US security experts have announced five kinds of cyber attacks that exploit ‘GPT-4’. After all, I forgot to say that more types are possible.

Citing a report titled “ChatGPT4 Performs Initial Security Evaluation, Potential Scenarios for Accelerated Cybercrimes,” recently released by Checkpoint Research (CPR) on the twenty eighth (local time), VentureBit said that cybersecurity issues are growing. introduced.

In keeping with this, CPR organized security threats using ‘ChatGPT’ and ‘GPT-4’ into five scenarios. Although there are safeguards to discourage them, some are easily circumvented, allowing non-experts to launch cyberattacks without much difficulty.

The five scenarios identified by CPR are ▲ C++ malware that collects PDF files and sends them via FTP ▲ Phishing mail impersonating a bank ▲ Phishing mail impersonating an organization and sending to employees ▲ PHP reverse shell ▲ Putty that may be executed as a hidden powershell (PuTTY) to download and create a Java program to run.

The rise in phishing emails was cited as the largest problem. Impersonating a bank or company is a chief example.

As well as, ‘PHP reverse shell’ was also identified as a vulnerability. A ‘shell’ is an interface used when using commands and programs. This could possibly be used to realize access to the victim’s device.

Putty is a generic SSH (secure protocol used to connect with distant hosts) and telnet clients. It attacks the system with a Java program that appears normal but is hidden.

CPR actually used ChatGPT to directly direct malicious code and phishing emails to be rejected, and likewise disclosed actual cases of bypassing them.

Nevertheless, it was identified as a giant problem that more things were possible than what was disclosed.

“GPT-4 has many exciting recent features that bring recent powers and possible threats,” said Blackfrog CEO Darren Williams. “The perfect example is that the multimodal capabilities of GPT-4 may be exploited via image input.” said. In other words, when you use a way called ‘Steganography’, you possibly can easily exploit GPT-4 by including malicious code in common files akin to photos.

Nevertheless, he also emphasized that it will not be an issue with GPT-4 or ChatGPT, but with users.

“ChatGPT doesn’t pose any security threat by itself,” said Hector Ferran, vp of AI at Bluewillow.

To stop this, it’s obligatory to take precautionary measures to forestall misuse, akin to investigating and stopping cyber attacks through AI, in addition to adding appropriate safeguards to AI.

“In doing so, we maximize the advantages of AI while mitigating potential risks,” he said.

Reporter Lim Dae-jun ydj@aitimes.com