The way it operates is based on a language model with more than 175 million parameters, trained with large amounts of text to perform language-related tasks, from translation to text generation, using artificial intelligence algorithms ( AI) as Natural Language Processing #NPL, among others.
This makes ChatGPT a generative AI, capable of replicating a person’s way of thinking, thus creating content, and although this technology developed by the Open AI company can translate into endless benefits, it brings with it significant challenges at the security, just like any emerging technology operating in cyberspace.
cybercrime
Let’s imagine for a moment that a cybercriminal wants to send a phishing email to an employee, pretending to be the manager of an organization, the employee can easily use AI-based technology to not only create the template, but also to simulate the writing of another person.
Although the tool has restrictions to prevent its use for criminal purposes, there are cases where it can be evaded to generate malicious code, find and exploit security holes and distribute malware, in addition to being combined with other AI-based tools to perform Voice DeepFake and simulate the voice of a person (a director or a CEO) to commit fraud.
Couple this with the fact that it could reduce the skill-based cost of entry for new attackers, by automatically performing some tasks required by less-skilled cybercriminals, and the risks are enormous.
To do?
However, there are ways to keep ourselves safe, in this scenario today it is more important than ever to adhere to good cybersecurity practices.
It is crucial to be aware of the risks through basic awareness training and training on topics related to the threat landscape, its advances and how to avoid being victims of any fraud attempt of any kind.
In addition to promoting good cyber hygiene practices among our collaborators and relatives.
For organizations, it is important to make sure to design a comprehensive cybersecurity plan that involves every member of the organization, regardless of their role or area, because as we always say at Fortinet, “cybersecurity is a job that corresponds to everyone and the first line of defense is always the human factor”.
Additionally, it is advisable to leverage technology using “zero trust” oriented approaches that include multifactor user authentication, endpoint detection and response (EDR) solutions, having a Digital Risk Monitoring service and an Incident Response plan. .