
This is why we always recommend starting with a cybersecurity assessment. But if you want to learn more about improving your cybersecurity, take a look at these resources: